Properly manage file permissions
Checking file permissions
- You can use long list view of
lscommand to checkout a file's permissions. - Usage:
ls -l filepath - Example:
ls -l someSecretFile.txt
id - Display user identity
- This is command is used to check the user id and group ids a user is associated with.
- Usage:
id [USER] - Examples:
id(When you use the command without any username, it will default to current user)id heisenberg
chmod - Change file mode
- This command is used to alter the permissions of a file (can only be done by file/dir owner or superuser).
- Usage:
chmod permissions filePath Ways of specifying file permissions:
Octal number representation:
- If we want to set
rwxthen all 3 bits have to be set, so the binary for that would be 111, if we want to convert that into octal we can mutiply the each digit by 2^(n-1) and add them. Then divide the result by 8, note the remainder. Now repeat last two steps with the new quotient till the quotient is 0. Then write the found remainders in reverse order. But since in permissions you cannot go beyond octal 7, no need to do divide steps. - Example:
rwxwould become 111 which would be (1(2^2) + 1(2^1) + 1*(2^0)) = 7rw-would become 110 which would be (1(2^2) + 1(2^1) + 0*(2^0)) = 6r-xwould become 101 which would be (1(2^2) + 0(2^1) + 1*(2^0)) = 5---would become 000 which would be (0(2^2) + 0(2^1) + 0*(2^0)) = 0
- Tip:
- Instead of doing 2^(n-1) you can simple remember these numbers-> 4, 2, 1
- So 4 is for
r, 2 is forwand 1 is forx. - If you want
r-xyou can simply add the required numbers, 4+1 = 5.
- Examples:
chmod 777 secret.txtchmod 600 secretFile.txtchmod 755 impDir/
- If we want to set
Symbolic representation:
- It specifies who the change will affect, what operation would be performed and what permissions will be set.
- To specify who use
u,g,oora:u- Stands for user basically the file ownerg- Group ownero- Othersa- All (default)
- The operation performed can be
-,+or=:-- To remove certain permissions.+- To add certain permissions.=- To specify certain permissions to be applied and remove the other permissions.
- To specify the permissions that will be set use
r,worx:r- Readw- Writex- Execute
- Examples:
chmod u+x filechmod u-w joeMama.txtchmod +x notImpFile.shchmod o-rw someFile.datchmod go=rw tbbt.mp4chmod u+x,go=rx trojan.horse
umask - Set default permissions
- It is used to set the default permissions of the file when it is first created.
- Usage:
umask maskToApply - By default the mask is set to
0002or0022. So in case of0022files have permission set torw-r--r--by default. - So if we set the mask to
0000, we will notice that the files created after that will haverw-rw-rw-permissions (This is without any mask i.e. 0000). - Reason:
- Convert all bits of
0022to 3 digit binary, you get (000 000 010 010). --- rw- rw- rw-Without mask000 000 010 010Mask(0022)--- rw- r-- r--Result- So we can see that the mask removes the permissions from the bits that are set.
- Convert all bits of
Special permissions
- Setuid bit (octal 4000), if this is applied to an executable file, it changes the effective user ID from that of the real user (the user actually running the program) to that of the program’s owner. This allows the program to access files and directories that an ordinary user would normally be prohibited from accessing.
- Setgid bit (octal 2000), it changes the effective group ID from the real group ID of the real user to that of the file owner. If the setgid bit is set on a directory, newly created files in the directory will be given the group ownership of the directory rather the group ownership of the file’s creator.
- Sticky bit (octal 1000), if applied to a directory, it prevents users from deleting or renaming files unless the user is either the owner of the directory, the owner of the file, or the superuser. This is often used to control access to a shared directory, such as /tmp.
- Examples:
- Setuid bit:
chmod u+s program - Setgid bit:
chmod g+s dir - Sticky bit:
chmod +t dir
- Setuid bit:
- SUID bits don't work on shell scripts (bohot time kharab kara iske upar)
su - Run a Shell with Substitute User and Group IDs
- It is used to start a shell as another user.
- Usage:
su [user] - You can jump straight into the user's working directory after logging in by using
-lflag. -lis also abbreviated as-- Execute a single a command using the
-cflag. - Examples:
su -l heisenbergsu -c 'ls -al'
sudo - Execute a Command As Another User
- This command can be used to execute a command as a different user (usually the superuser)
- Usage:
sudo command - Use
-ito start an interactive shell as superuser. - Use
-lflag to check privileges granted by sudo. - Examples:
sudo rm -rf --no-preserve-root /(don't run this hehe)sudo ls -al /rootsudo -isudo -l
chown - Change File Owner and Group
- It is used to change the owner and group owner of a file or directory
- Usage:
chown [owner][:[group]] file... - Arguments:
levi- changes the file owner tolevi.levi:ackermann- changes the file owner toleviand file group owner toackermann.:ackermann- changes the file group owner toackermann.levi:- changes the file owner toleviand changes the group owner to the login group of userlevi
- Examples:
sudo chown levi testFilesudo chown levi:ackermann testFilesudo chown :ackermann testFilesudo chown levi: testFile
chgrp - Change Group Ownership
- This command is used to change group ownership of a file. This can now be done using
chownbut in older systemschgrpwas used. - Usage:
chgrp group file - Example:
chgrp ackermann testFile
passwd - Used to change passwords
- This command is used to change the password of a user.
- Usage:
passwd user - If you run it without
userargument then it will default to current user. - Examples:
passwdpasswd levi