Permission Management

Here:

• • • -  : Indicates a regular file (or d for directories, l for symbolic links, etc.).
    • rwx : Permissions for the owner.
    • r-x : Permissions for the group.
    • r-- : Permissions for others.
  • Each permission can also be represented numerically as :
    • Read = 4, Write = 2, Execute = 1.
    • Example: rwx = 7 (4+2+1), rw- = 6 (4+2), r-- = 4.

Managing Linux Permissions

• Basic permissions can be managed using the chmod, chown, and chgrp commands.

Changing Permissions

• • Using Symbolic Permission Method

    • To Add permission: chmod u+x file (adds execute for the owner).
    • To Remove permission: chmod g-w file (removes write for the group).
    • To Set specific permission: chmod o=rw file (sets read and write for others).

  • Using the Numeric Permission Method

    • Example: chmod 755 file (Owner: rwx, Group: r-x, Others: r-x).

Changing Ownership

• • Change file owner: chown username file.
  • Change file group: chgrp groupname file.
  • Change both: chown username:groupname file.

Advanced Linux Permissions

• Advanced permissions provide greater flexibility for securing files and directories. These include special bits and ACLs (Access Control Lists).

Using Special Permission Bits

1. • SetUID (s):

     • This allows a program to execute with the permissions of its owner.
     • This special bit is commonly used for programs needing elevated privileges (e.g., passwd).
     • For example : chmod u+s file (adds SetUID).

   • SetGID (s):

     • This ensures files created in a directory inherit the group ownership of the directory.
     • This is useful for collaborative environments.
     • For Example : chmod g+s directory.

   • Sticky Bit (t):

     • This is used on directories to restrict file deletion.
     • Only the file owner or directory owner can delete files, regardless of other permissions.
     • For example : chmod +t directory.

Access Control Lists (ACLs)

• • ACLs provide fine-grained control by allowing permissions to be set for specific users or groups.
    • To view ACL : getfacl file.
    • To modify ACL : setfacl -m u:username:rw file (grants read/write to a user).
    • To remove ACL : setfacl -x u:username file.

Managing Advanced Linux Permissions

Enabling and Managing Special Bits

• • To SetUID : chmod 4755 file.
  • To SetGID : chmod 2755 file.
  • To Sticky Bit : chmod 1755 directory.

Managing ACLs

• • To Set Default ACL: setfacl -d -m u:username:rwx directory (applies to new files within a directory).
  • To Set Recursive ACL: setfacl -R -m g:groupname:rw directory.

Managing umask

• The umask determines the default permissions for newly created files and directories.

Understanding umask

• • Default permissions before applying umask:
    • For Files: 666 (read and write for all).
    • For Directories: 777 (read, write, and execute for all).
  • umask subtracts permissions from the default.
    • Example: A umask of 022 results in:
      • Files: 644 (666 – 022).
      • Directories: 755 (777 – 022).

Viewing and Setting umask

• • To view current umask: umask(press enter).
  • To set umask: umask 027 (sets default permissions to 640 for files and 750 for directories).

Permanent umask Setting

• • To make the umask permanent, add it to the shell configuration file, for example :
    • For Bash shell : ~/.bashrc or ~/.bash_profile.
    • For Zsh shell : ~/.zshrc.

Thus, simply we can say that this comprehensive framework ensures robust and flexible permissions management in Linux.

Summary of Commands Used in Permission Management in Linux