Monday, 12 December 2011

### File Types - Permissions - Symlinks ###

 1. The ability to restrict/control access to files
Note: 10 bits represent permissions for files (including directories)
Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'
-rwxrwxr-x 1 linuxcbt linuxcbt  681 Jan 13 11:31 regextest.pl
1st bit = file type. '-' = file, 'd' = directory
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
Task:
 1. Manipulate file permissions using 'chmod'
  a. chmod -x regextest.pl
-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)
Octal notation: 664 for file 'regexetest.pl'
chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users

 2. Ensure that 'regextest.pl' is rw by owner and noone else
 a. chmod 600 regextest.pl
Note: File will now be rw by owner (linuxcbt) and 'root'
 3. Ensure that 'regextest.pl' is r by owner and noone else
 a. chmod 400 regextest.pl && ls -l regextest.pl
Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file
chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file
chmod a+rwx = chmod 777

chown - permits changing of ownership of files
 a. chown root regextest.pl - changes ownership to 'root'
 b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'
Task:
 Update 'regextest.pl' so that owner and group owner may modify the file
 a. chmod 660 regextest.pl

SETUID:
 Features:
  1. ability to execute file as owner
chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 13 16:08 regextest.pl
's' in the execute position means that the program will execute as that user

SETGID:
 Features:
  1. Ability to enforce permissions to a directory structure
mkdir /sales
chmod 2775 /sales
Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt

chgrp:
 Permits updating of group permissions

Sticky Bit:
 Features:
  1. Ability to ensure that users cannot delete others' files in a directory
drwxrwxrwt 23 root root 4096 Jan 13 15:05 /tmp/

/tmp - users cannot delete other user's files in '/tmp'
chmod 3777 /sales - ensures that /sales will not lose files from incorrect users
Task:
 1. Set '/sales' using sticky bit and test
  a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales

No comments:

Post a Comment