Linux basics
Command-line interface (part 7)
File permissions
Linux is a copy of UNIX, the multi-client operating framework which can be accessed by numerous clients all at the same time. Linux can likewise be used in centralized computers and servers with no alterations.
Be that as it may, this raises security worries as a spontaneous or malicious user can degenerate, change, or delete crucial information. For viable security, Linux divides authorization into two levels: Ownership and Permission.
Ownership: Linux frameworks relegate three user-based types of owners to each document and directory.
1. User/Owner: A user is the proprietor of the document. Naturally, the individual who created a record turns into its owner. Subsequently, a user is additionally at times called an owner.
2. Group: A user group can contain various clients. All clients having a place with a group will have similar access consents to the record.
3. Other: This individual has neither created the record nor has a place with a user group who could claim the document. It implies every other person.
- “id”-identity: At the point when client records are made, clients are allotted a number called a user ID or “uid” which is at that point, for the sake of the humans, mapped to a username. The client is allotted a primary group ID or “gid” and may have a place with another group. To find out information about the user identity, use the “id” command.
Ex: (kali@kali:~$ id)
Permission: Each record and directory in your Linux framework has the following three permissions characterized for the entire three owners we mentioned above.
1. Read (r): This permission authorizes you to open and read the file. Read permission on a folder lets you list its content.
2. Write (w): The write permission authorizes to modify the contents of the file. The write permission on a directory lets you add, remove, and rename files stored in the folder.
3. Execute (x): In Windows, an executable program usually has an extension “.exe” and which you can efficiently run. In Linux, you cannot run an application unless the “execute” permission applied. If the permission for the document is not set, you might still be able to view and modify the program code, but not run it.
Ex: (kali@kali:~$ ls –l)
The first ten characters of the posting are the document attributes. The first of these characters is the document type. Here are some document types you might continuously see:
“-” stands for a regular file,
“d” stands for the directory,
“l” stands for the symbolic link,
“c” stands for a character file,
“b” stands for a block file.
- “chmod”– change mode: The “chmod” operator is utilized to change the authorizations of a document or registry. To use it, you indicate the ideal permission settings and the document or records that you wish to modify. There are two different ways to specify the permissions mode: Absolute (Numeric) mode and Symbolic mode.
Absolute (Numeric) mode — In this mode, document authorizations are not represented as characters but a three-digit octal number. So, the permission types for the documents and directories would be as follows:
r w x = 7 Read + Write +Execute
r w – = 6 Read + Write
r -x = 5 Read + Execute
r – -= 4 Read
-w x = 3 Write + Execute
-w – = 2 Write
–x = 1 Execute
—= 0 No permission
On the off chance that you represent every one of the three arrangements of permissions (owner, group, and other) as a single digit, you have a genuinely advantageous method for communicating the potential authorizations settings. For instance, if we needed to set a particular file to have read and written authorization for the owner, yet required to keep the record private from others, we would use the following command:
Ex: (kali@kali:~/Downloads$ chmod 600 HelloWorld)
Symbolic mode — In the symbolic mode, you can change the permissions of a particular owner by utilizing mathematical symbols. For instance, to add permission to a file or directory use the “+” sign, remove permission, use the “-” sign, to set and override permissions use the “=” sign. We can also represent various owners by their group name initials: “u” for user or owner, “g” for the group, “o” for other, and “a” for all.
Ex: (kali@kali:~/Downloads$ chmod o+x HelloWorld)
- “chown”-change ownership: This command is utilized to change the owner and group owner of a document or directory. “chown” can change the file owner and the file group owner depending on the first argument of the command. For example, “chown david filename.txt” will change the ownership of the file from its current owner to the user “david.” “chown david:users filename.txt” will change the ownership of the file from its current owner to user “david” and changes the filegroup owner, to group “users.” “chown:admins filename.txt” will change the group owner to the group “admins” and the file owner will not be changed. “chown david: filename.txt” will change the file owner from the current owner to user “david” and changes the group owner to the login group of user “david.”
Ex: (root@kali:~/Downloads# chown david HelloWorld)
- “chgrp”-change group ownership: In more traditional forms of Unix, the “chown” operator only changed file ownership, not group ownership. For that reason, a different command, “chgrp” was utilized. It works similarly to “chown,” except for being progressively limited.
Ex: (root@kali:~/Downloads# chgrp david HelloWorld)
- “umask”: When creating a document or directory, a lot of default permissions are applied. The “umask” operator dictates these default authorizations. It indicates authorizations that you don’t need to set on by default.
Ex: (root@kali:~/Downloads# umask)
