1. Introduction
The Linux security model is based on the one used on UNIX operating systems. On a Linux system, every file is owned by a user and a group user. There is also a third category of users, those that are not the user owner and don't belong to the group owning the file. For each category of users, read, write and execute permissions can be granted or denied.
The file permissions for these three user categories are indicated by the nine characters that follow the first character, which is the file type indicator at the beginning of the file properties line. The first three characters in this series of nine display access rights for the actual user that owns the file. The next three are for the group owner of the file, the last three for other users.
The permissions are always in the same order: read, write, execute for the user, the group and the others.
Examples:
# ls -l test
-rwxrwxr-- 1 adi users 14209 May 7 12:34 test
User "adi" or users belonging to the group users can read, write (change, move, delete) and execute the file. All other users are only allowed to read this file, but they can't write or execute it.
2. Access codes
- Access mode codes
0 or - The access right that is supposed to be on this place is not granted.
4 or r Read access is granted to the user category defined in this place. In the case of a directory, this would mean the ability to list the contents of the directory.
2 or w Write permission is granted to the user category defined in this place. In the case of a directory, this defines whether you can make any changes to the contents of the directory. If write permission is not set then you will not be able to delete, rename or create a file.
1 or x Execute permission is granted to the user category defined in this place. In the case of a directory, this attribute decides whether you have permission to enter, run a search through that directory or execute programs from that directory.
- User group codes
u user permissions
g group permissions
o permissions for others
This straight forward scheme is applied very strictly, which allows a high level of security even without network security. Among other functions, the security scheme takes care of user access to programs, it can protect sensitive data such as home directories and system configuration files.
You should know what your user name is. If you don't, it can be displayed using the id command, which also displays the default group you belong to and eventually other groups of which you are a member:
$ id
uid=1000(adi) gid=1000(adi) groups=4(adm),20(dialout),24(cdrom),46(plugdev),104(lpadmin),115(admin),120(sambashare),1000(adi)
Your user name is also stored in the environment variable USER and you can use "echo" command to display it:
$ echo $USER
adi
3. Tools
- Setting permissions: the chmod command
A normal consequence of applying strict file permissions is that access rights will need to be changed for all kinds of reasons. We use the chmod command to do this, and eventually to chmod has become an almost acceptable English verb, meaning the changing of the access mode of a file. The chmod command can be used with alphanumeric or numeric options, whatever you like best.
# chmod =u+rwx,g+rx,o+r test
OR
# chmod 754 test
Examples:
chmod 400 file - To protect a file against accidental overwriting.
chmod 500 dir - To protect yourself from accidentally removing, renaming or moving files from this directory.
chmod 600 file - A private file only changeable by the user who entered this command.
chmod 644 file - A publicly readable file that can only be changed by the issuing user.
chmod 660 file - Users belonging to your group can change this files, others don't have any access to it at all.
chmod 700 file - Protects a file against any access from other users, while the issuing user still has full access.
chmod 755 dir - For files that should be readable and executable by others, but only changeable by the issuing user.
chmod 775 file - Standard file sharing mode for a group.
chmod 777 file - Everybody can do everything to this file.
If you enter a number with less than three digits as an argument to chmod, omitted characters are replaced with zeros starting from the left. There is actually a fourth digit on Linux systems, that precedes the first three and sets special access modes.
- The file mask: umask (shell buildin command)
When a new file is saved somewhere, it is first subjected to the standard security procedure. Files without permissions don't exist on Linux. The standard file permission is determined by the mask for new file creation. The value of this mask can be displayed using the umask command:
$ umask
0002
Instead of adding the symbolic values to each other, as with chmod, for calculating the permission on a new file they need to be subtracted from the total possible access rights. In the example above, however, we see 4 values displayed, yet there are only 3 permission categories: user, group and other. The first zero is part of the special file attributes setting.
Each UNIX-like operating system has a system function for creating new files, which is called each time a user uses a program that creates new files, for instance, when downloading a file from the Internet, when saving a new text document and so on. This function creates both new files and new directories. Full read, write and execute permission is granted to everybody when creating a new directory.
When creating a new file, this function will grant read and write permissions for everybody, but set execute permissions to none for all user categories. This, before the mask is applied, a directory has permissions 777 or rwxrwxrwx, a plain file 666 or rw-rw-rw-.
The umask value is subtracted from these default permissions after the function has created the new file or directory. Thus, a directory will have permissions of 775 by default, a file 664, if the mask value is (0)002. This is demonstrated in the example below:
$ mkdir new_directory
$ ls -ld new_directory
drwxrwxr-x 2 adi adi 4096 May 7 12:45 new_directory/
$ touch new_file
$ ls -l new_file
-rw-rw-r-- 1 adi adi 0 May 7 12:46 new_file
The root user has stricter default file creation permissions:
# umask
0022
- Changing user and group ownership: chown and chgrp
When a file is owned by the wrong user or group, the error can be fixed with the chown (change owner) and chgrp (change group) commands. Changing file ownership is a frequent task in environments where files need to be shared in a group.
The chown command can be applied to change both user and group ownership of a file, while chgrp only changes group ownership. Of course the system will check if the user issuing one of these commands has sufficient permissions on that file(s).
In order to only change the user ownership of a file using chown, use this syntax:
# chown user filename
If you use a colon after the user name (see the Info pages), group ownership will be changed as well, to the primary group of the user issuing the command. On a Linux system, each user has his own group, so this form can be used to make files private:
$ id
uid=1000(adi) gid=1000(adi) groups=4(adm),20(dialout),24(cdrom),46(plugdev),104(lpadmin),115(admin),120(sambashare),1000(adi)
$ ls -l document.doc
-rw-rw-r-- 1 adi admin 22715 May 7 14:34 document.doc
$ chown adi: document.doc
$ chmod o-r document.doc
$ ls -l document.doc
-rw-rw---- 1 adi adi 22715 May 7 14:34 document.doc
$ chgrp admin document.doc
$ chmod o+r document.doc
$ ls -l document.doc
-rw-rw---- 1 adi admin 22715 May 7 14:34 document.doc
Both chown and chgrp can be used to change ownership recursively, using the -R option. In that case, all underlying files and subdirectories of a given directory will belong to the given user/group.
4. Special Modes
There are three special modes:
- Sticky bit mode: After execution of a job, the command is kept in the system memory. Originally this was a feature used a lot to save memory, but these days memory is inexpensive, so it is not used anymore for its optimizing capabilities on single files.
When applied to an entire directory, however, the sticky bit has a different meaning. In that case, a user can only change files in this directory when is the user owner of the file or when the file has appropriate permissions. This feature is used on directories like /var/tmp, that have to be accessible for everyone, but where it is not appropriate for users to change or delete each other's data.
The sticky bit is indicated by a t at the end of the file permission field:
# ls -ld /var/tmp
drwxrwxrwt 19 root root 8192 May 7 13:37 /var/tmp/
The sticky bit can be set using the chmod command and can be set using its octal mode 1000 or by its symbol t :
# chmod o+t directory
- SUID (set user ID) and SGID (set group ID) are access rights flags that allow users to run an executable with the permissions of the executable's owner or group.
- SGID (set group ID) on a directory: in this special case every file created in the directory will have the same group owner as the directory itself (while normal behavior would be that new files are owned by the users who create them). This way, users don't need to worry about file ownership when sharing directories:
# ls -ld /opt/shares
drwxrws--- 4 root users 4096 May 7 13:57 shares/
# ls -l /opt/shares
-rw-rw---- 1 adi users 76239 May 7 13:58 document.doc
This is the standard way of sharing files in UNIX.
NOTE 1: Existing files are left unchanged.
NOTE 2: Files that are being moved to a SGID directory but were created elsewhere keep their original user and group owner.