How to Manage File Permission in Unix
Managing Unix file permissions
1. File Principles in Unix: generic
Rights management is done according to Unix file in three directions: the right reading (Read), write access (Write) and law enforcement (execute).
- The right to read can read the content a.
- The right of writing allows modification and deletion of a file.
- The right of execution on binaries or shell can launch the program.
In digital version:
Read = 4
Write = 2
execute = 1
Applied to a directory, these definitions are significantly different.
r - Read - The file can be read - The directory can be listed (example: Get the files in this directory with the ls command)
w - WRITE - The contents of the file can be modified or its attributes changed - In the directory, you can delete, create or edit a file
x - execute - The file can be executed - We can enter this directory, which becomes your current directory
Each of these rights are attributed to three types of people: the owner (owner or UID), group (GID group) and the rest of the world (other).
1.2. Implementation with an example
So, I have a file: test.xml, containing my recipes.
These are the permissions of the file
test.xml ls-rwxr-xr - 1 sl 200 friends test.xml Sep 23 4:44 p.m
The first "-" does not concern us, it is the type of file. (Eg d = directory)
Then there are three sets of three letters beginning with r:
rwx: Rights of the owner: sl => The user has the rights sl reading, writing and executing the file.
rx: Rights the group: friends => Everyone in this group has rights to friends and reading performance.
r -: The rights of the rest of the world => The others have just the right reading.
If you want to change the file permissions, the command "chmod" is present.
It is used as
myfile chmod XYZ
Here X, Y and Z are respectively the rights (digital) of the owner, group and the rest.
How to calculate X? In summing up the rights you want granted.
rwx = 4 +2 +1 = 7 rw- = 4 + 2 = 6 r-x = 4 +1 = 5 --- = 0
For setting permission "rwxr", here is the command
chmod 740 MyFile
chmod u + rw MyFile
In the first letter, you insert the type of person to change. Then with the + or - you describe respectively, an add operation of law or a withdrawal operation. It only remains to give the rights impacted by letters r, w, x.
The owner of the file - u Group File - g The rest of the world - o Everyone - has
Re: How to Manage File Permission in Unix
1.3. Special case: setuid and setgid
The setuid and setgid are two attributes that modify the rights of the process created by executing the file. If setuid is enabled when the file is executed by a user, the process has the same rights as the owner of the file during the execution. For the setgid, you have guessed it was a legacy of group rights, not the owner of the file.
To activate, you simply add or remove the flag "s" on the owner or group.
chmod u + s myfile
ls-l myfile-rwsrw-r - 1 sl 200 friends myfile Sep 23 4:44 p.m.
chmod g + s myfile2
ls-l-myfile2 rwxrwsr - 1 sl 200 friends myfile2 Sep 23 4:44 p.m.
This simple and effective solution contains a large limit, the management of rights by user or group.
2. ACLs on Linux (POSIX)
Take a hard case with the soluble system generic rights to illustrate:
Suppose I have a file example.txt, which includes gift ideas for birthdays:
Here are the permission
example.txt ls-sl ---- 1 rwxrw 120 friends example.txt Sep 23 5:44 p.m
There are two prerequisites:
- The kernel supports ACLs.
- The file system is mounted with the acl option:
from / etc / fstab / Dev/hda6 / home ext3 defaults, acl 0 2
2.2. Attributing LCD
There are two basic commands to manage ACL: setfacl and getfacl
For all examples, we start from a following file:
sl @ testuser: / home / TEST $ ls-lrt total 4-rwxr-x --- 1 sl sl 209 2009-11-30 4:59 p.m. test.xml
Adding a mask total
setfacl-mm:: rwx myfile
'Type of person': 'someperson': 'right rwx'
setfacl-mu: pm:-rw myfile
sl @ testuser: / home / TEST $ ls-lrt total 4-rwxr-x --- + 1 sl sl 209 2009-11-30 4:59 p.m. test.xml
sl @ testuser: / home / Test $ getfacl test.xml # file: test.xml # owner: sl # group sl user:: rwx user: pm: rw-group:: rx mask:: rwx other:: - -
You also find your mask: mask:: rwx user and one pm: rw-
Let's see the interest mask. My desire to delete all users (besides me, the owner), the law in writing. I remove the write permission in the mask.
sl @ testuser: / home / Test $ setfacl-mm:: rx test.xml sl @ testuser: / home / Test $ getfacl test.xml # file: test.xml # owner: sl # group sl user:: rwx user pm: rw-# effective r - group:: rx mask:: rx Other ::---
Deleting a user
sl @ testuser: / home / TEST $ setfacl-xu pm test.xml sl @ testuser: / home / TEST $ getfacl test.xml getfacl test.xml # file: # test.xml owner: sl # group sl user: : rwx group:: rx mask:: rx Other ::---
sl @ usr: / home / TEST $ setfacl-b @ sl test.xml usr: / home / TEST $ getfacl test.xml # file: # test.xml owner: sl # group sl user:: rwx group:: rx Other ::---
Rights Management Unix generic form should be well known to all, first for security issues but also privacy, partly because it is fundamental in the handling / using files. Today it is used in Linux and even other UNIX ACLs are yet to implement a simple and quite at hand to bring any administrator or user. I strongly advise you to put in place at least initially at the / home, what kind of rights is often appreciated by users.
|Tags: execute mode, file permission, how to, read mode, unix, write mode|
|Thread Tools||Search this Thread|
|Similar Threads for: "How to Manage File Permission in Unix"|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Manage Add-ons - Add-ons that run without requiring permission||Miambi||Windows XP Support||6||09-03-2012 03:46 AM|
|Windows 7 error: "You need permission to perform this action. You require permission from PCNAME-PC\USERNAME to make changes to this file."||Nuryn||Operating Systems||3||20-03-2011 06:40 AM|
|File system Security of UNIX||HoGaN 77||Networking & Security||4||04-11-2010 06:07 AM|
|Manage Permission on MS Project 2007||pshetty||Windows Software||4||06-10-2009 11:22 PM|
|How to find file modified in unix||Yancy||Operating Systems||3||23-05-2009 06:21 PM|