Go Back   TechArena Community > ARENA > Guides & Tutorials
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



How to Manage File Permission in Unix

Guides & Tutorials


Reply
 
Thread Tools Search this Thread
  #1  
Old 17-06-2010
Member
 
Join Date: Feb 2010
Posts: 136
How to Manage File Permission in Unix
  

Managing Unix file permissions

1. File Principles in Unix: generic
1.1. Rationale


Rights management is done according to Unix file in three directions: the right reading (Read), write access (Write) and law enforcement (execute).
- The right to read can read the content a.
- The right of writing allows modification and deletion of a file.
- The right of execution on binaries or shell can launch the program.

In digital version:
Read = 4
Write = 2
execute = 1


Applied to a directory, these definitions are significantly different.
r - Read - The file can be read - The directory can be listed (example: Get the files in this directory with the ls command)

w - WRITE - The contents of the file can be modified or its attributes changed - In the directory, you can delete, create or edit a file

x - execute - The file can be executed - We can enter this directory, which becomes your current directory

Each of these rights are attributed to three types of people: the owner (owner or UID), group (GID group) and the rest of the world (other).

1.2. Implementation with an example

So, I have a file: test.xml, containing my recipes.
These are the permissions of the file

Code:
test.xml ls-rwxr-xr - 1 sl 200 friends test.xml Sep 23 4:44 p.m
See the above output carefully.
The first "-" does not concern us, it is the type of file. (Eg d = directory)

Then there are three sets of three letters beginning with r:
rwx: Rights of the owner: sl => The user has the rights sl reading, writing and executing the file.
rx: Rights the group: friends => Everyone in this group has rights to friends and reading performance.
r -: The rights of the rest of the world => The others have just the right reading.

If you want to change the file permissions, the command "chmod" is present.
It is used as
Code:
myfile chmod XYZ
Note: When you change the permissions of a directory and you want all the files contained in it has the same rights, use the-R option (for recursive).

Here X, Y and Z are respectively the rights (digital) of the owner, group and the rest.

How to calculate X? In summing up the rights you want granted.
Code:
rwx = 4 +2 +1 = 7 
rw- = 4 + 2 = 6 
r-x   = 4 +1 = 5 
---  = 0
(Y and Z are calculated in the same way)

For setting permission "rwxr", here is the command
Code:
chmod 740 MyFile
If the mathematics do not seem very meaningful, there is a literary means to give the rights:
Code:
chmod u + rw MyFile
This will add read and write to the owner

In the first letter, you insert the type of person to change. Then with the + or - you describe respectively, an add operation of law or a withdrawal operation. It only remains to give the rights impacted by letters r, w, x.
Code:
The owner of the file - u
Group File - g
The rest of the world - o
Everyone - has

Reply With Quote
  #2  
Old 17-06-2010
Member
 
Join Date: Feb 2010
Posts: 136
Re: How to Manage File Permission in Unix

1.3. Special case: setuid and setgid
The setuid and setgid are two attributes that modify the rights of the process created by executing the file. If setuid is enabled when the file is executed by a user, the process has the same rights as the owner of the file during the execution. For the setgid, you have guessed it was a legacy of group rights, not the owner of the file.


To activate, you simply add or remove the flag "s" on the owner or group.
Added setuid
Code:
chmod u + s myfile
We observe:
Code:
ls-l myfile-rwsrw-r - 1 sl 200 friends myfile Sep 23 4:44 p.m.
Added setgid
Code:
chmod g + s myfile2
We observe:
Code:
ls-l-myfile2 rwxrwsr - 1 sl 200 friends myfile2 Sep 23 4:44 p.m.
1.4. Limit System
This simple and effective solution contains a large limit, the management of rights by user or group.

2. ACLs on Linux (POSIX)
2.1. Contribution


Take a hard case with the soluble system generic rights to illustrate:
Suppose I have a file example.txt, which includes gift ideas for birthdays:
Here are the permission
Code:
example.txt ls-sl ---- 1 rwxrw 120 friends example.txt Sep 23 5:44 p.m
Unfortunately, this belongs to the group "friends". I can not afford to remove the group just for a file, it will exist primarily impacts on other files. Create another group without it? What complications! The solution lies in the addition of users and / or groups with basic rights (rwx). Thus, I can specify an ACL that will remove his right to this users reading, even if it belongs to friends

2.1. Prerequisites
There are two prerequisites:
- The kernel supports ACLs.
- The file system is mounted with the acl option:
from / etc / fstab / Dev/hda6 / home ext3 defaults, acl 0 2


2.2. Attributing LCD
There are two basic commands to manage ACL: setfacl and getfacl
For all examples, we start from a following file:
Code:
sl @ testuser: / home / TEST $ ls-lrt total 4-rwxr-x --- 1 sl sl 209 2009-11-30 4:59 p.m. test.xml
setfacl allows you to edit the list of rights monitor. You can withdraw as add. First and foremost, you must initialize a "mask". If the mask does not exist, you can not add ACL rules . Only operations allowed in this mask will be active. So if you put a mask -rw, no person may conduct the execution, even if you allow it. Conversely, if the mask is "rwx" and want to prevent all persons affected by the Write right to perform a write operation, you simply change the mask rx.

Adding a mask total
Code:
setfacl-mm:: rwx myfile
Let this command to examine the syntax of setfacl. The argument-m allows you to add an LCD, unlike x-removal.
Code:
'Type of person': 'someperson': 'right rwx'
Moreover, the second argument holds that structure, there are 2 types of people (outside of the mask "m"): "u" for user and "g" for a group. So to add the user, rights Reading and writing a file:

Mask part
Code:
setfacl-mu: pm:-rw myfile
When you change the permissions of a directory and you want all files in that it has the same rights, use the-R option (for recursive). When I do a ls-l of my file, I realize a small change:
Code:
sl @ testuser: / home / TEST $ ls-lrt total 4-rwxr-x --- + 1 sl sl 209 2009-11-30 4:59 p.m. test.xml
The small + indicates that the file has ACL rights. To view the human ACL, use the command getfacl.

Order getfacl
Code:
sl @ testuser: / home / Test $ getfacl test.xml # file: test.xml # owner: sl # group sl user:: rwx user: pm: rw-group:: rx mask:: rwx other:: - -
Lines user:: rwx, sauf ::--- and group:: rx correspond to the usual Unix rights.
You also find your mask: mask:: rwx user and one pm: rw-

Let's see the interest mask. My desire to delete all users (besides me, the owner), the law in writing. I remove the write permission in the mask.
Changing Mask
Code:
sl @ testuser: / home / Test $ setfacl-mm:: rx test.xml sl @ testuser: / home / Test $ getfacl test.xml # file: test.xml 
# owner: sl # group sl user:: rwx user pm: rw-# effective r - group:: rx mask:: rx Other ::---
Note the actual line #, which tells us that after applying the mask, the real rights of pm are right: reading. Without the mask, I should be removed for each user right in writing. If I want to remove LCD pm straight on this file:

Deleting a user
Code:
sl @ testuser: / home / TEST $ setfacl-xu pm test.xml sl @ testuser: / home / TEST $ getfacl test.xml getfacl test.xml # file: # test.xml owner: sl # group sl user: : rwx group:: rx mask:: rx Other ::---
And it becomes a regular user subjects to classical rules. You can also delete all of the rights of an ACL file.

More ACL
Code:
sl @ usr: / home / TEST $ setfacl-b @ sl test.xml usr: / home / TEST $ getfacl test.xml # file: # test.xml owner: sl # group sl user:: rwx group:: rx Other ::---
3. Conclusion
Rights Management Unix generic form should be well known to all, first for security issues but also privacy, partly because it is fundamental in the handling / using files. Today it is used in Linux and even other UNIX ACLs are yet to implement a simple and quite at hand to bring any administrator or user. I strongly advise you to put in place at least initially at the / home, what kind of rights is often appreciated by users.
Reply With Quote
Reply

  TechArena Community > ARENA > Guides & Tutorials
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How to Manage File Permission in Unix"
Thread Thread Starter Forum Replies Last Post
Manage Add-ons - Add-ons that run without requiring permission Miambi Windows XP Support 6 09-03-2012 02:46 AM
Windows 7 error: "You need permission to perform this action. You require permission from PCNAME-PC\USERNAME to make changes to this file." Nuryn Operating Systems 3 20-03-2011 05:40 AM
File system Security of UNIX HoGaN 77 Networking & Security 4 04-11-2010 05:07 AM
Manage Permission on MS Project 2007 pshetty Windows Software 4 06-10-2009 10:22 PM
How to find file modified in unix Yancy Operating Systems 3 23-05-2009 05:21 PM


All times are GMT +5.5. The time now is 02:50 AM.