Lesson 03 Managing Permissions and Ownership

• Topic A: Modify File and Directory Permissions

• Topic B: Modify File and Directory Ownership
• Topic C: Configure Special Permissions and Attributes
• Topic D: Troubleshoot Permissions Issues

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 1
Topic A: Modify File and Directory Permissions
Exam Objectives:
• 3.1 Given a scenario, apply or acquire the appropriate user and/or
group permissions and ownership.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Permissions

Access rights assigned to users, which enable them to access or

modify certain files and directories.

• Can be set at different levels and for different access contexts.

• Enable us to configure who can and can't access an object.
• Controlling access through permissions mitigates risk.
• Users only have access to what they need, and no more.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
Permission Attributes

Attribute Description
• Files: Access and view contents of a file.
Read (r)
• Directories: List contents of directory.

• Files: Save changes to a file.

Write (w)
• Directories: Create, rename, delete files in directory (requires execute).

• Files: Run a software file.

Execute (x)
• Directories: Access directory, execute file from directory, perform task on directory.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Permission Contexts

• Permission attributes apply to one of several contexts.

• The types of users/entities to give permission to.
• Contexts:
• Owner (u)
• Also called user.
• Group (g)
• Members of object's group.
• Other (o)
• All other users.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
Permission String

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
The chmod Command

• Enables us to modify permissions on files/directories.

• Can only be done by owner of object or sysadmin.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
chmod Command Options

Option Used To

-c Report changes made to permissions.

-f Hide most error messages.
Display diagnostic entry for every object
-v
processed.
-R Modify permissions recursively.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
chmod Symbolic Mode (Slide 1 of 2)

• Set permissions using three components:

• Contexts
• Operators
• Attributes
• Operators:
• + grants permissions.
• - denies permissions.
• = assigns permissions exactly as provided.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
chmod Symbolic Mode (Slide 2 of 2)

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
chmod Absolute Mode (Slide 1 of 2)

• Uses octal numbers.

• 4 = read
• 2 = write
• 1 = execute
• Add numbers of permissions we wish to grant.
• Sum of these is what we provide.
• Read, write, execute is 7 (4 + 2 + 1).
• Read, write is 6 (4 + 2).
• Complete permissions are expressed as three-digit number.
• Each digit corresponds to a context (owner, group, other).

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
chmod Absolute Mode (Slide 2 of 2)

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
Activity 3-1: Modifying File and Directory
Permissions
• We're concerned about protecting files on a Linux server.
• We'll configure permissions for file owner, group, and other users.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
Default Permissions

• Assigned to newly created files and directories based on user privileges.

• Files created by root user are 644 (rw-r--r--).
• Directories created by root user are 755 (rwxr-xr-x).
• Files created by regular users are 664 (rw-rw-r--).
• Directories created by regular users are 775 (rwxrwxr-x).
• Default permissions determined by umask.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
The umask Command (Slide 1 of 2)

• Alters default permissions on newly created files/folders.

• Can be useful for automating custom permissions for new objects.
• We set default permissions using octal numeric format.
• Specify permissions to mask, not to grant.
• Default permissions for non-executable files are 0666
• We want owner to retain permissions, but group and others to only have read.
• The umask will be 0022
• Each number explained:
• 0 means no advanced permissions set by default.
• 0 retains current owner permissions (no mask).
• 2 masks the default of 6, leaving 4 (read only) for the group.
• 2 does the same, but for others.
• Can be set for session or per-user (in .bashrc).

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
The umask Command (Slide 2 of 2)

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
Activity

Discussing File and Directory Permissions

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Activity 3-2: Discussing File and Directory Permissions

• Multiple users have complained about file access in a shared

directory, but we've checked our daily backup reports and there are
no corrupt files. Which command can we issue in the directory in
question to investigate the problem further?

• ANSWER:
• ls -l —This command displays the permissions of all files in the directory to help
us sort out the problem. It's likely that the directory's group permissions are
incorrectly set.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Activity 3-2: Discussing File and Directory Permissions

• A group of system administrators were discussing file permissions

and decided that setting a particular root-owned text file to read-only
for everyone is a best practice. What do the permissions for this file
look like?

• ANSWER:
• Either 664 or rw-rw-r-- is correct.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Activity 3-2: Discussing File and Directory Permissions

• A user cannot execute a script (collect.sh) she created and has sent us
the contents of the script via email to inspect. After looking at the
script, we determine the script is correctly written but permissions
are the problem. What command can we issue to adjust the file's
permissions as necessary?

• ANSWER:
• chmod u+x collect.sh

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
Activity 3-2: Discussing File and Directory
Permissions
• A user changed the permissions of a script (myscript.sh) in a shared
directory. The user is curious why everyone can execute the script if
the user owns the script and everyone else only has read access. To
make the script executable, what command did the user mistakenly
issue?

• ANSWER:
• chmod +x myscript.sh —The permissions changed to rwxrwxr-x or 775, which
gives everyone execute permission. To limit execute permission to the user and
group only, the command should have been: chmod ug+x myscript.sh

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21
Activity 3-2: Discussing File and Directory
Permissions
• Our team lead is tired of receiving help desk tickets to restore deleted
files from a directory that contains hundreds of files and
subdirectories. She decides to have us fix the problem by making all of
the files read-only. How do we change all the files to read-only
without having to traverse each directory?

• ANSWER:
• chmod -R 644 * —This command changes all files in the current directory to 644
recursively.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22