3.

File Permission / Access Modes

The Permission Indicators
File Access Modes
Directory Access Modes
Changing Permissions
Using chmod with Absolute Permissions
Changing Owners and Groups
Changing Ownership
Changing Group Ownership SUID and SGID File Permission
Every file in Unix has the following attributes −

Owner permissions − The owner's permissions determine what actions the owner of the file can
perform on the file.
Group permissions − The group's permissions determine what actions a user, who is a member
of the group that a file belongs to, can perform on the file.

Other (world) permissions − The permissions for others indicate what action all other users can
perform on the file.
File Access Modes

The permissions of a file are the first line of defense in the security of a Unix system. The basic
building blocks of Unix permissions are the read, write, and execute permissions, which have
been described below −
Read
Grants the capability to read, i.e., view the contents of the file.

Write
Grants the capability to modify, or remove the content of the file.

Execute
User with execute permissions can run a file as a program
Directory Access Modes
Directory access modes are listed and organized in the same manner as any other file. There
are a few differences that need to be mentioned −

Read
Access to a directory means that the user can read the contents. The user can look at
the filenames inside the directory.

Write
Access means that the user can add or delete files from the directory.

Execute
 Executing a directory doesn't really make sense, so think of this as a traverse permission.
 A user must have execute access to the bin directory in order to execute the ls or
the cd command.
Using file permission symbols

 ls command allows you to see the fi le permissions for fi les, directories, and devices on the
Linux system
$ ls -l sybcanew

-rwxrwxr-x+ 1 Aniket None 602 Apr 8 15:58 reverse.sh

-rwxrwxr-x+ 1 Aniket None 362 Apr 3 12:04 sumofdigits.sh
drwxrwxr-x+ 1 Aniket None 0 Apr 8 12:02 testdir
drwxrwxr-x+ 1 Aniket None 0 Apr 15 10:43 ty
drwxrwxr-x+ 1 Aniket None 0 Apr 15 10:43 ty1
 The first field in the output listing is a code that describes the permissions for the files and
directories. The first character in the field defines the type of the object:

- for regular files ,d for directories ,l for links,c for character devices,b for block devices
and n for network devices

 After that, you see three sets of three characters. Each set of three characters defines an
access permission triplet:

r for read permission for the object , w for write permission for the object and x for
execute permission for the object

 If a permission is denied, a dash appears in the location. The three sets relate the three
levels of security for the object:

owner of the object , group that owns the object and Everyone
The

else on the system

 -rwxrwxr-x+ 1 Aniket None 602 Apr 8 15:58 reverse.sh

permissions for everyone else

permissions for group members

permissions for the file owner

 The three permissions are read(octal 4),write(octal2) and execute (octal 1).And three
user classes are file owner, file group, and Others.

Example : rwx= 4+2+1= 7

Changing Permissions

To change the file or the directory permissions, you use the chmod (change mode) command.
There are two ways to use chmod — the symbolic mode and the absolute mode.

Using chmod in Symbolic Mode

The easiest way for a beginner to modify file or directory permissions is to use the symbolic
mode. With symbolic permissions you can add, delete, or specify the permission set you want by
using the operators in the following table.

Sr.No. Chmod operator & Description

1 +
Adds the designated permission(s) to a file or
directory.

2 -
Removes the designated permission(s) from a file
or directory.

3 =
Sets the designated permission(s).
$ ls -l abc1.txt
-rwxrwxrwx+ 1 Aniket None 0 Apr 17 09:33 abc1.txt

# To remove execute permission for owner, group and other

user

$ chmod o-x,u-x,g-x abc1.txt

# Let us check new file access permissions set for a file

abc1.txt

$ ls -l abc1.txt

-rw-rw-rw-+ 1 Aniket None 0 Apr 17 09:33 abc1.txt

 Instead of using the normal string of three sets of three characters, the chmod command
takes a different approach.

 The following is the format for specifying a permission in symbolic mode:

[ugoa…][+-=][rwxX…]
The first group of characters defines to whom the new
permissions apply:
u for the user
g for the group
o for others (everyone else)
a for all of the above
Next, a symbol is used to indicate

(+) add the permission to the existing permissions

(-) subtract the permission from the existing permission
(=) Assigns the permission
Finally, the third symbol is the permission used for the setting
X assigns execute permissions only if the object is a directory or if
it already had execute permissions.

u sets the permissions to the owner’s permissions.

g sets the permissions to the group’s permissions.
o sets the permissions to the other’s permissions.
Using chmod with Absolute Permissions

The second way to modify permissions with the chmod command is to use a number to specify
each set of permissions for the file.
We can use octal number to represent access permission for all users.

 The three permissions are read(octal 4),write(octal2) and execute (octal 1).And three
user classes are file owner, file group, and Others.

Example : rwx= 4+2+1= 7

owner 4+2+1 =7
Group 4+1 =5
Other 4
$ stat -c "%a %n" abc1.txt
777 abc1.txt

# To remove execute permission for owner, group and other

user

$ chmod 666 abc1.txt

# Let us check new file access permissions set for a file

abc1.txt

$ stat -c "%a %n" abc1.txt

666 abc1.txt
Write commands for below task

1. Create a file named test.txt with default access permissions (Symbolic

mode)
2. Add access permissions execute for owner, group and other(Symbolic
mode)
3. Remove execute permission for group and other users for above
created file(Symbolic mode)
4. Create a directory tybca with default access permissions. (Symbolic
mode)
5. Use X option of chmod to set execute permissions for file only if file
is directory(Symbolic mode)
6. Use absolute permissions for chmod for questions 1 to 5
Changing Owners and Groups

The chown command changes the ownership of a file. The basic syntax is as follows −

$ chown username filelist

# after execution of above command owner of files mentioned in

filelist will be changed to username

The value of the user can be either the name of a user on the system or the user id (uid) of a
user on the system.

$ chown dell abc.txt

# after execution of above command owner of abc.txt will be dell

provided that user who is executing above command has
permissions to change owner of file abc.txt
Changing Owners and Groups

The chgrp command changes the group ownership of a file. The basic syntax is as follows −is as
follows −
$ chgrp group filelist

# after execution of above command group owner of files

mentioned in filelist will be changed to group

The value of group can be the name of a group on the system or the group ID (GID) of a
group on the system.

$ chgrp dell abc.txt

# after execution of above command group owner of abc.txt will

be dell provided that user who is executing above command has
permissions to change group owner of file abc.txt
SUID and SGID File Permission

Real User Id : User who have started the execution of process

Effective User Id : is used to check the file access permissions
 and 
gid (group-id) of the user who created them.
 The same thing happens when a process is launched: it runs
with the effective user-id and group-id of the user who
started it, and with the corresponding privileges. This
behavior can be modified by using special permissions.

 SETUID and SETGID bit

Real user 402

Group user is 602

Abc.txt effective user 402 effective gid =602

The setuid and setgid bit
 When the setuid bit is used, the behaviour described above it's modified so that when an
executable is launched, it does not run with the privileges of the user who launched it, but with
that of the file owner instead.
 So, for example, if an executable has the setuid bit set on it, and it's
owned by root, when launched by a normal user, it will run with root
privileges.

How to check whether setuid bit is set for a file or not
$ ls -l return1.sh
-rwsrwsr-x+ 1 Aniket None 184 Apr 7 10:10 return1.sh

# setuid for uers and setgid for group users are set for a file

Real userid = executing the process Effective user id =to check access permissions
of file
Set setuid bit
Add.exe owner of the file is root
Normal user(administrator )is executing the process add.exe ,execution of add.exe will be done
with the root privileges (owner of the file no matter who is executing the process)
$ ls -l return2.sh
-rwxrwxr-x+ 1 Aniket None 220 Apr 7 10:12 return2.sh

# Here no setuid and setgid are set for executable file

return2.sh

$ chmod u+s,g+s abc1.txt # set setuid and setgid bit for

retunr2.sh

# Let us check new file access permissions set for a file

return2.sh

$ls -l return2.sh
-rwsrwsr-x+ 1 Aniket None 220 Apr 7 10:12 return2.sh