Sunday, February 28, 2010

Debian 12

In Linux, 10 fields are used to represent the file type (1-field), owner permissions (3-fields), group permissions (3-fields) and other permissions (3-fields).
Typically permission looks like this:

As mentioned before, the first bit represents the file type. Here's a list of the file types:
- File
d Directory
l Link
c Character Device (/dev/)
b Block Device (/dev/)

The fields are represented as shown:

Where t is the type, u for user, g for group, and o for others. For each permission type (u/g/o), the first bit is for read, second bit is for write, third bit is for execute.

When the read bit is set, a user can read a file. Otherwise, all access will be denied. When the write bit is set, a user can modify a file. When the execute bit is set, the user will be able to execute it from shell.

rwx can be represented in binary, using r as the MSB. 7 is the full permission for each permission type.

To set something like -rwxr-xr-x, we convert it into (111)(101)(101), then run:
chmod 755 test.txt

755 is the maximum permission minus the default UMASK. UMASK is used to disable permissions for directories by default. Normally, the default UMASK is 022. This way, every directory created will not be modifiable by the group or other users, but can be read and executed. To check the default UMASK, type:

By default, all files are 644. Which means execution and modification is not permitted by groups and others default.

For a directory to be accessible, you need to set its execute bit.

To change a file's permission, you must be root or the owner.

You can also change permissions alphabetically. For example, we want to make the file executable by everyone:
chmod ugo+x test.txt

To change owner of a file, use:
chown root test.txt

To recursively change ownership, use:
chown -R root ./temp/

Only the root user can change owners. Users should use chgrp to change the group.

UID permits the execution of an object under the permissions of the owner. For example, we can change our passwords using passwd. However, the /etc/passwd file is only modifiable by root.

What is going on here is that when we run the passwd file, it temporarily gives us root permission. What gives us this permission is the UID settings of the file. For example, if we have a file that lists the contents of /sbin/, it can only be run by the root user. However, we can give it the UID flag through:
chmod uo+sx binaryfilename

s sets the UID and x sets the executable flag. This way, the owner's permissions will be given to the one running the file. UID and GID (g+sx) only works for binary executable files.

The sticky bit is an access-flag that can be applied to files and directories in *nix systems. When the sticky bit is set on a folder, files and directories in it can only be modified by their owners, the owner of the directory, or the superuser. Without the sticky bit set for the folder, anyone with modify permissions for the folder will be able to delete anything in the folder.

To set the sticky bit, use:
chmod ugo+rwxt folder

By default the /tmp directory has the sticky bit set to prevent other users from messing around with other user's files.

Symbolic Links are similar to Windows shortcuts with additional features. There are two types of Symbolic Links: Soft Link and Hard Link. Soft Links are pointers to a named-instance of a file. Hard Links are pointers to inodes representing a file. Inodes are filesystem allocation units. In other words, Hard Link is multiple ways to refer to the same file, while a Soft Link is a shortcut to a file.

To do a Soft Link, use:
ln -s source target

Links can be deleted without affecting the original file on the hard disk. You can create Soft Links without specifying the target. It will automatically use the original file name.

Soft Links are able to traverse file systems. Hardlinks on the other hand cannot traverse file systems. To create a hard link, omit the -s parameter. File systems refer to partitions and hard disks.

To reveal the inode information during listing, use:
ls -li

inode is equivalent to the default allocation block in Windows.

No comments :

Post a Comment