Agenda Access Permissions The Linux File System (chapter 4 in text) £ Limiting unauthorized access to your Setting Access Permissions directories and files is a very important ¡ concern for ALL Linux (Unix) users. Directory vs File Permissions £ ¡ chmod Utility Consequences of Unauthorized Access: ¤ ¢ Symbolic Method Copying your assignments (cheating) ¤ ¢ Absolute Method Using your account for illegal activity ¡ umask Utility ¤ Using your account to send obscene messages ¤ Tampering with files chmod Command File / Directory Permissions (Relative Method) £ The Linux (Unix) OS can allow the user to Used to change the access permissions specify read, write and execute permissions of a file or directory to the user, group or all others (UGO) for files. Format: £ A user can also specify read, write and execute permissions for a directory. The chmod [option] [who] [operation] [permission] file chmod [option] [permission] file−list execute permission for a directory allows the person to view files in that directory ¢ who relates to user (u) , group (g) or all others (o) ¢ operation relates to adding (+), removing (−) or setting (=) permissions ¢ permissions are read (r), write (w) and execute (x) chmod Command chmod Command (Relative Method) (Absolute Method) Examples: Note: you can You can use the chmod command with octal ¤ Add Permission use wildcard number to represent (in binary) a permission chmod g+rw file.name symbols (eg *) (1) or removal of a permission (0) for the file chmod o+x file.name to match or directory ¤ Remove Permission particular files chmod g−w file.name This is referred to as an Absolute command, ¥ chmod a−w file.name (removes write for ugo) ¦ ¤ Set Permission and many prefer this short−cut method to changing file / directory permissions chmod o=rx file.name chmod go=rx filename Relationship of a Binary to an Octal Number Binary to Octal Notice the Pattern: Relationship: § Largest 3 digit binary is 111 Octal Binary § 0 000 1 octal digit will represent a 3 digit Therefore: 1 001 binary number 2 01O0ctal number 755 is equal to: § Highest Octal digit is 7 3 0111 1 1 1 0 1 1 0 1 in binary 4 100 This can be related to the § 5 101 Therefore: 1112 = 78 permissions: 6 110 7 11r1 w x r − x r − x chmod − Example Practical Applications of (Absolute Method) chmod Command £ Applying octal values of rwx use the absolute Pass−Through Permissions chmod command: ¤ Pass−Through Permissions allow users to pass− through the home directories and other subdirectories until they reach a directory that chmod 777 filename − r w x r w x r w x provides read and execute permissions to read chmod 755 filename − r w x r − x r − x files. (pass−through permissions drwx−−x−−x) ¤ chmod 711 filename − r w x − − x − − x To deny any access other than yourself, you can remove pass−through permissions of your home chmod 644 filename − r w − r − − r − − directory (drwx−−−−−−) Practical Applications of chmod Command Creating a Mask £ £ Linking & Sharing Files Are you tired of continually changing access ¤ Set up directory and file permissions to allow permissions for newly−created files or users to modify a file or set up permissions of file directories? to allow user to view, but not modify a file. £ The umask command automatically sets the £ Webpages file permissions upon creation of the file. ¤ Allow or deny other access to files. For example, £ This process is useful, since user may use chmod command to allow group & others read © ¨ sometimes forget to change the permissions and execute permissions to pass−through your directories. of newly−created files or when they transfer files via the FTP application umask Command Setting Directory Mask Used to automatically establish file To change directory mask: permission upon creation ¤ Determine octal number that would set directory permission ¤ Subtract octal number 777 from octal number Format: determined above to get result ¤ issue the command : umask [mask] umask [octal number] where mask represents a 3−digit octal number regarding UGO and permissions to be assigned. ¨ © ¤ Note: The rules vary between setting file masks Note: should also be able to use relative method and directory masks with umask command − may be easier Setting Directory Mask Setting File Mask Example: To change directory mask: To set mask for newly−created directories Determine binary number that would set to: directory permission r w x r − − r − − Subtract above binary number from Determine octal number 110110110 and convert result to octal 1 1 1 1 0 0 1 0 0 = 744 number to determine umask value Subtract 777 from 744 = 033 issue the command : Issue command umask 033 umask [octal number] Issue command umask to verify change Setting File Mask − Example1 Setting File Mask − Example2 Example: Example: ¤ ¤ To set mask for newly−created files to: To set mask for newly−created files to: r w − r − − r − − r w x r − − r − − ¤ ¤ Convert to binary Convert to binary 110100100 111100100 ¤ ¤ Subtract above from 110110110 Subtract above from 110110110 110110110 110110110 − 110100100 − 111100100 Cannot subtract 1 from 0 = 000010010 (which is 022) = 000010010 (which is 022 octal) ¤ ¤ issue umask 022 (enter umask to verify) issue umask 022 (enter umask to verify).