Monday, August 19

File System Permissions On Linux

Umask : umask is the value with this umask mask value kernel can identify who is going to create a file or directory.

umask is the command to find out umask value

root users umask 0022
normal users umask 0002

default permissions = maximum permissions-umask

For a file :-
     maximum permissions of a file 666

                                         umask    022    (-)
Normal User
maximum permissions of a file 666

                                         umask    002    (-)

For a directory :-

     maximum permissions of a directory 777

                                         umask    022    (-)
Normal User
maximum permissions of a directory 777

                                         umask    002    (-)

   we can change permissions in two methods

1) symbolic mode
2) absolute mode (numeric mode)

1)symbolic mode


 users                     permissions                 operators
u=owner(user)         r=read
g=group w=write -
o=other x=execute                       =

chmod is the command to change permissions

   syntax: chmod <permissions> <file or dir name>
   ex: chmod u=rwx,g=rx,o=rx ds
(here we are giving full permissions to owner,read&execute for group & others

if we want to change permissions for a specific task

  ex: here i want to give write to group

  chmod g+w ds

2)absolute mode:

          In Absolute mode we have to provide permisions in numeric signs

                   r = 4
                  w = 2
                  x = 1

 syntax : <permissions of owner,group,other> <filename>
 chmod 755 ds
here we are giving full permissions to owner &read execute to group & others

if we want remove total permissions for others

 chmod 750  /home/mahesh

We have three advanced file permissions.

        1) suid
       2) sgid
       3) stikybit


    suid =4 ,  sgid =2  ,  stickybit=1

1) suid:  suid will be apply only on commands suid is used to provide root previlages on a particular administrative command for a normal user

       ex: ls -l /bin/ping

In this example by default suid was applied for ping command thats why anybody can use ping command if we remove ping command nobody can use
check : chmod 755 /bin/ping
now try to ping from any user account(it wont ping) provide suid then ping once again
(providing suid chmod 4755 /bin/ping )

2) SGID : It is an advanced file permission for group inheritance. parent dierctory group is inherited to all files and directories.

  SYNTAX : chmod g+s <filename>
   ex     : chmod g+s /redhat

3) STICKYBIT : stickybit is an advanced file permission through which owner and root can delete his file and no other users to allow to delete files

   SYNTAX  : chmod o+t <file name>
       ex      : chmod o+t /redhat


Hard link

soft link
1.can create only with in a partition

1.can create accross the partitions.
2.Inode number will be same.

2.Inodes numbers are different.
3.original & link file are in same size. file size is less than org.file.
4.if original file removed then also we can access link file. file can't be accessed if original file is removed.



     SYNTAX :ln <source file><destination file>
     ex  : ln /dev/sda /dev/sdb



     SYNTAX : ln -s <source file><destination file>
     ex  : ln -s /usr/king /root/redhat

                      ACL (Access Control Lists)
     To configure different set of file permissions for different users on a single resource (files/folder) Acls are implemented. Acls can be applied on users and groups.

To apply an Acl for an user

    SYNTAX : setfacl -m u:<username>:<permissions> <file or directory name>
    ex : setfacl -m u:mahesh:rwx  /bsrtech

To check acls of file or directory

     SYNTAX :getfacl <file or directory name>
     ex : getfacl /bsrtech

To apply an acl for a group

    SYNTAX : setfacl -m g:<groupname>:<permissions> <file or directory name>
    ex  : setfacl -m g:sales:rwx /bsrtech

To Remove acl

     SYNTAX :setfacl -x u:<username>:  <file or directory name>

     ex :  setfacl -x u:mahesh:  /bsrtech

     ex :  setfacl -x g:sales:  /bsrtech


:: Linux - Legends ::