[For beginners] Simple explanation of permissions
table of contents
My name is Nakagawa from the System Solutions Department.
I received an inquiry about permissions the other day, so I've
researched and compiled the information I found in this article.
What are permissions?
Directories and files on Linux have their ownership rights determined.
Permissions the right to operate on directories and files .
Although they are also called access rights, in this article we will use the term permissions.
Permissions are determined by their authority, target users, and notation as follows:
| authority | Permissions text | Numerical representation of authority | user |
|---|---|---|---|
| Read permission | r | 4 | Owning User |
| Write permission | w | 2 | Users who belong to the owning group |
| Execution permissions | x | 1 | Other users |
| No permissions | - | 0 |
Permission Check
Let's actually check the permissions.
You can check by running ls -l on the target directory/file.
As an example, let's check the /home/lpic/index.html file.
ls -l /home/lpic/index.html total 8 -rw------ 1 lpic linux 16 Jan 14 01:16 index.html drwx------ 2 lpic linux 4096 Jan 14 01:17 test
Let me explain what the permissions mean
ls -l /home/lpic/index.html -rw------ 1 lpic linux 16 Jan 14 01:16 /home/lpic/index.html
The leftmost item in the output of the ls command is the permissions.
By default, it is 10 characters long, and the rest of the characters except the first character show the permissions for each user.
Owner user (lpic) permissions = rw-
⇒ You can view the file using commands such as cat, or edit the contents using the vi command.
Owner group (linux) permissions = ---
⇒File cannot be viewed, edited, or accessed.
Other users' permissions = ---
⇒ Files cannot be viewed, edited, or accessed.
Next, let's look at the /home/lpic/test directory.
To check a single directory, use the ls command with the -ld option.
ls -ld /home/lpic/test drwx------ 2 lpic linux 4096 Jan 14 01:17 test
Because the target is a directory, the first letter of the permission is displayed as "d."
The permissions for the test directory are as follows:
Owner user (lpic) permissions = rwx
⇒ Can view a list of files in the directory, create files, and access files in the directory.
Owner group (linux) permissions = ---
⇒Cannot list files in the directory, create/delete files, or access files.
Other users' permissions = ---
⇒ Cannot view a list of files in the directory, create or delete files, or access files.
Operate as the owner user
Try operating it as a user with the necessary permissions
Cat the index file as an lpic user with read permissions
[lpic@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018
List the test directory as the lpic user with read permissions
[lpic@loclhost ~ ]$ ls -ld /home/lpic/test/ drwx------ 2 lpic linux 4096 Jan 14 01:17 /home/lpic/test/
As an lpic user with read permissions, move to the test directory
[lpic@loclhost ~ ]$ cd /home/lpic/test/ [lpic@loclhost test ]$
⇒ Both executions were successful!
Operate as a non-owning user
Next, let's see what happens when we run it as a user without permissions.
We'll cat the index file as the lpic2 user, who doesn't have read permissions.
[lpic2@loclhost ~ ]$ cat /home/lpic/index.html cat: /home/lpic/index.html: Permission denied
List the test directory as the lpic2 user, which does not have write permissions
[lpic2@loclhost ~ ]$ ls -ld /home/lpic/test/ ls: cannot access /home/lpic/test/: Permission denied
As the lpic2 user without execute permissions, move to the test directory
[lpic2@loclhost ~ ]$ cd /home/lpic/test/ bash: cd: /home/lpic/test/: Permission denied
⇒Since you do not have permission, the message "Permission denied" will be returned
To operate without the owning user or group
There are several ways to allow the lpic2 user to operate the following:
- Change the owner of the target directory/file. - Change
the permissions of the owning group and then add the lpic2 user to the owning group.
- Change the permissions of the target directory/file. etc.
When performing this type of work, it is often necessary to change the permissions of the target environment
Let's actually try it.
First, run the chmod command as a user who can operate the index.html file.
Note that
you cannot operate the file unless you also grant permissions to other users in the parent directory of the target file (/home/lpic in this case).
[lpic@loclhost ~ ]$ chmod 707 /home/lpic/ [lpic@loclhost ~ ]$ chmod 706 /home/lpic/index.html
The chmod command is a command that can change permissions.
If you add the -R option, the changes will be reflected in the files under the target directory as well, but
since it does not grant execution permissions, I changed them each time.
Let's take a look at the permissions after the change
[lpic@loclhost ~ ]$ ls -l /home/lpic/ total 8 -rw----rw- 1 lpic linux 29 Jan 18 11:08 index.html drw----rw- 2 lpic linux 4096 Jan 14 01:17 test
Cat index.html as the lpic2 user
[lpic2@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018
This time, the file contents were displayed,
which means the permissions were changed correctly.
lastly
If permissions are not granted correctly, one possible impact is that
if general (or other) users do not have read permission to a file that is made public on a browser,
they may receive a "Forbidden" (403 error) when they access it.
However,
from a security standpoint, it is not a good idea to set up your system so that anyone can edit and execute important files such as configuration files.
When operating a server, setting appropriate permissions for each file
brings us closer to creating a safer and more optimal site.
I would like to deepen my understanding of permissions as one way to provide the site our customers are aiming for or stable server operation
I would like to summarize the set UID, set GID, and sticky bit, which are related to this article
0
Loading...0 
The person who wrote this article
About the author
