[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

[For beginners] Simple explanation of permissions

This is Nakagawa from the System Solutions Department.
The other day, I received an inquiry about permissions, so
in this article I researched the information myself and summarized it.

What is permission?

Ownership of directories and files on Linux is determined.
Permissions the rights to manipulate directories and files .
Although it is also called access rights, in this article we will unify it with permissions.
Permissions are determined by authority, target users, and notation as shown below.

authority Character representation of privileges Numerical representation of authority user
Read permission r 4 owning user
write permission w 2 Users belonging to the owning group
execution privilege x 1 Other users
No authority - 0

Check permissions

Let's actually check the permissions.
You can check this by running ls -l on the target directory/file.
As an example, let's check the /home/lpic/index.html file.

ls -l /home/lpic/index.html total 8 -rw------ 1 lpic linux 16 Jan 14 01:16 index.html drwx------ 2 lpic linux 4096 Jan 14 01:17 test

Let me explain the meaning of authority.

ls -l /home/lpic/index.html -rw------ 1 lpic linux 16 Jan 14 01:16 /home/lpic/index.html

The leftmost item in the execution results of the ls command corresponds to permissions.
By default, it is a total of 10 characters, and the part excluding the first character displays the privileges for each user.

Privileges of the owner user (lpic) = rw-
⇒You can display the file using the cat command, etc., or edit the contents using the vi command.

Owning group (linux) privileges =---
⇒Files cannot be viewed, edited, or accessed.

Other users' privileges =---
⇒Cannot view, edit, or access files.

Next, let's take a look at the /home/lpic/test directory.
To check a single directory, use the ls command with the -ld option.

ls -ld /home/lpic/test drwx------ 2 lpic linux 4096 Jan 14 01:17 test

Since the target is a directory, the first character of the permission is displayed as "d".
The meaning of the permissions for the test directory is as follows:

Owner user (lpic) privileges = rwx
⇒ Can display a list of files in the directory, create files, and access files in the directory.

Owner group (linux) privileges =---
⇒ Cannot display a list of files in the directory, create or delete files, or access files.

Other users' privileges =---
⇒ Cannot display the list of files in the directory, create/delete files, or access files.

Operate as the owner user

Try operating it as a user with actual privileges.

Cat the index file as an lpic user with read permission.

[lpic@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018 

List the test directory as an lpic user with read permissions.

[lpic@loclhost ~ ]$ ls -ld /home/lpic/test/ drwx------ 2 lpic linux 4096 Jan 14 01:17 /home/lpic/test/ 

As an lpic user with read permissions, navigate to the test directory.

[lpic@loclhost ~ ]$ cd /home/lpic/test/ [lpic@loclhost test ]$ 

⇒All execution results were successful!

Operate as a non-owner user

Next, let's see what happens when you run it as a user without privileges.
Cat the index file as the lpic2 user who does not have read permissions.

[lpic2@loclhost ~ ]$ cat /home/lpic/index.html cat: /home/lpic/index.html: Permission denied

List the test directory as the lpic2 user without write permissions.

[lpic2@loclhost ~ ]$ ls -ld /home/lpic/test/ ls: cannot access /home/lpic/test/: Permission denied

Change to the test directory as the lpic2 user who does not have execution privileges.

[lpic2@loclhost ~ ]$ cd /home/lpic/test/ bash: cd: /home/lpic/test/: Permission denied

⇒Since you do not have permission, "Permission denied" will be returned.

To operate as a user other than the owning user and group

There are several ways to enable lpic2 users to interact with lpic2.
- Change the owner of the target directory/file.
・After changing the permissions of the owning group, add the lpic2 user to the owning group.
・Change the permissions of the target directory/file. etc.

When performing such tasks, it is often necessary to change the permissions of the target environment.

Let's actually run it.
First, run the chmod command as a user who can manipulate the index.html file.
Please note that
operations cannot be performed unless other users are granted permissions to the upper directory of the target file (in this case /home/lpic).

[lpic@loclhost ~ ]$ chmod 707 /home/lpic/ [lpic@loclhost ~ ]$ chmod 706 /home/lpic/index.html 

The chmod command is a command that allows you to change permissions.
If you add the -R option, the changes can be reflected in the files under the target directory as well, but it
does not grant execution permission, so this time I changed it each time.

Let's take a look at the changed permissions.

[lpic@loclhost ~ ]$ ls -l /home/lpic/ total 8 -rw----rw- 1 lpic linux 29 Jan 18 11:08 index.html drw----rw- 2 lpic linux 4096 Jan 14 01:17 test 

Cat index.html as lpic2 user.

[lpic2@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018 

This time I was able to display the contents of the file.
This means that the permissions were changed correctly.

lastly

If the permissions are not granted correctly, an example of the possible impact is that
if the file published on the browser does not have read permission for general (other) users, a
``Forbidden (403 error)'' will be returned even if the file is accessed. It's possible.

However,
settings that allow anyone to edit and execute important files such as configuration files are not a good idea from a security perspective.

When operating a server, setting appropriate permissions for each file
will help you create a safer and more optimal site.

I would like to deepen my understanding of permissions as a means of providing the site that our customers are aiming for or stable server operation


I would like to summarize the contents related to this article

If you found this article helpful , please give it a like!
0
Loading...
0 votes, average: 0.00 / 10
6,272
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Sakina Nakagawa

I joined the company in 2016 as a new graduate. Lately, I've been having fun learning the basics of servers.