[For beginners] A simple explanation of permissions
table of contents
This is Nakagawa from the System Solutions Department.
Recently, I received an inquiry about permissions, so
in this article, I've researched and compiled some information to the best of my ability.
What are permissions?
Directories and files on Linux have defined ownership.
the rights to manipulate directories and filesPermissions.
While also called access rights, this article will consistently use the term "permissions."
Permissions are defined as follows: (Permissions, target users, and notation are as follows.)
| authority | Permissions text | Numerical representation of authority | user |
|---|---|---|---|
| Read permission | r | 4 | Owning User |
| Write permission | w | 2 | Users who belong to the owning group |
| Execution permissions | x | 1 | Other users |
| No permissions | - | 0 |
Permission Check
Let's actually check the permissions.
You can check them by running `ls -l` on the target directory and file.
As an example, let's check the file `/home/lpic/index.html`.
ls -l /home/lpic/index.html total 8 -rw------ 1 lpic linux 16 Jan 14 01:16 index.html drwx------ 2 lpic linux 4096 Jan 14 01:17 test
Let me explain what the permissions mean
ls -l /home/lpic/index.html -rw------ 1 lpic linux 16 Jan 14 01:16 /home/lpic/index.html
In the output of the `ls` command, the leftmost item represents permissions.
By default, it consists of 10 characters, and the parts excluding the first character show the permissions for each user.
The owner user (lpic) has rw- permissions,
which means they can view the file using commands like cat and edit its contents using vi.
Permissions of the owning group (Linux) = ---
⇒ File cannot be viewed, edited, or accessed.
Other users' permissions = ---
⇒ They cannot view, edit, or access files.
Next, let's look at the /home/lpic/test directory.
To examine a single directory, use the -ld option with the ls command.
ls -ld /home/lpic/test drwx------ 2 lpic linux 4096 Jan 14 01:17 test
Since the target is a directory, the first character of the permission is displayed as "d".
The meaning of the permissions for the test directory is as follows:
Owner user (lpic) permissions = rwx
⇒ Can view the list of files in the directory, create files, and access files in the directory.
Permissions of the owning group (Linux) = ---
⇒ Cannot view the list of files in the directory, create or delete files, or access files.
Other users' permissions = ---
⇒ They cannot view the list of files in the directory, create or delete files, or access files.
Operate as the owner user
Try operating it as a user with the necessary permissions
Cat the index file as an lpic user with read permissions
[lpic@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018
List the test directory as the lpic user with read permissions
[lpic@loclhost ~ ]$ ls -ld /home/lpic/test/ drwx------ 2 lpic linux 4096 Jan 14 01:17 /home/lpic/test/
As an lpic user with read permissions, move to the test directory
[lpic@loclhost ~ ]$ cd /home/lpic/test/ [lpic@loclhost test ]$
⇒ Both executions were successful!
Operate as a non-owning user
Next, let's see what happens when we run it with a user who doesn't have the necessary permissions.
We'll use the lpic2 user, who doesn't have read permissions, to cat the index file.
[lpic2@loclhost ~ ]$ cat /home/lpic/index.html cat: /home/lpic/index.html: Permission denied
List the test directory as the lpic2 user, which does not have write permissions
[lpic2@loclhost ~ ]$ ls -ld /home/lpic/test/ ls: cannot access /home/lpic/test/: Permission denied
As the lpic2 user without execute permissions, move to the test directory
[lpic2@loclhost ~ ]$ cd /home/lpic/test/ bash: cd: /home/lpic/test/: Permission denied
⇒Since you do not have permission, the message "Permission denied" will be returned
To operate without the owning user or group
There are several ways to allow the lpic2 user to manipulate the target directory or file:
• Change the owner of the target directory or file.
• Change the permissions of the owning group and then add the lpic2 user to the owning group.
• Change the permissions of the target directory or file. etc.
When performing this type of work, it is often necessary to change the permissions of the target environment
Let's actually try it.
First, execute the chmod command as a user who has permission to manipulate the index.html file.
Note that
you must also grant permissions to the other user for the parent directory of the target file (in this case, /home/lpic) before you can manipulate it.
[lpic@loclhost ~ ]$ chmod 707 /home/lpic/ [lpic@loclhost ~ ]$ chmod 706 /home/lpic/index.html
The `chmod` command is used to change permissions.
The `-R` option allows you to apply the changes to files within the target directory as well, but it
doesn't grant execute permissions, so in this case, I changed them individually.
Let's take a look at the permissions after the change
[lpic@loclhost ~ ]$ ls -l /home/lpic/ total 8 -rw----rw- 1 lpic linux 29 Jan 18 11:08 index.html drw----rw- 2 lpic linux 4096 Jan 14 01:17 test
Cat index.html as the lpic2 user
[lpic2@loclhost ~ ]$ cat /home/lpic/index.html Thu Jan 18 11:08:57 JST 2018
This time, the file contents were displayed.
This means that the permission change was successful.
lastly
If permissions are not granted correctly, one possible consequence is that
if a user does not have read permissions to access a file published on a browser, it
may return a "Forbidden (403 error)" message.
However,
allowing anyone to edit and execute important files such as configuration files is not a good idea from a security standpoint.
when operating a server
is essential for creating a safer and more optimal website
as one way to help our clients achieve their desired website or provide stable server operation
We want to deepen our understanding of permissions
the concepts of set UID, set GID, and sticky bits, which are related to this article
I will summarize
0
Loading...0 
The person who wrote this article
About the author
