Linux Permissions – Octal Notation
Posted by admin | Filed under Computing and IT, Pick and Mix
Have you ever wondered what 755, 754, 777 mean? Let me help….
The first thing I will explain is why it’s called Octal Notation, quite simply, every numeral that makes up the permission has 8 values. They are:
-
0 --- No Access
-
1 --x Execute Only
-
2 -w- Write Only
-
3 -wx Write & Execute
-
4 r-- Read Only
-
5 r-x Read & Execute
-
6 rw- Read & Write
-
7 rwx Read, Write and Execute (FULL ACCESS!)
The thing you need to understand is how linux security works in terms of file access. Remember the following:
- Linux is a Mutli User Environment, more than 1 user can be working on the machine simultaneously.
- A User Typical Owns Files, Folders and Programs
- Files/Folders have an Owner
- Files/Folders can belong to a Group
- An Owner Can belong to many Groups
- A Group can Belong to many Files/Folders
The kernel uses the values above that each file has to determine whether or not to grant access to another user/program/group. If you’re the ROOT user (full access, the administrator), then you will still have full access to them, but remember, programs don’t (and shouldn’t for security reasons) run as root, if they get compromised, they will have full blown access to the system.
Lets use an example.
- Mike logs onto the machine (he is not a root user)
- He wants to know what files are in the directory /home/dave/ . He issues an ls-l
- Nothing appears. Because dave is the owner of his directory and set permissions to deny access to everyone except him and his group.
What? How does that work?
Now, when you take a value of 777, each number represents a different class.
The first 7 is the user class.
The second 7 is the group class.
The third 7 is the others class.
In our example, mike tried to access daves folder, which had permissions 700. Lets run through that:
The first number “7″ gives “dave” full access to his files/folder/program.
The second number “0″ gives everyone in his group no access.
Teh third number “0″ gives everyone else no access.
What? How does that work you must be asking…?
A linux user has a username, that username can be a member of a group. Given that there are many users, they would be “others”.
What’s the purpose of a group?
Okay, let’s use an example, dave and mike want to work on a project together, if there can only be 1 file owner, how can both users access the file, whilst restricting access to the remaining users on the computer. Both users join a group, and file is given a group assignment, which means any user in that group, has access to that file…providing the permissions are set. 700 wouldn’t work. 740 would work though.
Let’s put that into an example:
- dave owns ‘fileb.doc’
- dave is a member of the group ‘brothers’
- dave sets ‘fileb.doc’ with a group assignment of ‘brothers’. e.g. #chgrp brothers fileb.doc
- dave modifies ‘fileb.doc’ file permissions to grant access to members of the assigned group. e.g. chmod fileb.doc 777
- mike joins the group ‘brothers’
- mike uses his favourite text editor to open the file ‘fileb.doc’ , and is granted access because his is a member of ‘brothers’.
I’ll expand this at a future date with more information…happy trails…
Tags: Linux, permissions