The permissions and rights in linuxThese are very important aspects, therefore, you must be clear about all the information related to them.
What are permissions and rights in Linux?
The permissions and rights in Linux, They are in charge of establishing the users who can access the files, either to modify them or to delete them.
They are very important, especially in the event that the operating system is worked by several users. In this way, you make sure that each one enters the one that corresponds to them, and there is no risk of the information being lost, or being in the hands of strangers.
Also with them too decrease the chances of errors which are often difficult to solve. This is because they establish from the beginning the functions of each user so that they are executed correctly.
This is why Linux has become one of the best operating systems that exists today. And it is that, since its design was initially carried out with the objective of working on the network, the security it offers is much greater than that of others.
In Linux, the permissions or also known as rights that a user has over a file are divided into three levels, each one with important details that we mention below:
- Owner's permissions.
- Group permissions.
- Permissions from others.
Before knowing the details of each one, it is important to understand that, in network systems, as in the case of Linux, there is a figure called »administrator, superuser or root». This person is the only one who can create new users, or delete them, and also establishes all the characteristics of each one.
All the privileges are established for the directory known as HOME, and also for all the users that the administrator indicates.
Now, having all of the above clear, it is time to mention the details of each of the levels:
This is the user that is in charge of creating a file or folder in the working directory, that is, in HOME or in another directory where they have permissions and rights.
Each of the users has permission to create the number of files they want in their directory, and will be the only person who has access to this data. Furthermore, the parameter that identifies it is "or".
Each user must belong to a work group, so when any management is carried out, all the users that are part of the group also receive it.
It is easier to carry out any modification in this way, than in each of the users. The letter that identifies this permit is the »g»
Permissions from others
This permission is granted to anyone else who has files in a directory but is not part of the workgroup. In other words, all users who do not belong to the file's group, but are in others. The parameter to identify them in the letter "either".
Now, to identify the permissions within the system you must open the terminal, and place: ls-l. Then the list of all the content found within the HOME directory should appear.
An image similar to the previous one should appear on your screen, where the first blue column represents the user's name, while the other is the group to which it belongs.
In the above case they have the same name, however, this is not always the case, many times the owner has one name and the group another.
What are the types of permissions in GNU/Linux?
The first thing you should know is that, just as there are different types of permissions in Linux, there are also different files that you can find within the system.
Each of the files will be identified with 10 characters, which are also known as a mask.
The first one you find from left to right represents the file type, while the other 9, organized in three blocks, refer to permissions. Taking into account the above, the first character can be seen as follows:
special blocks file: b
special character file: c
Link file or link: I
channel special file: p
In relation to the remaining 9 characters, these refer to the permissions that the owner, group or others have on the file. And they can be the following:
- Without permission: -
- Read permission: r
- Write permission: in
- execution permit: x
Now, taking into account the above, the types of permissions that are known so far in the operating system are mentioned:
- Reading: It is a permission that allows users to see all the contents of a file.
- Writing Instruments: Gives you the option to make different changes to the file.
- Execution: It allows you to run the file smoothly.
- Reading: It gives you the permission to know the files and directories that the main directory contains.
- Writing: Allows you to create files in the directory. They can be new or ordinary files, they can even be deleted, moved, edited, copied, etc.
- Execution: It allows you to view all the contents of the directory, and copy files. In case you also have the write and read permissions, different edits can also be carried out on the files and directories.
Keep in mind that if you do not have execute permission, you will not be able to enter the directory, even if you use the command "CD", because the action will be denied.
Managing permissions and rights in Linux
Managing permissions and rights is very important, because from the moment you create a user within the system, at the same time privileges are granted. However, these will not be completely, for example, they should not have access to the same permissions as the root user.
In addition, the administrator has the power to make any modification in the permissions and rights, adapting them for each operation or job. Generally, those used are the following:
- For files: –rw -r–r–
- for directories: -rwx rwx rwx
These are the permissions needed to create new files, edit them, or even delete them. But, they are not the same for all system distributions.
For example, In the image you can see that a list appears where it reads »Rails Error.pdf», and if you look at the first column, it appears as: -rw-r–r–. To understand this, we detail it below:
- Type: Archive.
- The user has permission to read and write the file.
- The group to which the user belongs only has the permission to read the file, but not to modify it.
- Other users can only read the file.
The chmod command is the one that allows you to make different modifications to the skin, so that at the same time you can also carry out operations on files or directories.
However, if the user to whom the modification is to be made is not specified, it will affect everyone equally. Because of this, it is very important to set a correct permission assignment.
The assignment of permissions must be given only taking into account the three types of levels mentioned above: the owner, owner and the others.
Also remember that the assignment must be done according to the three permissions that exist: (r) read Permission, (In) of writing, and (X) of execution. For example:
- To give the owner execute permission: chmod u+x komodo.sh
- Remove execute permission on all users: chmod -x komodo.sh
- Read and write permission to all users: chmod o + r + w komodo sh.
- Enable only read permission to file group: chmod g + r -w -x komodo.sh
Permissions with the octal number format
There is also another way that you can use the chmod command and assign permissions, however, for many users it is often complicated.
The first thing you should know is that the combination of the values of each of the groups will form an octal number. Bit x is 20, i.e. 1, bit w 21 equals 2, bit r 22 is 4.
- r: 4
- w: 2
- x: 1
The combination of these bits on or off will develop eight possible combinations of values:
- you don't have any permission: – – – 0
- Execution permission:--x 1
- Write permission: –w–2
- Write and execute permissions:-w x 3
- Read permission: r--4
- Read and execute permissions: r - x 5
- Read and write permissions: rw-6
- all permissions:rwx
After user, group, and other permissions are combined, this also results in a three-digit number, which forms the permission of the file or directory.
- The owner has all read and write permissions: rw- --- -— 600.
- The owner can read, write and execute, while the group and the others can only execute: rwx --x --x711.
- The owner has the read, write and execute permission. The group and others can read and execute the file: rwx rx rx 755.
- Anyone can read, write and execute the file: rwx rwx rwx 777.
- The owner can read the file, but not modify or execute it: r-- --- -- 400.
- The owner has read and write permission, while the group can read the file, and other people don't have access to anything: rw-r-- --- 640.
The special permits are known as SUID (SetUserID), SGID (Set Group ID), and the persistence (sticky bit).
The setuid bit can be set to executable files, and means that when a user executes the file, the process has all the permissions of the owner. An example of this would be:
- The bit that is assigned is »s», and in order to link it to a file, you must write the following: chmod u+s /bin/su.
- And in case you want to remove it, you have to write: chmod us/bin/su.
This permission gives you the opportunity to have all the privileges of the group that is assigned to the file, it can even be assigned to directories as well.
It is one of the most used permissions, especially when dealing with several users who belong to the same group and need to work with some resources in a directory.
To assign it, you must write the following: chmod g+s/shared_folder. And, to remove it, put: chmod gs/shared_folder.
It is a permission that is assigned to directories where all users have access, thus preventing one of them from deleting the files or directories inside. The clearest example of this is the following:
- I understand that the bit is represented by the letter »t». To assign it you must place: chmod o+t/tmp.
- Now, to remove it you must write: chmodot/tmp.