قالب وردپرس درنا توس
Home / Tips and Tricks / What are file permissions on Linux and how do I make sure mine are secure? – CloudSavvy IT

What are file permissions on Linux and how do I make sure mine are secure? – CloudSavvy IT



File permissions.

In Linux, file permissions determine the level of permissions for file owners and everyone else. It is important to ensure that all web-related files have the correct permissions set so that a compromised process cannot write in places where it shouldn’t.

What are file permissions?

File permissions keep track of permissions for three different groups. Each group is represented by three bits:

  • r: With the “Read”
    ; permission, a process can read the contents of this file into memory.
  • w: With Write permission, a process can overwrite the physical location on disk that this file is stored on.
  • x: The “Run” privilege applies to programs and enables this file to run.

Authorizations are displayed in the terminal as follows:

Displayed permissions.

The first “d” indicates whether the file is a directory. The first group of three is for the file owner. In this case, the file owner has full read, write, and execute access. The next group of three are “Group Owners,” who specify the permissions for the group to which the file belongs. In this case they are read-only. The next group is everyone else who is read-only.

In general, files with open Everyone permissions are not very secure. You should make sure that the last group is read-only or inaccessible for most files.

These are stored in binary form under the hood, with each authorization representing one bit. For example, rw- is 110 in binary, that’s 6 in decimal. So the authorization string:

rwxrw-r--

… Could be saved as “764”. File permissions are often specified this way. “777” means full access, “700” is private, “644” is read-only. Technically this is known as octal, not decimal, as there are eight possible values ​​for each digit.

For directories, the permissions use the same characters but differ slightly:

  • r: List authorization. Allows you to open the directory and use ls. Requires the x attribute to be set.
  • w: Write permission. Allows you to create new files, delete files, and rename files. Does not prevent the content of existing writable files in the directory from being changed.
  • x: Enterability. Allows the use of cd. This is observed system-wide and prevents the folder from being opened in a GUI file explorer.

On some systems, especially macOS, the file permission string can be followed by an “@”. This means the file has advanced attributes that you can use to verify ls -l@. For example the com.apple.quarantine The attribute is assigned to executable files that have not yet been opened, so Gatekeeper can prevent you from double-clicking it, forcing you to right-click> Open, and then prompting you unnecessarily when you do so Really sure you want to open it.

What are file owners and groups?

The file owner is only a specific user, but users on Unix systems do not work like they do in Windows. Unix can have different users for individual processes such as mysql and nginx. This can lead to very detailed permissions. For example an instance of MySQL running under the mysql User can access his own database, but the nginx User cannot.

User groups work in a similar way, but support the use of multiple users with the same permissions. Users can be added to and removed from the group. You can optionally set file permissions.

How to check the file permissions of directories

You can view file and directory permissions by running ls -l in your terminal. The file permissions are shown on the far right:

File permissions are displayed on the far right.

If you want to see the file permissions for a specific file or directory, you need to forward those ls Output to grep::

ls -la | grep filename

Notice that the permissions for the current folder and the parent folder are shown as . and .. when using the -a Flag. Even this, however, only shows two authorization levels. To see permissions for each parent folder, you must use them namei Command:

namei -l `pwd`

This command may not be installed on every Linux distribution. On macOS, you’ll need to install it from Brew.

You can use the to search for individual files in the folders that may have incorrect permissions find Command with the -perm Flag:

find ~ -type f -perm 777

This searches recursively and can take some time if you run it from the root directory.

How to change file permissions and ownership

Changing file permissions is easy with that chmod Command:

chmod 700 filename

You can also add permissions without specifying a full permission string. This is a shortcut, but it can save time. For example, if you can’t open a script file, you can add permission to run the owner with:

chmod u+x filename

This adds the execute permission (x) for the current owner (u, for “user”).

The change of ownership works similarly with that chown Command:

chown owner:group filename

The group “:” is optional. Both chmod and chown can be run recursively in directories to change file permissions for anything in those directories. Use the capital letter for this -R Flag:

chmod 700 -R directory

You can also use chmod as the -exec Option for findThis allows you to change file permissions throughout the system. For example, this command finds files with open write permissions and sets them to read-only:

find / -type f -perm 777 -print -exec chmod 744 {} ;

Source link