Linux File Permissions

CompTIA Security+ Certification (SY0-501) Chapter 3 - Identity and Access Management
14 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.73
List Price:  €128.43
You save:  €36.69
£78.50
List Price:  £109.90
You save:  £31.40
CA$135.42
List Price:  CA$189.60
You save:  CA$54.17
A$152.22
List Price:  A$213.12
You save:  A$60.89
S$133.77
List Price:  S$187.28
You save:  S$53.51
HK$781.89
List Price:  HK$1,094.68
You save:  HK$312.79
CHF 88.30
List Price:  CHF 123.63
You save:  CHF 35.32
NOK kr1,058
List Price:  NOK kr1,481.24
You save:  NOK kr423.24
DKK kr684.10
List Price:  DKK kr957.77
You save:  DKK kr273.66
NZ$164.15
List Price:  NZ$229.81
You save:  NZ$65.66
د.إ367.20
List Price:  د.إ514.09
You save:  د.إ146.89
৳10,978.23
List Price:  ৳15,369.96
You save:  ৳4,391.73
₹8,290.53
List Price:  ₹11,607.08
You save:  ₹3,316.54
RM471.80
List Price:  RM660.54
You save:  RM188.74
₦156,534.34
List Price:  ₦219,154.34
You save:  ₦62,620
₨27,950.66
List Price:  ₨39,132.05
You save:  ₨11,181.38
฿3,595.26
List Price:  ฿5,033.51
You save:  ฿1,438.25
₺3,229.78
List Price:  ₺4,521.83
You save:  ₺1,292.04
B$499.40
List Price:  B$699.18
You save:  B$199.78
R1,883.20
List Price:  R2,636.56
You save:  R753.35
Лв179.42
List Price:  Лв251.19
You save:  Лв71.77
₩133,286.20
List Price:  ₩186,606.01
You save:  ₩53,319.81
₪365.03
List Price:  ₪511.06
You save:  ₪146.02
₱5,561.09
List Price:  ₱7,785.75
You save:  ₱2,224.66
¥14,911.76
List Price:  ¥20,877.07
You save:  ¥5,965.30
MX$1,670.32
List Price:  MX$2,338.52
You save:  MX$668.19
QR364.82
List Price:  QR510.77
You save:  QR145.94
P1,359.04
List Price:  P1,902.71
You save:  P543.67
KSh13,398.66
List Price:  KSh18,758.66
You save:  KSh5,360
E£4,718.65
List Price:  E£6,606.31
You save:  E£1,887.65
ብር5,656.15
List Price:  ብር7,918.84
You save:  ብር2,262.68
Kz83,512.74
List Price:  Kz116,921.18
You save:  Kz33,408.44
CLP$93,810.03
List Price:  CLP$131,337.80
You save:  CLP$37,527.76
CN¥710.61
List Price:  CN¥994.89
You save:  CN¥284.27
RD$5,917.87
List Price:  RD$8,285.25
You save:  RD$2,367.38
DA13,435.55
List Price:  DA18,810.31
You save:  DA5,374.76
FJ$226.69
List Price:  FJ$317.37
You save:  FJ$90.68
Q780.94
List Price:  Q1,093.35
You save:  Q312.40
GY$20,949.18
List Price:  GY$29,329.69
You save:  GY$8,380.51
ISK kr13,659.63
List Price:  ISK kr19,124.03
You save:  ISK kr5,464.40
DH1,002.67
List Price:  DH1,403.78
You save:  DH401.11
L1,768.33
List Price:  L2,475.73
You save:  L707.40
ден5,652.42
List Price:  ден7,913.61
You save:  ден2,261.19
MOP$805.88
List Price:  MOP$1,128.27
You save:  MOP$322.38
N$1,866.55
List Price:  N$2,613.25
You save:  N$746.69
C$3,681.10
List Price:  C$5,153.70
You save:  C$1,472.59
रु13,266.49
List Price:  रु18,573.62
You save:  रु5,307.13
S/368.83
List Price:  S/516.39
You save:  S/147.55
K382.06
List Price:  K534.91
You save:  K152.84
SAR375
List Price:  SAR525.02
You save:  SAR150.01
ZK2,508.19
List Price:  ZK3,511.57
You save:  ZK1,003.37
L456.04
List Price:  L638.48
You save:  L182.43
Kč2,310.02
List Price:  Kč3,234.13
You save:  Kč924.10
Ft36,211.46
List Price:  Ft50,697.50
You save:  Ft14,486.03
SEK kr1,038.11
List Price:  SEK kr1,453.39
You save:  SEK kr415.28
ARS$85,066.49
List Price:  ARS$119,096.49
You save:  ARS$34,030
Bs691.23
List Price:  Bs967.75
You save:  Bs276.52
COP$389,029.38
List Price:  COP$544,656.70
You save:  COP$155,627.31
₡50,979.09
List Price:  ₡71,372.77
You save:  ₡20,393.67
L2,470.17
List Price:  L3,458.33
You save:  L988.16
₲730,160.41
List Price:  ₲1,022,253.79
You save:  ₲292,093.37
$U3,841.23
List Price:  $U5,377.88
You save:  $U1,536.64
zł395.31
List Price:  zł553.46
You save:  zł158.14
Already have an account? Log In

Transcript

If you're going to have a modern operating system today, you're going to have to have file and folder permissions. And certainly Linux is no exception to that rule. So in this episode, what I want to do is go through Linux file and folder permissions, and then show you how we can edit those. So the best way to get started with this is to dive in go into a particular folder and just type ls minus L. So if you take a look here, on the far left hand side, we see all these letters and dashes. And that's really where all the file permission magic takes place. As you look at this, on the far left hand side, you're going to see one that has the letter D. That means it's a directory.

So that very first value, I want you to just ignore it for this episode that's just used to separate files from directories from links and other stuff like that. What's important are the next nine values. So if you take a look here, you're going to see individual files have RS and W's and x's and dashes. in different places, depending on what's happening here, those are the file and folder permissions. Now, to get started on this, I want to explain to you how they're organized. And I'm going to have to wait just a minute, then I'm going to tell you what rW x means.

So bear with me. You have three groups of these rW x's. So if we zero in, for example, down in this bottom file right here called run me, you'll see I have rW x rW x rW x, what you're looking at here are three different permissions depending on the entity that you want to apply permissions to. The first three values are the permissions that are applied to the creator owner, whoever created that file, whoever created that directory, usually has very powerful permissions on it. And that's what the creator owner can do. The second set in the middle there is for the group.

Every file and folder in a Linux system belongs to a group and other users can be in that group and you can define the permissions For everybody in that group for that particular file or folder simply by editing those three letters right there. Now, if you're not the creator owner, and if you're not in the group, well, then what permissions do you get? And that's what that third set is for. The third set defines permissions for everybody else, the rest of the world, the universe, whatever, you might want to look at that as, so we break it up into these three very distinct groups. Okay, now, let's go back in except this time, I want to take a moment and talk about what exactly R and W and x mean. It's going to vary depending on whether these permissions are applied to a file or to a directory.

R stands for read. A readable permission allows the contents of a file to be viewed. In other words, you can open a file or read permission on a directory allows you to list the contents of that directory. Right permission allows you to modify the content Have a file. But the write permission for a directory allows you to edit the contents of that directory, which is a nice way of saying you can add or delete files from that particular directory executes a little bit strange for a file it makes sense. The executable permission allows you to run the file and execute a program or a script.

For directory though, the execute permission allows you to change to a different directory and make it your current working directory. So if you want to get out of a particular directory and go someplace else, make sure it's executable for your particular user owner, group or other. The tool we use in Linux to change file and folder permissions is called chmod. Now chmod is an interesting command and there's a couple of different ways to run it. And since I don't know how come T is going to tell you how to do it, we're going to try it both ways. So first of all, what we're going to do is we're going to use chmod to change some permissions on one particular file, a little executable program called Run me, now run me is a very dangerous program.

So I want to be very specific about who can actually run this particular program. So I've got my LS minus l running. And you can see right now anybody can execute this program, do you see all three x's. So the creator owner, the group, and the others can all run this. So the first thing I'm going to want to do a chmod is I want to give the other people no rights to do anything on this thing. So to do that, I'm going to type in chmod.

And now I'm going to start typing in some switches. The switches here are either are going to be a letter, followed by an equal sign, and then the permissions I want. So in this particular case, I'm going to say over other equals, and I'm going to leave it blank, which means turn off all permissions for the other people. And then obviously, I'm going to need to type in the name of the file. So I run this and now you can see if you take a close look, you'll see that the other day Group has absolutely no rights to this. If somebody who isn't the creator owner or member of the group tries to execute this program, it's not going to happen.

They don't have permissions. Now the other thing I want to do is I want to take a look. And we can see the group has read, write and execute permissions. Since it's really just an executable file, there's really no reason to write to it. So what I'm going to do in this case is I'm going to turn off right permissions for the group. So again, I type in chmod.

And now this time I type g for group. And here, all I want them to have is read and execute permissions. And then, once again, typing in the name of the file. So I type ls minus L. And you can see that I've got rid of the right permissions. So you can do a lot of cool stuff with this. Now there's one more chmod type command I want to show you in this version to run.

And that means when you'd want to do it to everybody, let's just say I'm feeling crazy and I want to give everybody rights to do everything they want to do. So in that case, I'm going to run chmod. And I'm going to use a that means everybody, creator, owner, group and other. And you see I'm typing in a equals rW x. So that means give everybody all the permissions run me, we type ls minus L. And you can see that I've put back all of the permissions for that particular one. So that's one way to run chmod.

Now, there is a whole other way to run it, which is a little bit more old school and guys like me like to use, so I want to run chmod one more time. But this time, what we're going to do is we're going to use numbers instead of letters to change things. Now, in order for you to understand these numbers. Keep in mind that we have three values, read, write and execute. So in a binary world, the read is in a four position, the Right isn't a two position, and the execute is in one position. So to explain that a little bit better, let me put a little graphic up so that you can correlate the positions of those three values to binary values.

Take a look at this. So we know that every Linux file has read, write and execute permissions for the creator owner, the group and then the rest of the world. Now, we've seen chmod used one way, but let me show you this other way. So first thing I want to do is, let's just pick on any one of these three, so we'll just pick this one that's as good as any. Now, we understand that setting a permission basically turns it on or off. So there is kind of a binary thing to this.

So if you think about this for a minute, like for example, we could turn off the read permission, we could turn off the write permission and just turn on the execute permission. Equally, we could To turn on the read and the write permission and turn on the X and turn off the execute permission, or we could turn on all of these permissions. So really what you've got is three binary digits that we can convert to decimal. Let's go ahead and go through all this real quick. So all zeros in binary equals zero in decimal 001 equals one in decimal 010 equals two in decimal 011 equals three here, I'll just keep going through the rest of these, I think you can figure this out. So basically, three binary values can have 12345678 different combinations going from zero to seven in decimal, and understanding that we can actually do something really cool with Chima to make our lives a lot easier.

So for example, on this particular one, if we just want to set this particular one, to read only all we have to do do is type in 100, which is going to equal four. So in essence, we just say for, if we want to set it to just write permission, we would say two. And if we want to say execute permission, we say one. So really what it boils down to when you look at READ WRITE and execute, read gets the value of four, right gets the value of two, and execute gets the value of one. And we can use this combination which Amada do cool things, for example. So if I wanted to set the read permission, I would just say four and that would turn off right and execute.

If I want to just the right permission, I would say to if I want to just the execute permission, I would say one but it also works for combinations. If I want the Read and Write combination, it'll be a six. And if I want everything, it's going to be a seven, and we can use that to work with chmod. So let's go through one quick example of this. Now keep in mind we have three read writing executes to deal with not just one So if I wanted to, for example, set everybody to read, write and execute, I would type chmod 777. And that would give everybody read, write and execute permissions.

But then again, if I wanted to give the creator owner complete permission, and then I wanted to give the group just read and write permission, and then if I wanted to give everybody else no permission at all, that would be 760. Okay, now that you have at least a rough idea of how this works, what we're going to do is we're going to use chmod. Again, except this time, we're just going to use numbers. Now, the downside of using chmod like this is that you've got to be really, really comfortable with binary and Well, luckily I am, but you may not be so if there's one thing you might want to rehearse a little bit, are using these number values for chmod as opposed to what I think is the role now easier way of just using the letters Anyway, let's go through an example. If you take a look up on the screen, you'll see that I have this run me right now.

So I'm going to type chmod. And I'm going to type in the number seven. Now think about this for a minute, four plus two plus one equals seven. So if I give a value of seven, that means I want read and write and execute. The order that I put these numbers in depends on whether it's for the creator owner, the group or others. So the first value seven means make sure creator owner has read, write and execute.

Now it's often common to do the same thing. So I'm going to type in the second seven, so that the group has read, write and execute permissions that the third one I'm going to do is I'm going to put in the number five, now with the number five in there. Now I'm gonna let you speculate for a minute. What permission Am I turning off by doing that? I'll give you a clue. seven minus two equals five.

So let's go ahead and run this. They can see I type chmod and the number and then the actual file that I want to change. I think Hit enter. Now if I type ls minus l right now, if I've done it right, there it is. The W is not in for other. So what I did by typing a five in that third position is I said, turn off right permission for that particular file.

So with chmod, you can have a lot of fun. In fact, you'll see people with chmod, they'll say chmod 777. And what they're saying is just turn everything on. Okay, now, that's chmod. So Jamal is pretty cool, and I like it. But what I want to do now is go from dealing with who has what type of file and folder permissions to who owns a particular file.

And to do that we're going to use ch own. Okay. So, Jones simply allows us to change ownership. Let me show you how that works. If you take a look at my LS minus l here, you'll see that right now, the file run me has student as the owner and what we're going to do right now is we're going to change to root. So, Joe needs sudo in order to work so we're going to type sudo shown, and we're going to type in who we want to change ownership to.

And then we type in the name of the file. I look very carefully here, you can see that the owner is now route and that's what Chone is all about, it's a quick way for you to be able to change the owner of a particular file or folder. Alright, so we've messed with our file and folder permissions, we have changed the ownership. Now the last thing I want to talk about is changing a password. And to do that we use the PA SS WD command. Now again, this would need sudo so I'm going to type in sudo pa SS WD.

Now, right now if I just hit enter, it's going to change the password for the account. I'm logged in on currently, which is student so I'm going to do that. So I'm going to enter a new Unix password. And I have now changed the password successfully so if you need to change a password make sure you know how to use pa SS WD. Now on the A plus objectives they do something very strange here. They actually in the objectives they put pa SS WD which has changed passwords, right with the command pwd which means for just show me the current working directory.

I'm not quite sure why it does that, but it might be a clue on something you're going to see on the exam.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.