Project description
In this project, I am going to examine existing permissions on a file system. Then, I will report if the permissions match the authorization that was given. If they do not match, I’ll modify the permissions to authorize the appropriate users and remove any unauthorized access.
Check file and directory details
Here a map of how current file directory and permissions look like:
On the terminal I typed pwd to print current directory and the result was:
researcher2@72c298fb33dc:~$ pwd
/home/researcher2It means we are in the /home/researcher2 directory. Then I will visualize the contents of this directory via an ls command:
researcher2@72c298fb33dc:~$ ls
projectsThe /home/researcher2 directory includes only one folder named “projects”.
I will enter into this folder to examine the contents of this folder via the “cd projects” command:
researcher2@72c298fb33dc:~$ cd projects
researcher2@72c298fb33dc:~/projects$I will use ls command with -la parameter to display any hidden file and permissions inside the ~/projects directory:
researcher2@72c298fb33dc:~/projects$ ls -la
total 32
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 05:21 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:10 ..
-rw--w---- 1 researcher2 research_team 46 Nov 13 05:21 .project_x.txt
drwx--x--- 2 researcher2 research_team 4096 Nov 13 05:21 drafts
-rw-rw-rw- 1 researcher2 research_team 46 Nov 13 05:21 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 05:21 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_t.txtdocument displays the file structure of the /home/researcher2/projects directory and the permissions of the files and subdirectory it contains. In the /home/researcher2/projects directory, there are five files with the following names and permissions:
project_k.txt
User = read, write,
Group = read, write
Other = read, write
project_m.txt
User = read, write
Group = read
Other = none
project_r.txt
User= read, write
Group = read, write
Other = read
project_t.txt
User = read, write
Group = read, write
Other = read
.project_x.txt
User = read, write
Group = write
Other = noneNote that .project_x.txt is a hidden / archived file indicated with a dot in the beginning.
There is also one subdirectory inside the projects directory named drafts. The permissions on drafts are:
- User = read, write, execute
- Group = execute
- Other = none
Describe the permissions string
A 10-character string begins each entry and indicates how the permissions on the file are set. For instance, a directory with full permissions for all owner types would be drwxrwxrwx:
The 1st character indicates the file type. The d indicates it’s a directory. When this character is a hyphen (-), it’s a regular file.
The 2nd-4th characters indicate the read (r), write (w), and execute (x) permissions for the user. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted to the user.
The 5th-7th characters indicate the read (r), write (w), and execute (x) permissions for the group. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted for the group.
The 8th-10th characters indicate the read (r), write (w), and execute (x) permissions for the owner type of other. This owner type consists of all other users on the system apart from the user and the group. When one of these characters is a hyphen (-) instead, that indicates that this permission is not granted for others.
The second block of text in the expanded directory listing is the user who owns the file. The third block of text is the group owner of the file.
Change file permissions
In the files permissions hierarchy we do not want any write permissions for other types of users. If there is any write permission given to others, I will modify this permission by using the chmod command following the permissions to modify and the file name. Parameters are simple: modifying a permission for user requires letter “u”, “g” for group and “o” for others then “+” or “-” sign to grant or retire a permission like “r” for read, “w” for write and “x” for execute as explained above.
We have a close look at the files again:
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 05:21 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:10 ..
-rw--w---- 1 researcher2 research_team 46 Nov 13 05:21 .project_x.txt
drwx--x--- 2 researcher2 research_team 4096 Nov 13 05:21 drafts
-rw-rw-rw- 1 researcher2 research_team 46 Nov 13 05:21 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 05:21 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_t.txtHere in project_k.txt it is granted with write permissions for other groups; -rw-rw-rw- we will remove it by chmod o-w project_k.txt.
researcher2@72c298fb33dc:~/projects$ chmod o-w project_k.txt
researcher2@72c298fb33dc:~/projects$ ls -la
total 32
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 05:21 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:10 ..
-rw--w---- 1 researcher2 research_team 46 Nov 13 05:21 .project_x.txt
drwx--x--- 2 researcher2 research_team 4096 Nov 13 05:21 drafts
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 05:21 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_t.txtWe can see that the file permission has been changed.
In the directory the file named project_m.txt is a secret project, no one any other than the user itself should have any permissions. Here the problem research_team group currently has access to this file. We will remove this read permission from the group:
researcher2@72c298fb33dc:~/projects$ chmod g-r project_m.txt
researcher2@72c298fb33dc:~/projects$ ls -l
total 20
drwx--x--- 2 researcher2 research_team 4096 Nov 13 05:21 drafts
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_k.txt
-rw------- 1 researcher2 research_team 46 Nov 13 05:21 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 05:21 project_t.txt
researcher2@72c298fb33dc:~/projects$Finally done!
Change file permissions on a hidden file
In the folder directory there is an archived, hidden file named “.project_x.txt” , it is not supposed to be given any write permissions. Its current permissions line confirms write permissions for user and the group like: -rw–w—- 1 researcher2 research_team 46 Nov 13 05:21 .project_x.txt I will change this via chmod again. For hidden files we start writing their name by a dot “.”.
researcher2@d83b014b2f93:~/projects$ ls -la
total 32
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:22 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 07:10 ..
-rw--w---- 1 researcher2 research_team 46 Nov 13 06:22 .project_x.txt
drwx--x--- 2 researcher2 research_team 4096 Nov 13 06:22 drafts
-rw-rw-rw- 1 researcher2 research_team 46 Nov 13 06:22 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 06:22 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_t.txt
researcher2@d83b014b2f93:~/projects$ chmod g-w,u-w .project_x.txt
researcher2@d83b014b2f93:~/projects$ ls -la
total 32
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:22 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 07:10 ..
-r-------- 1 researcher2 research_team 46 Nov 13 06:22 .project_x.txt
drwx--x--- 2 researcher2 research_team 4096 Nov 13 06:22 drafts
-rw-rw-rw- 1 researcher2 research_team 46 Nov 13 06:22 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 06:22 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_t.txtChange directory permissions
In the directory we have a folder named drafts, this folder should not have any execution privileges for its group. We remove it:
researcher2@d83b014b2f93:~/projects$ chmod g-x drafts
researcher2@d83b014b2f93:~/projects$ ls -la
total 32
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 06:22 .
drwxr-xr-x 3 researcher2 research_team 4096 Nov 13 07:10 ..
-r-------- 1 researcher2 research_team 46 Nov 13 06:22 .project_x.txt
drwx------ 2 researcher2 research_team 4096 Nov 13 06:22 drafts
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Nov 13 06:22 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Nov 13 06:22 project_t.txtNo file extensions for the directory names. If we want to modify permissions for the files inside the drafts folder, we need to enter into the folder.
Summary
We now have practical experience in using basic Linux Bash shell commands to examine file and directory permissions, change permissions on files, hidden files, and change permissions on directories.
