An operating system is an integral part of any computer. Recently, various variants of Linux have been very popular in the OS market due to free distribution and the principle of separation of rights for the user inherited from Unix.
An integral part of any system are files. After all, all user information is stored in them. Access rights to files and folders determine what actions a specific person is allowed to perform, thereby setting access levels and ensuring the security of the entire system. Typically, setting permissions is to enable or disable execution, reading, and writing.
Users and groups
The operating system assigns a unique identifier to each user. In Linux, it is called UID. In addition, for ease of administration, users are grouped into groups, which are also assigned a unique GID.
Linux divides all users into three groups:
- user - file owner;
- group - a member of the same group as the owner;
- other - everyone else.
When accessing a file, the operating system determines whether a user belongs to certain groups. For example, a client who sends a request to a site through a browser will be referred to as other. If the site owner has connected via FTP with a username and password, it will be assigned to the user group.
Access rights
Groups have individual rights that govern the ability to perform operations such as reading, starting, or changing files. For each of them, three types of access are set:
- to launch;
- for reading;
- for recording or editing.
Rights numeric mode
Quite often, a digital designation is used for each group to indicate the rights to change, start, or read. The following parameters apply:
- 4 - reading;
- 2 - record;
- 1 - execution.
In designating access rights, as a rule, only three digits are used. The first of these indicates the rules for the owner user, the second for the group, and the third for the rest. To set certain rights for each group, resort to a simple addition of numbers. For example, 7 indicates the ability to execute, write and read, and 6 only allows you to modify and read the file. Thus, access permissions 777 Linux perceives as a rule, which allows anyone to run, read and overwrite a file.
Permission Changes
Change access rights in Linux can only be the owner or user who has administrator rights. To make changes in terminal mode, use the chmod command.
It starts with parameters that allow you to change the rules using text (symbolic) or digital notation. Consider how to set 777 permissions that allow all users to run, modify, and read a file. In numerical mode, the command will look like this: chmod 777 is the name of the file , and in character: chmod a = rwx is the name of the file .
In practice, the digital mode is often more convenient. Itβs easier to write 755 than to set individual parameters for the owner, group and other users.
Recursive change of rights
The chmod command can be used in recursive mode, which allows you to replace the rights of all files in the directory and subfolders. To do this, use the -R switch.
An example command showing how to set 777 permissions for all files in the current directory and its subdirectories:
chmod -R 777 *.
Permissions and Directories
In addition to files, you can set permissions on directories. The same parameters (flags) are used to indicate them, but the behavior is slightly different. The parameter that allows reading allows the user to view a list of the contents of the folder, setting the write flag allows you to create new objects in the directory, and setting the execution right allows you to enter the directory.
Changing permissions for directories is the same as for files using the chmod command.
Example:
chmod 777 / home / test.
The above command shows how to set 777 permissions for the / home / test directory .
Security and Access Rights
It should be remembered that improper installation of access rights can disrupt the system or individual resources. It can also lead to a big security issue. Therefore, it is necessary to analyze and familiarize yourself with the documentation. Particular attention should be paid to this before setting the 777 access rights, since they allow any user to create, modify and execute files in a directory.
Many attackers use haphazard users to hack sites and other network resources, who mistakenly left the rights to download and execute any script or application on the server.
Extended Rights
There are situations when it is necessary to implement a complex scheme of access to information. In this case, the standard rights of the Linux operating system may not be enough. Then you have to resort to the use of access control lists (ACLs). Use this scheme only in very large networks with multilevel access schemes. In other cases, they bypass the standard functions of the operating system.