intro unix/linux 09
Post on 19-May-2015
2.420 Views
Preview:
DESCRIPTION
TRANSCRIPT
Lesson 9-Setting and Using Permissions
Overview
Describing file permissions.
Using execute permissions with a file.
Changing file permissions using mnemonics.
Changing file permissions numerically.
Overview
Changing permissions for group and other.
Exploring the effect of granting different permissions.
Modifying directory permissions.
Setting permissions when files and directories are created.
Examining the impact of umask on other operations.
Describing File Permissions
The permissions read, write, and execute govern access to
files and directories.
The owner can modify the permissions on a file for three
classes of users.
The owner or user, the members of the owner’s group, and
other users are the three classes of users.
Describing File Permissions
Examining the permissions field.
Employing read and write permissions.
Changing permissions for a file to read only.
Changing permissions for a file to write only.
Examining the Permissions Field
The “ls –l” command displays the permissions for regular files
and directories.
Every slot in the permissions field is occupied by either a dash
or a letter.
A minus sign indicates that a particular permission is denied.
The “t” field in the directory permissions is a special
permission called the sticky bit.
Examining the Permissions Field
The first slot indicates whether the listing is for a directory,
a plain file, or a special UNIX file.
A “c” or “b” at the beginning of many permissions fields
indicates whether the device processes data in units of
single characters or in whole blocks.
The remainder of the permissions field is divided into three
sets of three slots each.
Examining the Permissions Field
Permission Field For Users
Examining the Permissions Field
File permissions:
An owner has full powers over the assignment of permissions
to self, its group members, and others.
The rwx value for the first slot indicates that the user has read,
write, and execute permissions for the file.
Every file has an associated permissions field for user, group,
and all others on the system.
Employing Read and Write Permissions
To access the contents of a file, a user must have read
permissions for that file.
To make changes to or modify a file, a user needs write
permissions for that file.
Changing Permissions for a File to Read Only
Assigning Read Only Permission
Changing Permissions for a File to Write Only
Assigning Write Permission
Using Execute Permissions with a File
The “vi” editor can be used for creating a shell script.
The “source” command in the C shell and the “dot” (.)
command in the Korn or Bourne shell instruct the shell to
read the file and execute each commands in it.
The process id (PID) of the current shell can be determined
with the help of the “$$” sign.
Using Execute Permissions with a File
A file with the appropriate execute permission can run a shell
script like any other UNIX command by typing its name and
pressing the ENTER key.
The “+x” option instructs chmod to grant execute permission
for a file.
When a script is run by entering its name, the current shell
starts a child shell that reads the script file and runs the listed
commands.
Using Execute Permissions with a File
The read permission is sufficient when sourcing a script,
because the current shell needs to read it.
A user must have both, execute and read permissions, to
run a script in a child process.
Only the owner of a file or directory can modify the
permissions that are attached to it.
Changing File Permissions Using Mnemonics
The “chmod” command can accept permission settings in
the form of letter arguments or numbers.
The mnemonic assignment method allows a user to set
permissions for each type of user in several ways.
Changing File Permissions Using Mnemonics
Assigning specific permissions.
Adding and deleting permissions.
Assigning Specific Permissions
Assigning All Permissions to All Users
Assigning Specific Permissions
Assigning Specific Permissions to Specific Users
Adding and Deleting Permissions
Denying Specific Permission to Specific Users
Changing File Permissions Numerically
Numbers can also be used for conveying permissions
information for all the three types of users.
The number 700 specifies the rwx permissions only for the
owner of a file.
The numerical approach allows a user to specify the exact
permissions to be granted regardless of the current
permission.
Changing File Permissions Numerically
Combination permissions are specified using the sum of the
values for the specific permissions.
The primitives (0, 1, 2, and 4) can be added to grant any
combination of permissions.
The combination of the three numbers 1, 2, and 4 can be
used to express the eight possible combinations of execute,
write, and read permissions.
Changing File Permissions Numerically
Numerical Combination of Permissions
Changing File Permissions Numerically
Permission Values
Changing File Permissions Numerically
Basic File Permissions
Changing Permissions for Group and Other
Permissions are usually most restrictive for other, less so
for group, and least restrictive for the owner of a file.
The process of determining the impact of permissions for a
file or directory begins with the determination of the owner
of the file, followed by all sets of permissions assigned to it.
Exploring the Effect of Granting Different Permissions
Changing the permissions of a file does not impact the
current directory or the inode.
The permissions of a file are recorded in the inode.
Write permissions are required for removing a file.
Modifying Directory Permissions
Directories have the same kind of permissions fields as
regular files, except that there is a “d” in the leftmost
position.
Permissions are assigned to directories with the same
letters and numbers that assign permissions to files.
Directories are special files containing the name of each file
or directory along with its associated inode number.
Modifying Directory Permissions
Using permissions to control directory access.
Listing the files in a directory.
Denying write permissions for a directory.
Examining the need for execute permissions.
Changing permissions for files in all subdirectories.
Identifying other system permissions.
Using Permissions to Control Directory Access
The owner of a directory has the power and responsibility
for setting the directory access permissions.
Like file permissions, directory permissions include read,
write, and execute.
The “d” option instructs ls to provide a listing of information
about the directory.
Using Permissions to Control Directory Access
The inode contains all the information about a file, including
permissions, owner, date of creation, links, and addresses
of data blocks on the hard drive where the file’s content
resides.
A file is accessed by first retrieving its inode number, then
examining its permissions, accessing the data block
addresses, and then accessing the file itself.
Listing the Files in a Directory
Permissions for a directory are contained in the inode listed
next to the current directory.
Permissions for files are listed in the inodes listed next to
the filenames in the current directory.
Read permissions are required for reading the directory
contents as well as to get a listing of its files.
Denying Write Permissions for a Directory
Write permissions must be granted before a user can
modify the contents of the file or directory.
A new file cannot be added or an existing file cannot be
removed if appropriate write permissions are not assigned.
Examining the Need for Execute Permissions
Execute permissions have a different impact on a directory
than on a file.
A directory cannot be listed if it does not have execute
permissions.
A file cannot be accessed if the directory does not have
execute permissions.
Examining the Need for Execute Permissions
The files in a subdirectory within the parent directory cannot
be accessed if there are no execute permissions on the parent
directory.
With only execute permission on a directory, a user can “cd”
into it, but cannot get a listing of its files.
The permissions on directories are specified for user, group,
and other in the same fields of the long listing that are
associated with file permissions.
Changing Permissions for Files in all Subdirectories
The “chmod” utility can be used to change the permissions
for all files in a directory and even for all its subdirectories.
The “–R” option, when specified with the chmod utility,
allows permissions to be applied recursively to all child
directories and files encountered.
Identifying Other System Permissions
The “s” and “t” are some of the permissions that can only be
set by the super user.
The executable passwd file is a program that users run to
change their passwords.
Encrypted passwords are kept in the password file /etc/passwd
or in /etc/shadow, depending on the system.
Ordinary users do not have write permissions on the password
files.
Identifying Other System Permissions
The root user has “s” and “r” permissions on the passwd
file, where s in the owner field indicates that anyone who
has permission to execute the program executes it, the
program runs as though root is running it.
When an ordinary user runs passwd, the s tells the system
that while running the passwd program, the user has root’s
identity.
The group ID of the program needs to be turned on if an
administrator wishes to restrict users from executing
specific programs.
A “t” in the last permission slot for a directory puts limits on
who can remove files.
Identifying Other System Permissions
Identifying Other System Permissions
A user cannot remove a file even though they have write
permissions on the directory.
The t bit is a sticky bit, which, when set, permits only the
owner of a file to delete or change the name of the file in
the directory.
Setting Permissions when Files and Directories are Created
The three ways of creating files in UNIX are:
By copying an existing file.
Using a “tee” utility.
Redirection from a shell command.
Setting Permissions when Files and Directories are Created
Examining the default permissions.
Specifying default permissions for directories with umask.
Examining the Default Permissions
The operating system initially sets permissions for the
owner as read and write when a file is created.
These default permission settings are determined by the
umask value.
The umask value determines which permissions are
masked from being set.
Examining the Default Permissions
The umask setting determines the value of permissions for
new files as they are created.
Changing the umask has no effect on an existing file.
The umask setting is initially determined by default on the
system, but can be modified from the shell command-line.
Specifying Default Permissions for Directories with umask
A directory created while umask is 000 has full permissions
granted to user, group, and other.
A directory once created with umask can be modified with
the chmod command.
Specifying Default Permissions for Directories with umask
Umask Values
Examining the Impact of umask on Other Operations
The value of umask determines the initial permissions when
files and directories are created.
The “cp” command directly copies the permissions of the
source file to the destination file if the umask is not set.
The “–p” option, when specified, instructs the cp utility to
ignore the umask when copying files.
Examining the Impact of umask on Other Operations
The “cat” utility can also be used for duplicating a file with
the original permissions without applying the umask effect.
The shell follows umask instructions when creating files.
Permissions are added up to the limit set by umask when
mnemonic arguments are used for specifying permissions
in the chmod command.
Summary
Read permission is needed to access a file’s contents with a
utility.
Write and execute permissions are required for adding a
file, removing a file, or changing a file’s name in a
directory.
A user must have the execute permission to cd into a
directory or include the directory in a path.
Summary
Letters or numbers can be used for specifying permissions
information in the chmod command.
Read and execute permissions are required by a script file
to execute as a child process.
Files and directories are granted initial permissions at
creation determined by the umask setting at the time that
the file or directory is created.
top related