#compsci ## Seeing You can see the permissions of a file by typing $ ls -l The permissions are grouped as follows: d | rwx | rwx | rwx The first bit differentiates a file from a directory, the following three represent the owner's permissions (r - read, w - write, x - execute). The next 3 are group permissions, and the final 3 are other permissions. ## Modifying Use the $ chmod command ### Option A $ chmod u+x myfile - gives the user execute permissions for myfile $ chmod ug-x myfile - removes the user's and the group's execute permissions for myfile ### Numerical format (option B) 4 - read permission 2 - write permission 1 - execute permission $ chmod 755 myfile = rwx | r-x | r-x To remove permissions from the default permission set, use umask: $ umask 021 = rwx | r-x | rw- Default = 022 ## Ownership permissions To modify user ownership of a file, type $ sudo chown %user% %file% To modify group ownership, type $ sudo chgrp %group% %file% To modify both, type: $ sudo chown %user%:%group% %file%t ## SUID & SGID The access flags SUID (set user identity) & SGID (set group identity) allow users to run an executable with the permissions of that executable's owner or group respectively. $ ls -l /usr/bin/passwd -rwsr-xr-x (s denotes the setuid) To modify: $ sudo chmod u+s myfile $ sudo chmod 4577 myfile (4 is for setuid) $ ls -l /usr/bin/wall -rwxr-sr-x (s denotes the setgid) To modify: $ sudo chmod g+s myfile $ sudo chmod 2577 myfile (2 is for setgid) ## [[Processes in Linux|Process]] permissions When you launch a process, it runs with the same permissions as the user or group that ran it - **effective user ID** (euid) (used to grant access rights to a process) The ID of the user who launched the process - **real user ID** (ruid) The UID that saves the euid that was set when the program was executed, so it can swtich between euid and ruid - **saved UID** (suid). Example: When running the passwd command, your effective UID is your user ID, let's say its 500 for now. Oh but wait, remember the passwd command has the SUID permission enabled. So when you run it, your effective UID is now 0 (0 is the UID of root). Now this program can access files as root. ## The Sticky Bit The last permission bit "sticks a file/directory", which means that only the owner or the root user can delete or modify the file. Example: $ ls -ld /tmp drwxrwxrwt (t represents the sticky bit) To modify: $ sudo chmod +t mydir $ sudo chmod 1755 mydir (1 - sticky bit)