LL6 – File Access Control

Introduction

As before, you are responsible for all previous Linux coursework and for researching the commands below in more depth using Wikipedia and the built-in Linux man pages.  As relentlessly driven home – Ahhhh – everything in Linux is a file (i.e. files, directories, your terminal and display and even your network connections) so when I say file, please expand your definition to contain the Linux file definition.

As before, you will also be taking screen shots, pasting them into your LastnameFirstnameLL6.odt file with the appropriate heading and submitting (uploading) them in BB.

6.1 Files in a little more detail

To begin, let’s look at a long listing in detail with my ciss100/JamesLooby directory and note this is when I originally names the vim created files loobyjamesLL2.xxx rather than loobyjamesLL.xxx.

We see considerable information so let’s begin dissecting and understanding it field by field.

Field 1 – File Type:

Each line will begin with a letter that denotes the file type, – for a normal file, d for a directory, s for a socket file and l for a link file.  As a result I can see that biglist is a file and submenu1 is a directory.

Field 2 – Access Permissions:

The next field conveys the file permissions in 9 characters or 3 groups of 3 characters.  These 3 groups are in order, first the user, second the group (i.e. user’s group) and lastly the world or also referred to as ‘others’.  The 3 characters for each group convey the read, write and execute permission (i.e. they are either present or not present).

Example.

-rwxrwxrwx a file that everyone (user,group & world) can read, write and execute (and delete).
-rw——- a file that only the owner can read and write – no-one else
can read or write and no-one has execution rights (e.g. your
mailbox file).

So let’s look at this using my directory listing example above.  The file biglist has the following access permission: rw-rw-r–.  This means the user (in this case jameslooby) can read and write biglist (but not execute), the group jameslooby can also read and write biglist (but not execute) and the world can read biglist (but not write or execute).  Now with respect to execute this makes sense as biglist is not an executable file.  Also note the ability to write denotes the ability to move and delete.

Let’s look at the submenu1 directory with access permissions rwxrwxr-x.  This means user jameslooby can read the directory (e.g. ls), write to the directory (store files and create sub-directories) and traverse the directory (e.g. cd).  The group has similar directory access permissions whereas the world does not have write permission so they cannot write to the directory.

Security tidbit, what if I was to take away read and execute permission on the submenu1 directory for the world.  Well, no one outside the user and the group would be able to perform a listing to see the file structure nor would they be able to traverse the file to sub-directories.  That’s nice and simple security!

Field 3 – Links

This field conveys the number of links for the file (again note a file can be a file, directory, etc). As an example biglist has 1 link whereas the submenu1 directory has 2 links.  So why does every directory have at least 2 hard links?  Well how did you move up one level in the directory structure to the parent (i.e. ..) and how do you indicate the present directory (i.e. .) => 2 links :).

Field 4 – Owner:

This field specifies owner of the file. In my example, all files are owned by jameslooby.

Field 5 – Group:

This field specifies the file’s group (i.e. work group). In my example, all files belong to group jameslooby but we will work with this in the future as this is a powerful and secure mechanism to facilitate work groups.

Field 6 – File Size:

This field specifies the size of file. In my example, biglist is 66 bytes.  Go back and perform a word count on biglist and see what it tells you.

Field 7 – Last modified date & time:

This field specifies the date and time of the last modification of the file. As you can see I worked on this lab on July 4 before and after the beach – :).

Field 8 – File name: 

The last field displays the name of the file.

Exercise 6a

In your ciss100/FirstnameLastname directory create a subdirectory titled submenu.

You realize you made a mistake so remove the directory titled submenu

Create two separate subdirectories titled submenu1 and submenu2.

Perform a long listing

Take a screenshot and paste it into your .odt document expanding the Terminal window as necessary to show me that you created and deleted the original submenu directory.

6.2 Modifying Access Rights

chmod (changing a file mode)

Only the owner of a file can use chmod to change the permissions of a file. The options of chmod are as follows

Symbol Meaning
u
user
g
group
o
other
a
all
r
read
w
write (and delete)
x
execute (and access directory)
+
add permission
take away permission

For example, to remove read write and execute permissions on the file biglist for the group and others, type

$ chmod go-rwx biglist

This will leave the other permissions unaffected.

To give read and write permissions on the file biglist to all,

$ chmod a+rw biglist

Note: do not make a non-executable file (e.g. textfile) executable using chmod even though it may let you.

Exercise 6b

Change the access permissions of biglist as I did above (section 6.2), perform a long listing, take a screenshot and paste this into your .odt file.

Summary

ls -lag list access rights for all files
chmod [optionsfile change access rights for named file

Leave a Reply