Linux File Permissions and Management Guide

Linux File Permissions and  Management Guide

Learn how to control file access and manage  accounts in Linux with our guide.

Explore file permissions, chmod, chown,  management, and more

Linux file permissions are a crucial aspect of managing files and directories on a Unix-based system, like Linux.

They determine who can read, write, and execute a file or directory. Permissions are usually represented in the form of a 10-character string, where the first character represents the file type, and the remaining nine characters are divided into three groups of three, each representing the permission set for the owner, group, and others.

Here’s an introduction to some common Linux commands related to file permissions, along with code examples:

ls – List Files

• The ls command is used to list the files and directories in a directory. It also displays file permissions.

ls -l

Example output:

-rw-r–r– 1   1024 Nov 1 10:00 myfile.txt

drwxr-xr-x 2   4096 Nov 1 10:01 mydir

In the output, the file permissions are displayed as rw-r–r–, where the first character indicates the file type (‘-‘ for a regular file and ‘d’ for a directory), and the remaining nine characters represent the permissions.

chmod – Change File Permissions

• The chmod command is used to change file permissions.
• You can modify permissions using symbolic or octal notation.
• To add read and write permissions for the owner of a file:

chmod u+rw myfile.txt

• To remove write permissions for others:

chmod o-w myfile.txt

• To set permissions using octal notation (e.g., read, write, and execute for the owner, and read-only for others):

chmod 744 myfile.txt

chown – Change File Ownership

• The chown command is used to change the owner and group of a file or directory.
• Change the owner of a file to a different :

chown new myfile.txt

• Change the group of a file to a different group:

chown :newgroup myfile.txt

 chgrp – Change Group Ownership

• The chgrp command is used to change the group ownership of a file or directory.

chgrp newgroup myfile.txt

umask – Set Default Permissions

• The umask command is used to set the default permissions for newly created files and directories.

To set a default umask for a  to allow read and write for themselves and read-only for others:

umask 022

ls – List Files

List files and directories, displaying file permissions, ownership, and other details.

Example:

ls -l

chmod – Change File Permissions

Modify file permissions using symbolic or octal notation.

Example (add read and write permissions for the owner):

chmod u+rw myfile.txt

chown – Change File Ownership

Change the owner and/or group of a file or directory.

Example (change the owner of a file):

chown new myfile.txt

chgrp – Change Group Ownership

Change the group ownership of a file or directory.

Example (change the group of a file):

chgrp newgroup myfile.txt

 umask – Set Default Permissions

Set default permissions for newly created files and directories.

Example (set a default umask):

umask 022

passwd – Change  Password

Change a ‘s password.

Example:

passwd name

su – Switch

Switch to another  account with super privileges.

Example (switch to the root ):

su

sudo – Execute a Command with Super Privileges

Run a command with super (root) privileges.

Example (update system packages with sudo):

sudo apt update

chown – Change Ownership Recursively

Change ownership recursively for a directory and its contents.

Example (change owner and group recursively):

chown -R new:newgroup mydirectory/

find – Search for Files and Directories

Search for files and directories based on various criteria, including permissions.

Example (find files with specific permissions):

find /path/to/search -type f -perm 644

• These commands are fundamental for managing file permissions, ownership, and access control on a Linux system.
• Always use these commands with caution, especially when working with system-critical files and directories to avoid unintended consequences.

umask – Display Current umask

Display the current umask value, which controls default permissions for new files and directories.

Example:

umask

id – Display  and Group Information

Display the  and group information for the current .

Example:

id

groups – List  Groups

List the groups to which the current  belongs.

Example:

groups

setfacl – Set File Access Control Lists

Set access control lists (ACLs) for files and directories to provide fine-grained access control.

Example (add read permission for a specific ):

setfacl -m u:name:r myfile.txt

getfacl – Get File Access Control Lists

Display the access control lists (ACLs) for a file or directory.

Example:

getfacl myfile.txt

setgid – Set Group ID on Execution

Set the set group ID (SGID) on a directory to ensure new files inherit the group ownership of the directory.

Example:

chmod g+s mydirectory/

sticky – Set the Sticky Bit

Set the sticky bit on a directory to restrict file deletion to the file owner.

chmod +t mydirectory/

passwd – Change Group Password

Change the password for a group.

Example:

sudo passwd groupname

add – Add a New

Create a new  account on the system.

Example:

sudo add new

del – Delete a

Delete a  account and associated files from the system.

Example:

sudo del old

mod – Modify  Account

Modify  account properties, including group membership and  ID.

Example (add  to a group):

sudo mod -aG newgroup new

chattr – Change File Attributes

Change file attributes to make files immutable or append-only.

Example (set a file as immutable):

chattr +i myfile.txt

These additional Linux commands provide more advanced options for managing file permissions,  accounts, and access control on your system.

Use them as needed to meet your specific requirements and maintain the security and integrity of your files and directories.

Here are some more Linux commands related to file permissions and  management:

getent – Get Entries from Administrative Databases

Retrieve entries from various administrative databases, including  and group information.

Example (get  information):

getent passwd name

passwd – Set Password Expiration and Aging Information

Set password expiration and aging information for a  account.

Example (set password expiration date for a ):

chage -E 2024-12-31 name

 

sudoers – Edit the sudoers File

Edit the sudoers file to configure sudo access and permissions for s and groups.

Example (edit the sudoers file):

sudo visudo

newgrp – Change the Effective Group ID

Change the effective group ID for the current  session.

Example:

newgrp newgroup

groups – Display ‘s Groups

Display the group memberships for a specific .

Example:

groups name

setuid – Set  ID on Execution

Set the set  ID (SUID) on an executable file to run with the owner’s privileges.

Example:

chmod u+s myprogram

passwd -l – Lock  Account

Lock a  account to prevent login access.

Example:

sudo passwd -l name

passwd -u – Unlock  Account

Unlock a previously locked  account.

Example:

sudo passwd -u name

nologin – Prevent  Login

Set the ‘s shell to /usr/sbin/nologin to prevent login access.

Example:

sudo mod --shell /usr/sbin/nologin name

su – Change  and Group

Change the effective  and group by specifying them with the -u and -g options.

Example:

su -u new -g newgroup

who – Display Information About Logged-In s

Show information about s who are currently logged in.

Example:

who

These additional Linux commands offer various functionalities for managing  accounts, access control, and security settings on your system. Use them as needed based on your specific requirements and system administration tasks.

 Quiz with answers

Here’s a quiz about the Linux commands related to file permissions and  management, along with the answers:

Quiz: Linux File Permissions and  Management

1-What command is used to list files and directories with their permissions, ownership, and other details?

a) cat

b) ls

c) dir

d) fileinfo

Answer: b) ls

2-Which command is used to change file permissions?

a) modfile

b) chown

c) chmod

d) setperm

Answer: c) chmod

3-How can you add read and write permissions for the owner of a file using chmod?

a) chmod u+rw myfile.txt

b) chmod o+rw myfile.txt

c) chmod g+rw myfile.txt

d) chmod a+rw myfile.txt

Answer: a) chmod u+rw myfile.txt

4-Which command is used to change the ownership of a file or directory?

a) changeown

b) chown

c) change

d) ownerchange

Answer: b) chown

5-What is the purpose of the umask command in Linux?

a) Display current and group information.

b) Set the default permissions for newly created files and directories.

c) Change the password for a .

d) Switch

Answer: b) Set the default permissions for newly created files and directories.

6-Which command is used to set access control lists (ACLs) for files and directories in Linux?

a) aclset

b) getfacl

c) setfacl

d) accessctl

Answer: c) setfacl

7-What does the sticky bit do when set on a directory in Linux?

a) Prevents the directory from being accessed by anyone.

b) Restricts file deletion to the file owner.

c) Allows anyone to modify files in the directory.

d) Enables read-only access for all s.

Answer: b) Restricts file deletion to the file owner.

8-Which command is used to edit the sudoers file and configure sudo access and permissions for s and groups?

a) sudoedit

b) visudo

c) sudoconfig

d) editsudo

Answer: b) visudo

9-How can you lock a  account in Linux to prevent login access?

a) passwd -s lock name

b) lock -l name

c) passwd -l name

d) mod -l name

Answer: c) passwd -l name

10-Which command displays information about s who are currently logged in?

a) whoami

b) logininfo

c) who

d) list

Answer: c) who

11-What is the purpose of the chgrp command in Linux?

a) Change the group password.

b) Change the owner of a file.

c) Change the group ownership of a file or directory.

d) Change the default permissions for new files.

Answer: c) Change the group ownership of a file or directory.

12-Which command allows you to set the set group ID (SGID) on a directory?

a) setgid

b) sgid

c) chmod g+s

d) sgidset

Answer: c) chmod g+s

13-What is the purpose of the sticky bit on a directory in Linux?

a) Prevents the directory from being accessed.

b) Restricts file deletion to the directory owner.

c) Allows any to modify files in the directory.

d) Sets read-only access for all s.

Answer: b) Restricts file deletion to the directory owner.

14-Which command is used to get entries from administrative databases, including  and group information?

a) getent

b) lookup

c) admindb

d) getdb

Answer: a) getent

15-What is the purpose of the passwd -u command in Linux?

a) Set the password for a .

b) Unlock a previously locked

c) Set password expiration and aging information.

d) Change the default

Answer: b) Unlock a previously locked  account.

16-Which command is used to display  group memberships?

a) groups

b) showgroups

c) listgroups

d) groupinfo

Answer: a) groups

17-What does the set  ID (SUID) do when set on an executable file in Linux?

a) Allows execution by any .

b) Sets the ‘s identity to the file owner’s identity.

c) Gives execute permissions to the group.

d) Makes the file immutable.

Answer: b) Sets the ‘s identity to the file owner’s identity.

18-Which command is used to change the effective  and group for the current session?

a) switch

b) chgusrgrp

c) set

d) newgrp

Answer: d) newgrp

19-How can you change the effective  and group using the su command?

a) su -u new -g newgroup

b) su -u new

c) su -g newgroup

d) su new

Answer: a) su -u new -g newgroup

20-Which command is used to prevent  login access by setting the ‘s shell to /usr/sbin/nologin?

a) nologin

b) nologin

c) noaccess

d) denylogin

Answer: a) nologin