Free Hosting Online for WorkStations

< Previous | Contents | Next >

3.4.4. Managing Rights‌


Linux is a multi-user system so it is necessary to provide a permissions system to control the set of authorized operations on files and directories, which includes all the system resources and devices (on a Unix system, any device is represented by a file or directory). This principle is common to all Unix-like systems.

Each file or directory has specific permissions for three categories of users:


• Its owner (symbolized by u, as in user)


• Its owner group (symbolized by g, as in group), representing all the members of the group


• The others (symbolized by o, as in other) Three types of rights can be combined:

• reading (symbolized by r, as in read);


• writing (or modifying, symbolized by w, as in write);


• executing (symbolized by x, as in eXecute).


In the case of a file, these rights are easily understood: read access allows reading the content (including copying), write access allows changing it, and execute access allows running it (which will only work if it is a program).


setuid and setgid Two particular rights are relevant to executable files: setuid and setgid (symbolized executables with the letter “s”). Note that we frequently speak of bit, since each of these boolean values can be represented by a 0 or a 1. These two rights allow any user to execute

the program with the rights of the owner or the group, respectively. This mechanism grants access to features requiring higher level permissions than those you would usually have.

Since a setuid root program is systematically run under the super-user identity, it is very important to ensure it is secure and reliable. Any user who manages to subvert a setuid root program to call a command of their choice could then impersonate the root user and have all rights on the system. Penetration testers regularly search for these types of files when they gain access to a system as a way of escalating their privileges.

setuid and setgid Two particular rights are relevant to executable files: setuid and setgid (symbolized executables with the letter “s”). Note that we frequently speak of bit, since each of these boolean values can be represented by a 0 or a 1. These two rights allow any user to execute

the program with the rights of the owner or the group, respectively. This mechanism grants access to features requiring higher level permissions than those you would usually have.

Since a setuid root program is systematically run under the super-user identity, it is very important to ensure it is secure and reliable. Any user who manages to subvert a setuid root program to call a command of their choice could then impersonate the root user and have all rights on the system. Penetration testers regularly search for these types of files when they gain access to a system as a way of escalating their privileges.


A directory is handled differently from a file. Read access gives the right to consult the list of its contents (files and directories); write access allows creating or deleting files; and execute access allows crossing through the directory to access its contents (for example, with the cd command). Being able to cross through a directory without being able to read it gives the user permission to access the entries therein that are known by name, but not to find them without knowing their exact name.



SECURITY The setgid bit also applies to directories. Any newly-created item in such directories

SECURITY The setgid bit also applies to directories. Any newly-created item in such directories


setgid directory and sticky

bit

is automatically assigned the owner group of the parent directory, instead of inherit-

ing the creator’s main group as usual. Because of this, you don’t have to change your main group (with the newgrp command) when working in a file tree shared between several users of the same dedicated group.

The sticky bit (symbolized by the letter “t”) is a permission that is only useful in directories. It is especially used for temporary directories where everybody has write access (such as /tmp/): it restricts deletion of files so that only their owner or the owner of the parent directory can delete them. Lacking this, everyone could delete other users’ files in /tmp/.

setgid directory and sticky

bit


Three commands control the permissions associated with a file:

chown user file changes the owner of the file


TIP Frequently you want to change the group of a file at the same time that you

TIP Frequently you want to change the group of a file at the same time that you


Changing the user and

group

change the owner. The chown command has a special syntax for that: chown

user:group file

Changing the user and

group

chgrp group file alters the owner group

chmod rights file changes the permissions for the file

There are two ways of representing rights. Among them, the symbolic representation is probably the easiest to understand and remember. It involves the letter symbols mentioned above. You can define rights for each category of users (u/g/o), by setting them explicitly (with =), by adding

(+), or subtracting (-). Thus the u=rwx,g+rw,o-r formula gives the owner read, write, and execute rights, adds read and write rights for the owner group, and removes read rights for other users. Rights not altered by the addition or subtraction in such a command remain unmodified. The letter a, for all, covers all three categories of users, so that a=rx grants all three categories the same rights (read and execute, but not write).

The (octal) numeric representation associates each right with a value: 4 for read, 2 for write, and 1 for execute. We associate each combination of rights with the sum of the three figures, and a value is assigned to each category of users, in the usual order (owner, group, others).

For instance, the chmod 754 file command will set the following rights: read, write and execute for the owner (since 7 = 4 + 2 + 1); read and execute for the group (since 5 = 4 + 1); read-only for others. The 0 means no rights; thus chmod 600 file allows for read and write permissions for the owner, and no rights for anyone else. The most frequent right combinations are 755 for executable files and directories, and 644 for data files.

To represent special rights, you can prefix a fourth digit to this number according to the same principle, where the setuid, setgid, and sticky bits are 4, 2, and 1, respectively. The command chmod 4754 will associate the setuid bit with the previously described rights.

Note that the use of octal notation only allows you to set all the rights at once on a file; you cannot use it to add a new right, such as read access for the group owner, since you must take into account the existing rights and compute the new corresponding numerical value.

The octal representation is also used with the umask command, which is used to restrict permis- sions on newly created files. When an application creates a file, it assigns indicative permissions, knowing that the system automatically removes the rights defined with umask. Enter umask in a shell; you will see a mask such as 0022. This is simply an octal representation of the rights to be systematically removed (in this case, the write rights for the group and other users).

If you give it a new octal value, the umask command modifies the mask. Used in a shell initial- ization file (for example, ~/.bash_profile), it will effectively change the default mask for your work sessions.


TIP Sometimes we have to change rights for an entire file tree. All the commands above

TIP Sometimes we have to change rights for an entire file tree. All the commands above


Recursive operation

have a -R option to operate recursively in sub-directories.

The distinction between directories and files sometimes causes problems with recur- sive operations. That is why the “X” letter has been introduced in the symbolic repre- sentation of rights. It represents a right to execute which applies only to directories (and not to files lacking this right). Thus, chmod -R a+X directory will only add execute rights for all categories of users (a) for all of the sub-directories and files for which at least one category of user (even if their sole owner) already has execute rights.

Recursive operation

Top OS Cloud Computing at OnWorks: