Implementing File Permissions

Introduction

In any multi-user operating system like Linux, file permissions are a critical security feature. They control who can read, write, or execute files, ensuring that users can only access the data they are authorized to. Understanding how to manage these permissions is a fundamental skill for any Linux user, developer, or system administrator.

In this lab, you will get hands-on experience with the essential commands for managing file permissions. You will learn how to:

• Create a new file using the touch command.
• Modify file permissions using the chmod command with numeric (octal) notation.
• Change the owner and group of a file using the chown command.
• Verify changes using the ls -l command.
• Set standard permissions for a directory.

By the end of this lab, you will be comfortable with the basic principles of file and directory permissions in Linux.

Create Test File with touch /tmp/testfile Command

In this step, you will begin by creating an empty file that we will use for the rest of the lab. The standard command for creating an empty file in Linux is touch. This command creates the file if it does not exist, or updates its modification timestamp if it already exists.

We will create our test file in the /tmp directory, which is a standard location for temporary files.

Execute the following command in your terminal to create a file named testfile:

touch /tmp/testfile

The command will not produce any output if it is successful. You can optionally verify that the file has been created by listing it with ls /tmp/testfile.

Set Permissions with chmod 644 /tmp/testfile Command

In this step, you will learn how to change the permissions of the file you just created. The chmod (change mode) command is used for this purpose. Permissions can be set using symbolic or numeric (octal) notation. Here, we will use the numeric method, which is very common.

In numeric notation, permissions are represented by a three-digit number, corresponding to the owner, group, and other users, respectively. Each permission has a value:

• 4 for read (r)
• 2 for write (w)
• 1 for execute (x)

We will set the permissions to 644, which is a very common setting for files. This translates to:

• Owner: 6 (4+2) -> read and write (rw-)
• Group: 4 -> read-only (r--)
• Others: 4 -> read-only (r--)

Now, run the following command to apply these permissions to your test file:

chmod 644 /tmp/testfile

This command will not produce any output. In a later step, we will verify that the permissions have been correctly applied.

Change Owner with chown root:root /tmp/testfile Command

In this step, you will change the ownership of the file. The chown (change owner) command is used to change the user and/or group that owns a file. The syntax is chown user:group filename.

Changing a file's owner to another user (like root) is a privileged operation that requires administrative rights. You will need to use the sudo command to execute chown with the necessary permissions. In this LabEx environment, the labex user can use sudo without a password.

Let's change the owner and group of /tmp/testfile to root. Execute the following command:

sudo chown root:root /tmp/testfile

Again, a successful command will not produce any output. This action ensures that the file is now owned by the system's administrative user.

Verify with ls -l /tmp/testfile Command

In this step, you will verify all the changes you have made so far. The ls -l command provides a "long listing" format that displays detailed information about files, including permissions, owner, group, size, and modification date.

Run the following command to inspect /tmp/testfile:

ls -l /tmp/testfile

You should see an output similar to this (the date and time will vary):

-rw-r--r-- 1 root root 0 Oct 22 15:13 /tmp/testfile

Let's break down this output:

• -rw-r--r--: These are the file permissions. The first character - indicates it's a regular file. rw- shows the owner (root) has read and write permissions. The next r-- shows the group (root) has read-only permission. The final r-- shows that all other users also have read-only permission. This matches the 644 you set.
• root root: This shows the file owner and group, which you changed to root.

You have now successfully created a file, set its permissions, and changed its ownership.

Secure Directory with chmod 755 /tmp/testdir Command

In this final step, you will set permissions on a directory. Directory permissions are similar to file permissions, but the execute bit (x) has a special meaning: it grants the ability to enter the directory and access files within it.

A common and secure permission setting for directories is 755. Let's break it down:

• Owner: 7 (4+2+1) -> read, write, and execute (rwx). The owner can list, create/delete files, and enter the directory.
• Group: 5 (4+1) -> read and execute (r-x). Group members can list files and enter the directory, but cannot create or delete files.
• Others: 5 (4+1) -> read and execute (r-x). Other users can also list files and enter the directory.

A directory named /tmp/testdir was created for you at the start of this lab. Now, apply the 755 permissions to it using the chmod command.

chmod 755 /tmp/testdir

You can verify the change with ls -ld /tmp/testdir. The -d flag is important to list the directory's details itself, not its contents.

Summary

Congratulations on completing this lab! You have successfully practiced the fundamental skills for managing file and directory permissions in a Linux environment.

In this lab, you learned how to:

• Create an empty file with touch.
• Use chmod with numeric (octal) codes like 644 for files and 755 for directories to control access.
• Use sudo chown to change the owner and group of a file.
• Use ls -l to inspect and verify file permissions and ownership.

These commands are essential tools for securing your files and maintaining a well-organized system. Mastering them is a key step toward becoming proficient with Linux.