Introduction
In any multi-user operating system like Linux, file permissions are a critical security feature. They control who can read, write, or execute files, ensuring that users can only access the data they are authorized to. Understanding how to manage these permissions is a fundamental skill for any Linux user, developer, or system administrator.
In this lab, you will get hands-on experience with the essential commands for managing file permissions. You will learn how to:
- Create a new file using the
touchcommand. - Modify file permissions using the
chmodcommand with numeric (octal) notation. - Change the owner and group of a file using the
chowncommand. - Verify changes using the
ls -lcommand. - Set standard permissions for a directory.
By the end of this lab, you will be comfortable with the basic principles of file and directory permissions in Linux.
Create Test File with touch /tmp/testfile Command
In this step, you will begin by creating an empty file that we will use for the rest of the lab. The standard command for creating an empty file in Linux is touch. This command creates the file if it does not exist, or updates its modification timestamp if it already exists.
We will create our test file in the /tmp directory, which is a standard location for temporary files.
Execute the following command in your terminal to create a file named testfile:
touch /tmp/testfile
The command will not produce any output if it is successful. You can optionally verify that the file has been created by listing it with ls /tmp/testfile.
Set Permissions with chmod 644 /tmp/testfile Command
In this step, you will learn how to change the permissions of the file you just created. The chmod (change mode) command is used for this purpose. Permissions can be set using symbolic or numeric (octal) notation. Here, we will use the numeric method, which is very common.
In numeric notation, permissions are represented by a three-digit number, corresponding to the owner, group, and other users, respectively. Each permission has a value:
4for read (r)2for write (w)1for execute (x)
We will set the permissions to 644, which is a very common setting for files. This translates to:
- Owner:
6(4+2) -> read and write (rw-) - Group:
4-> read-only (r--) - Others:
4-> read-only (r--)
Now, run the following command to apply these permissions to your test file:
chmod 644 /tmp/testfile
This command will not produce any output. In a later step, we will verify that the permissions have been correctly applied.
Change Owner with chown root:root /tmp/testfile Command
In this step, you will change the ownership of the file. The chown (change owner) command is used to change the user and/or group that owns a file. The syntax is chown user:group filename.
Changing a file's owner to another user (like root) is a privileged operation that requires administrative rights. You will need to use the sudo command to execute chown with the necessary permissions. In this LabEx environment, the labex user can use sudo without a password.
Let's change the owner and group of /tmp/testfile to root. Execute the following command:
sudo chown root:root /tmp/testfile
Again, a successful command will not produce any output. This action ensures that the file is now owned by the system's administrative user.
Verify with ls -l /tmp/testfile Command
In this step, you will verify all the changes you have made so far. The ls -l command provides a "long listing" format that displays detailed information about files, including permissions, owner, group, size, and modification date.
Run the following command to inspect /tmp/testfile:
ls -l /tmp/testfile
You should see an output similar to this (the date and time will vary):
-rw-r--r-- 1 root root 0 Oct 22 15:13 /tmp/testfile
Let's break down this output:
-rw-r--r--: These are the file permissions. The first character-indicates it's a regular file.rw-shows the owner (root) has read and write permissions. The nextr--shows the group (root) has read-only permission. The finalr--shows that all other users also have read-only permission. This matches the644you set.root root: This shows the file owner and group, which you changed toroot.
You have now successfully created a file, set its permissions, and changed its ownership.
Secure Directory with chmod 755 /tmp/testdir Command
In this final step, you will set permissions on a directory. Directory permissions are similar to file permissions, but the execute bit (x) has a special meaning: it grants the ability to enter the directory and access files within it.
A common and secure permission setting for directories is 755. Let's break it down:
- Owner:
7(4+2+1) -> read, write, and execute (rwx). The owner can list, create/delete files, and enter the directory. - Group:
5(4+1) -> read and execute (r-x). Group members can list files and enter the directory, but cannot create or delete files. - Others:
5(4+1) -> read and execute (r-x). Other users can also list files and enter the directory.
A directory named /tmp/testdir was created for you at the start of this lab. Now, apply the 755 permissions to it using the chmod command.
chmod 755 /tmp/testdir
You can verify the change with ls -ld /tmp/testdir. The -d flag is important to list the directory's details itself, not its contents.
Summary
Congratulations on completing this lab! You have successfully practiced the fundamental skills for managing file and directory permissions in a Linux environment.
In this lab, you learned how to:
- Create an empty file with
touch. - Use
chmodwith numeric (octal) codes like644for files and755for directories to control access. - Use
sudo chownto change the owner and group of a file. - Use
ls -lto inspect and verify file permissions and ownership.
These commands are essential tools for securing your files and maintaining a well-organized system. Mastering them is a key step toward becoming proficient with Linux.
