Linux Permission Modifying

Introduction

Linux file permissions are a fundamental security feature that control how files and directories can be accessed, modified, and executed by different users. Understanding and effectively managing these permissions is essential for maintaining system security and proper resource sharing.

In this lab, you will learn how to view, set, and modify file permissions using the chmod command. The chmod command allows administrators to control who can read, write, or execute specific files, ensuring that sensitive data remains protected while necessary resources remain accessible to authorized users.

By the end of this lab, you will be able to create files with specific permissions, modify existing file permissions, and assign group-based access controls - skills that are crucial for any Linux system administrator or user.

This is a Guided Lab, which provides step-by-step instructions to help you learn and practice. Follow the instructions carefully to complete each step and gain hands-on experience. Historical data shows that this is a beginner level lab with a 97.22% completion rate. It has received a 100% positive review rate from learners.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux(("Linux")) -.-> linux/FileandDirectoryManagementGroup(["File and Directory Management"]) linux(("Linux")) -.-> linux/UserandGroupManagementGroup(["User and Group Management"]) linux(("Linux")) -.-> linux/BasicSystemCommandsGroup(["Basic System Commands"]) linux/BasicSystemCommandsGroup -.-> linux/echo("Text Display") linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/touch("File Creating/Updating") linux/BasicFileOperationsGroup -.-> linux/chown("Ownership Changing") linux/BasicFileOperationsGroup -.-> linux/chmod("Permission Modifying") linux/FileandDirectoryManagementGroup -.-> linux/cd("Directory Changing") linux/UserandGroupManagementGroup -.-> linux/groupadd("Group Adding") subgraph Lab Skills linux/echo -.-> lab-271241{{"Linux Permission Modifying"}} linux/ls -.-> lab-271241{{"Linux Permission Modifying"}} linux/touch -.-> lab-271241{{"Linux Permission Modifying"}} linux/chown -.-> lab-271241{{"Linux Permission Modifying"}} linux/chmod -.-> lab-271241{{"Linux Permission Modifying"}} linux/cd -.-> lab-271241{{"Linux Permission Modifying"}} linux/groupadd -.-> lab-271241{{"Linux Permission Modifying"}} end

Understanding Linux File Permissions

Linux implements a permissions system that allows fine-grained control over who can access files and directories and what actions they can perform. In this step, you'll learn about how Linux permissions work and how to view them.

First, navigate to the working directory where you'll perform all operations for this lab:

cd ~/project

Let's create a sample file to examine its permissions:

touch sample_file.txt

To view the permissions of this file, use the ls command with the -l option:

ls -l sample_file.txt

You should see output similar to this:

-rw-rw-r-- 1 labex labex 0 Oct 25 12:34 sample_file.txt

Let's break down this output:

The first character (-) indicates the file type. A dash (-) represents a regular file, while d would indicate a directory.
The next nine characters represent the file permissions in three groups of three:
- The first three characters (rw-) show the owner's permissions
- The next three (rw-) show the group's permissions
- The last three (r--) show permissions for all other users
In each group, the three positions represent:
- r for read permission
- w for write permission
- x for execute permission
- - indicates that the permission is not granted
Following the permissions are other details like the number of links, owner name, group name, file size, last modification date/time, and the filename.

Linux permission bits can also be represented numerically:

Read (r) = 4
Write (w) = 2
Execute (x) = 1

By adding these values together, you can represent any permission combination as a single digit:

rwx = 4+2+1 = 7
rw- = 4+2+0 = 6
r-x = 4+0+1 = 5
r-- = 4+0+0 = 4

This becomes important when we use the chmod command with numeric mode in later steps.

Creating Files with Specific Permissions

In this step, you'll create a new file and set its initial permissions to restrict access to only the owner. This is useful when creating files that contain sensitive information that should not be accessible to other users.

First, create a new file called secure_file.txt:

touch secure_file.txt

Now, let's add some content to the file:

echo "This file contains secure information." > secure_file.txt

By default, most Linux systems create files with permissions that allow the owner and group to read and write, while others can only read. Let's check the current permissions:

ls -l secure_file.txt

You should see output similar to:

-rw-rw-r-- 1 labex labex 37 Oct 25 12:40 secure_file.txt

For a file containing sensitive information, we want to restrict access to only the owner. We'll use the chmod command with numeric mode to set the permissions to 600, which means:

Owner: Read and Write (6 = 4+2)
Group: No permissions (0)
Others: No permissions (0)

Run the following command to change the permissions:

chmod 600 secure_file.txt

Now check the permissions again:

ls -l secure_file.txt

The output should now show:

-rw------- 1 labex labex 37 Oct 25 12:40 secure_file.txt

Notice how the permissions have changed - now only the owner (labex user) has read and write permissions, while group members and other users have no access to this file.

Let's try to create another file, but this time we'll set the permissions at creation time using a different technique.

First, create a new file called public_file.txt with content:

echo "This file is readable by everyone." > public_file.txt

Now, let's make this file readable by everyone but only writable by the owner:

chmod 644 public_file.txt

Check the permissions:

ls -l public_file.txt

You should see:

-rw-r--r-- 1 labex labex 33 Oct 25 12:45 public_file.txt

This permission set (644) is commonly used for public files that everyone should be able to read, but only the owner can modify.

Using Symbolic Mode with chmod

In the previous step, you used numeric mode to set permissions. Now, let's explore the symbolic mode, which provides a more intuitive way to modify permissions.

Symbolic mode uses letters and symbols to represent users and permissions:

u - User (owner)
g - Group
o - Others (everyone else)
a - All (equivalent to ugo)

And the permission symbols:

r - Read
w - Write
x - Execute

Let's create a script file to practice with:

touch my_script.sh

Add a simple command to the script:

echo '#!/bin/bash' > my_script.sh
echo 'echo "Hello from the script!"' >> my_script.sh

Check the current permissions:

ls -l my_script.sh

You should see that the script is not executable:

-rw-rw-r-- 1 labex labex 44 Oct 25 12:50 my_script.sh

To make the script executable for the owner, use:

chmod u+x my_script.sh

This adds (+) execute (x) permission for the user/owner (u).

Check the permissions again:

ls -l my_script.sh

You should now see:

-rwxrw-r-- 1 labex labex 44 Oct 25 12:50 my_script.sh

Now, let's make it executable for everyone:

chmod a+x my_script.sh

This adds execute permission for all users (owner, group, and others).

Check permissions again:

ls -l my_script.sh

You should see:

-rwxrwxr-x 1 labex labex 44 Oct 25 12:50 my_script.sh

Let's run the script:

./my_script.sh

You should see:

Hello from the script!

You can also remove permissions using the - operator. For example, to remove write permission for group and others:

chmod go-w my_script.sh

Check the permissions:

ls -l my_script.sh

You should see:

-rwxr-xr-x 1 labex labex 44 Oct 25 12:50 my_script.sh

You can also set multiple permissions at once. For example, to give read and execute permissions to everyone but write permission only to the owner:

chmod u=rwx,go=rx my_script.sh

This sets (=) the specific permissions for each category.

Check the permissions one more time:

ls -l my_script.sh

The result should be the same as before:

-rwxr-xr-x 1 labex labex 44 Oct 25 12:50 my_script.sh

Working with Group Permissions

Linux allows files to be associated with groups, enabling collaborative access control. In this step, you'll learn how to create a group, change a file's group ownership, and set appropriate group permissions.

First, let's create a new group. In a real-world scenario, this might represent a department or project team:

sudo groupadd developers

Now, let's create a file that will be shared with this group:

touch shared_config.txt
echo "## Development configuration settings" > shared_config.txt
echo "debug_mode=true" >> shared_config.txt
echo "log_level=verbose" >> shared_config.txt

Currently, this file belongs to your user and your primary group. Let's check:

ls -l shared_config.txt

You should see output similar to:

-rw-rw-r-- 1 labex labex 61 Oct 25 13:00 shared_config.txt

To change the group ownership of the file to the developers group, use the chown command:

sudo chown labex:developers shared_config.txt

The syntax is chown user:group filename. Here, we're keeping the user as labex but changing the group to developers.

Check the ownership now:

ls -l shared_config.txt

You should see:

-rw-rw-r-- 1 labex developers 61 Oct 25 13:00 shared_config.txt

Notice that the group has changed to developers, but the permissions are still the same. Let's modify them to allow group members to read but not write, while preventing access from others:

chmod 640 shared_config.txt

This sets:

Owner: Read and write (6 = 4+2)
Group: Read only (4)
Others: No permissions (0)

Check the permissions again:

ls -l shared_config.txt

You should now see:

-rw-r----- 1 labex developers 61 Oct 25 13:00 shared_config.txt

Now members of the developers group can read this configuration file, but they cannot modify it. Users who are not in the developers group cannot access the file at all.

You can also use symbolic mode to achieve the same result:

chmod u=rw,g=r,o= shared_config.txt

This command explicitly sets:

User/owner: Read and write
Group: Read only
Others: No permissions

To add a user to the developers group, you would typically use:

sudo usermod -a -G developers username

However, this is beyond the scope of this particular lab, as it would require creating additional user accounts.

Summary

In this lab, you have learned the essential concepts and practices of Linux file permissions. Here's a recap of what you've accomplished:

You've gained an understanding of how Linux permission models work, including the concepts of read, write, and execute permissions for users, groups, and others.
You've created files with specific permissions, learning to use the chmod command with numeric mode to set appropriate access levels for different types of files.
You've explored the symbolic mode of the chmod command, which provides a more intuitive approach to adding, removing, or setting specific permissions.
You've worked with group permissions, learning how to create groups, change file group ownership, and set appropriate group-level access controls.

These skills are fundamental for maintaining security and controlling access in Linux systems. Whether you're managing server configurations, developing software, or simply organizing your personal files, understanding how to properly set and modify file permissions is an essential skill for any Linux user.

As you continue working with Linux, remember that proper permission management is a key component of system security. Always follow the principle of least privilege - give users and processes only the permissions they need to perform their tasks, and no more.