A free Basic UNIX-training with muLinux

Permissions and File Properties

With several users operating the system together there must be an ownership concept for processes, files and directories so that user A cannot modify files of user B.

The File /etc/passwd

All authorized users are stored in the file /etc/passwd. Before a new user receives access to the system, his user name must be entered here by the superuser. The file /etc/passwd is, like all files in the directory /, a text file (ASCII). To display the contents of ASCII files use the command cat :

/# cat /etc/passwd

The contents of the file may be viewed with the following command sequence:

/# cd /etc
/etc# cat passwd

Viewing the contents of the file /etc/passwd, notice that there is a line for each authorized user. This data record covers several fields, separated by colons.

The first field contains the log in name of the user. We have logged ourselves in as superuser root, and that user name appears here. In addition, there are user names, which do not represent a real person. Many processes under Unix require special user names with defined rights.

The second field contains the encoded password of the user. Under muLinux it is normal to find the user craxi with a password. If there is no character between the first and second colon, no password is assigned. If an asterisk is there, then the password is stored in the file /etc/shadow with this version of Unix. One can delete the encoded password with a text editor, if one possesses write privileges to this file.

Between the next set of colons is the user number (UID: User identification descriptor). Each user receives a unique number from the system. The user root always has the UID 0 (zero).

Afterwards comes the group number ( GID: Group identification descriptor). Users of a group can receive permissions on files and directories collectively.

The next field is a comment field . Here the complete name, telephone number, etc. may be entered. This information can be queried via Internet.

Now the home directory is specified. This directory, with exception of the user root, is stored in the directory /home.

The last field we find is the initialization program . After the user has logged in, a Shell is started. This is the program that interprets the input commands.

File Characteristics

Each file and each directory are assigned one user and a group. Each file is assigned fixed permissions for the owner, the group, and all others. These are file characteristics and these can only be modified by the owner, usually the creator, or the superuser, (root), who has permission over everything.

In each case read and write permissions are assigned for the owner, the group, and others. These permissions determine who may read, write, or execute a file.

In order to view these file characteristics we must use the instruction ls with the option -l ( l output with detailed information, verbose):

/# cd /
/# ls - l
 total 25
drwxr-xr-x   2 craxi    psi          1024 Jun 17  1998 a/
drwxr-xr-x   2 craxi    psi          2048 Apr 29 13:41 bin/
drwxr-xr-x   2 craxi    psi          1024 Nov 21  1998 c/
drwxr-xr-x   2 craxi    psi          1024 Mar 16  1998 cdrom/
drwxr-xr-x   2 craxi    psi          3072 May 24 22:37 dev/
drwxr-xr-x   4 craxi    psi          1024 Oct 24 07:54 etc/
drwxr-xr-x   4 craxi    psi          1024 Oct 26  1998 home/
drwxr-xr-x   2 craxi    psi          1024 Dec  8  1998 lib/
-rwxr-xr-x   1 craxi    psi          2341 May 17 15:25 linuxrc*
drwxr-xr-x   3 craxi    psi          1024 Oct  7  1998 mnt/
drwxr-xr-x   2 craxi    psi          1024 Jun 17  1998 nfs/
dr-xr-xr-x   5 root     root            0 Oct 24 07:54 proc/
drwxr-xr-x   2 craxi    psi          1024 Oct 30  1998 root/
drwxr-xr-x   2 craxi    psi          1024 Jan 15  1999 samba/
drwxr-xr-x   2 craxi    psi          1024 Sep 16  1998 sbin/
drwxr-xr-x   4 craxi    psi          1024 Nov 12  1998 setup/
drwxr-xr-x   2 root     root         1024 Oct 24 07:48 startup/
drwxr-xr-x   2 root     root         1024 Mar 20  1999 swap/
drwxrwxrwx   3 root     root         1024 Oct 24 14:10 tmp/
drwxr-xr-x  13 root     root         1024 May 24 22:36 usr/
drwxr-xr-x  10 craxi    psi          1024 Nov 21  1998 var/
                                                       |
                                          |            filename
                                     |    date of last modification
                        |            file size in bytes
              |         group
            | owner
 |          number of links (more on this later)
 permissions (see below)
|
file type:
d, directory
-, normal file
b,c device files in the directory /dev (see there)
l, link (reference) to another file

As we see, each file or directory has an owner and is assigned to a group. File permissions are not as important with muLinux as they are on a standard Unix system, as the muLinux user is generally logged in as root and has absolute authority over everything. File permissions consist of 9 characters:

rwxrwxrwx

It is actually three sets of triplets, each containing the characters rwx. In addition, a hyphen - can be used to indicate no permission.

r Read permission
w Write permission
x Permission for executing programs or scripts or opening directories

If the respective authorizations are set, the appropriate letter appears, otherwise a hyphen appears.

The three triplets represent the permissions for the owner ( user), the group ( group) and others ( others). Here is an example:

rw-r ----

A file with such permissions can be read and written to /modified by the owner. All members of the group can read the file. All others can neither read nor modify the file, and cannot execute it at all.

Changing Permissions

Permissions can be modified only by the owner of the file. The command used to do this is chmod ( CHange mode) . In the simplest form, the command is used like this:

#/ chmod permission-symbol file/directory name

The permissions to be set are specified using an accesss symbol, u, g or o ( u ser,  g roup or  o ther). One of the two operators is used for setting + or for removing - an attribute. The operator is placed before one of the letters r , w or x indicating which attribute is to be set.

Consider the following example:

#/ chmod o -r /a

For the directory /a,the read permission for others, who are not in my group, is removed. Others can not read this directory. We cannot test this with muLinux, since we are always superuser (root). We can see the modifications as we make them, using the command ( Cursor key up-arrow ), ls - l .

/# ls -l
  totally 25
drwxr-x--x 2  craxi  psi 1024 June 17 1998 a /

To allow group write permissions :

#/ chmod g+w /a

/# ls -l
  totally 25
drwxrwx-x  2 craxi psi 1024 June 17 1998 a/
...

This was our first view of the Unix permissions system. These principles are built into the system, not added as with some other operating systems. Thus Unix has some inherent protection against system intrusion by hackers and viruses can not spread as easily through the system.

With Unix or Linux practically no virus dangers exist.