4.1. Access Rights

Previous page
Table of content
Next page

4.1. Access Rights

Recall the ls -al command. It displays the contents of the directory in the following format: 

 drwx------   3 Flenov   FlencvG     4096 Nov 26 16:10 . drwxr-xr-x   5 root     root        4096 Nov 26 16:21 .. -rwxr-xr--   1 Flenov   FlenovG       24 Nov 26 16:10 test

As you already know, the first column (10 characters wide) displays the access rights. Dissect its contents. The first character indicates the type of entry. It can be one of the following:

  • A dash (-) denotes a regular file.

  • A letter "d" denotes a directory.

  • A letter "l" denotes a symbolic link.

  • A letter "s" denotes a socket.

  • A letter "p" denotes a FIFO file.

It is followed by three groups of rwx characters. These groups indicate the access rights for different user categories. The first triplet indicates the access rights for the file's owner, the second for the users belonging to the user's group , and the third for the rest of the users.

The r character indicates the read rights, the w the write rights, and the x the execution rights. No letter means no corresponding rights. Take a look at a few examples.

The access rights in the first entry in the example are assigned as the drwx------ string. The first character, d , means that the entry is a directory. The next three characters, rwx , mean that the owner of the directory has the read, write, and execute rights for the directory. For the following two owner categories, the access rights are denoted by dashes, meaning that users of the FlenovG group and all other users have no rights for the directory.

The access rights for the second entry are denoted by the drwxr-xr-x string. This is a directory again. The first group, rwx , gives all rights to the directory's owner. The next group, r-x , allows read and execute rights and disallows write rights to the group's members . The last triplet, also r-x , gives the same rights to the group members as to all other users.

The access rights string for the last entry in the example, -rwxr-xr-- , denotes file access rights, as indicated by the first character, the dash. The file's owner has full rights for the file, as indicated by the first access rights triplet, rwx . The members of the file owner's group have read and execute rights but not write rights, as indicated by the second access rights triplet, r-x . The rest of the users can only read the file, as indicated by the last access rights triplet, r-- .

Access rights can also be represented as a sequence of ones and zeros. A one for a certain right means that it is allowed; a zero means that the right is disallowed . Use this notation to write the rights denoted by the rwxr-xr-- string. Replace the rights-granting characters with ones and the rights- denying dashes with zeros. The resulting combination of ones and zeros should be 111101100. Break this sequence into three groups: 111, 101, and 100. Now convert each triplet into the octal notation using the following formula: 

 Digitl * 4 + Digit2 * 2 + Digit3

Consider the digits obtained 7, 5, and 4 as an octal number 754. Remember this number; you will use it when assigning access rights to files and directories. The following is a list of all possible access rights combinations for each position of the octal number (the user type):

  • 0 All operations are disallowed.

  • 1 The execution is allowed.

  • 2 The write is allowed.

  • 3 The write and execution are allowed.

  • 4 The read is allowed.

  • 5 The read and execution are allowed.

  • 6 The read and write are allowed.

  • 7 All operations are allowed.

Try to use this list to determine, which rights for each user type represents number 754. Compare the obtained result with the rights denoted by the rwxr-xr-- string. They should be the same.

Note 

To have the right to create or delete files, the user must have write rights for the directory. Some beginning administrators are confused by why they cannot delete a file even though they have all rights for it.

4.1.1. Setting User Rights

Access rights to file system objects are modified using the chmod command. It can be used to specify new rights to an object in both the symbolic and the digital notation.

First consider the symbolic mode: 

 chmod option rights file

The options argument can contain any combination of the codes for the user type whose rights are being modified. These are the following:

  • u Owner

  • g Group

  • o All other users

  • a All user types (the same as ugo )

The second argument is prefixed by the action undertaken with respect to the existing rights. This can be one of the following:

  • + Add rights

  • - Delete rights

  • = Replace old rights with new rights

The last argument specifies particular rights or a combination of them. These are the following:

  • r Read

  • w Write

  • x Execute

  • X Execute only if the file is a directory or already has execute permission for some user

  • S SUID or SGID bit

  • t Sticky bit, indicating that the file can only be deleted by the file's owner

  • u Rights are granted to the file's owner

  • g Rights are granted to all users who are members of the file owner's group

  • o Rights are granted to users not included in either of the two preceding types

The chmod command used with numeric arguments looks as follows : 

 chmod rights file

The rights argument is a four-digit octal number. The functions of each digit are as follows:

  • The most significant digit sets the sticky bit and can have one of the following values:

    • 1 The owner bit

    • 2 The SGID bit

    • 4 The SUID bit

  • The use of this digit is optional, and it is usually omitted.

  • The next digit, second from the left, sets the user rights. It can have values in the range from 0 to 7.

  • The third-from-the-left digit sets the group rights. It can also have values in the range from 0 to 7.

  • The least significant digit sets the rights of all other users. It can also have values in the range from 0 to 7.

For example, you want the owner and the group to have all rights (expressed by 7 for each user type) and all other users to have only execute rights ( expressed by 1). The command to set these rights will look as follows: 

 chmod 771 filename

The rights expressed numerically as 771 correspond to the rights expressed symbolically as rwxrwx--x . The following command disallows read rights for the group: 

 chmod g-r text

After the preceding command is executed, the object's access rights become rwx-wx--x . Now, disallow all user categories to execute the file. This can be done by executing the following command: 

 chmod ugo-x text

Alternatively, you can execute this one: 

 chmod a-x text

After each of the preceding commands is executed, the object's access rights become rw--wx---- .

4.1.2. Changing User Ownership

File ownership can be changed by the chown command as follows: 

 chown owner file

The name argument sets the new owner of the file. For example, make the root user the new owner of the test file. This is done by executing the following command: 

 chown root test

Group ownership of a file can also be changed. This is done by executing the chgrp command as follows: 

 chgrp group_name file

Here, the group_name argument specifies the group that has ownership of the file specified in the file argument. For example, the group of the root user is given ownership of the test file using the following command: 

 chgrp root test

4.1.3. Safety Rules

In assigning access rights to files and directories, you follow the minimization principle described in Section 2.11.1 . That is, the default settings must disallow everything. Access is granted only to what is necessary. If a user has no rights for a file, the file should not even be shown in the directory tree.

Giving users unnecessary access to file system objects can end in compromise of the system's security and information leak or even loss. For example, a company's accounting files should be accessible only by those who work with them. Letting everyone see these files may expose the contents to the danger of becoming public property, which is unlikely to contribute to the company's welfare.

The most important safeguard for your system is preventing users from modifying system files. The most important Linux configuration files are stored in the /etc directory. Only a system administrator should have the right to modify these files. This is how developers of Linux distributions configure the system's default setting, and you should not change them to give users more rights without an actual need for this.

4.1.4. Default Rights

When a user creates a new file or a directory, they are assigned default permissions. Consider this in an example. To create a file, execute an is command and redirect its output to a file as follows: 

 ls -al >> testfile

Examine this file's permissions by executing the ls -al command. The permissions should be -rw-r--r-- , meaning that the owner has the right to read from and write to the file and that the group users and all other users have only read rights. Older systems and some distributions may set the default permissions to -rw-rw-r-- , granting the group users write rights. Such permissions run counter to the main security principle. But in either case, all users are granted read rights.

This policy is wrong. Suppose you create a file intending to use it to store confidential data. If you forget to change the file's permissions, everyone will be able to view the file's contents.

This situation can be avoided if you understand how a new file is assigned permissions. File permissions are determined based on the mask whose current value is determined by the umask command. The obtained value should be 0022 or 002.

Consider how the mask affects assignment of file permissions. The default permissions for files are set to 666 minus the mask; for directories, permissions are set to 777 minus the mask.

From this, it follows that if the mask's value is 002, permissions for a new file will be set as 666 - 002 = 664, or rw-rw-r-- in the symbolic format. If the mask's value is 0022, the default file's permissions will be set to 666 - 0022 = 644, or - rw-r--r-- in the symbolic format.

The default permissions for new directories are calculated similarly. Thus, with the mask's value at 002, a new directory's permissions will be set to 777 - 002 = 775, or drwxrwxr-x in the symbolic format. If the mask's value is 0022, a new directory's permissions will be set to 777 - 0022 = 755, or drwxr-xr-x in the symbolic format. This means that all users can view the directory's contents.

All this is no good. Although the owner must have access rights sufficient for normal operations with files and directories, all other users are not supposed to have any rights. This can be achieved by modifying the mask. I recommend setting its value to 077. Then the default permissions will be set to 777 - 077 = 700 (or drwx------ in the symbolic format) for directories and to 666 - 077 = 600 (or -rw------- in the symbolic format) for files. Then only the owner will have access rights; all other users having none.

It may seem that I did not get my arithmetic correct in the previous permission calculation, as 666 - 077 should equal 589 and not 600. It cannot be correct when conventional rules are used. Here, the subtraction operation starts with the most significant digit and is performed for each position without borrowing from the higher digit. That is, the first zero in the mask is subtracted from the first six, then each of the sevens in the mask is subtracted from the next two sixes. If the result is negative, it is set to zero.

These permissions are much more acceptable from the security standpoint. A new mask's value can be set by executing the umask mask_value command. In this case, it will be umask 077 .

4.1.5. Link Access Rights

In Section 3.1.3 , hard and symbolic links were considered . Recall what permissions are given to hard links: 

 913021 -rw-r--r--  2 root   root    0 Feb 22 12:19 l.txt 913021 -rw-r--r--  2 root   root    0 Feb 22 12:19 link.txt

As you can see, a hard link to a file has the same permissions as the file itself. There is no reason to expect them to be different, because hard links have the same descriptors as the corresponding files.

The situation is much worse with symbolic links. The following is information for a main file (the first entry) and a soft link to it (the second entry): 

 913021 -rw-r--r-- 1 root   root 519 Feb 22 12:19 link.txt 913193 lrwxrwxrwx 1 root   root 8 Feb 22 12:40 symbol.txt -> link.txt

As you can see, the soft link has all permissions set. In practical terms, it means that if you create a symbolic link to the /etc/shadow file and do not modify its default permissions, you can kiss your passwords good-bye : They will be either stolen or deleted. Remember that any operation performed on a symbolic link is actually performed on the file it points to.

If you have to use symbolic links, do not forget the peculiarity of how their default permissions are set. If you cannot rely on your memory, you can carve something like the following reminder on your monitor: "Soft links are created with full permissions!"


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
Java I/O
SQL Tips & Techniques (Miscellaneous)
Java for RPG Programmers, 2nd Edition
Managing Enterprise Systems with the Windows Script Host
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy