Filesystem Structure:
Each file has its own permissions for read, write and execute access for every type of user trying to access the file and combined from three main groups: owner, group and any.
File permissions overview:
Each cell in the RWX group is a flag that is enabled or not.
Let’s take a look at /etc/passwd file and it’s permissions:
$ ls -la /etc/passwd
-rw-r--r-- 1 root root 2829 Jul 29 15:46 /etc/passwd
^^^^^^^^^^ | | | | |
RWX Access | | | | File Name
| | | Date Modified
Owner | |
Group |
Size
Let’s try to understand this shit
This means, that OWNER (root) can read and write, GROUP (root) can read, and ANY other can read the file. That means that ONLY the root user can modify this file and any other user does not can not write or execute this file.
Command chmod is used to modify file permissions:
chmod +x somefile # will enable EXECUTE flag for all groups
chmod a-x somefile # will disable EXECUTE flag for ANY group only
Base-2 numeral system or binary numeral system:
A binary number is a number expressed in the base-2 numeral system or binary numeral system, a method of mathematical expression which uses only two symbols: typically "0" (zero) and "1" (one).
Each digit in such number is referred to as a bit,
Since you can’t use other digits other than 0 and 1 following will explain incremental counting:
Decimal (base-10) -> Binary (base-2)
0 -> 0
1 -> 1
2 -> 10
3 -> 11
4 -> 100
5 -> 101
6 -> 110
7 -> 111
8 -> 1000
etc...
Each additional enabled bit adds 2**(bit_number) to the resulting number, where 0b1001 <- this is the starting bit and it’s bit number is 0
(0b - prefix to identify binary number)
0b0001 == 2**0 == 1 (decimal)
0b0010 == 2**1 == 2 (decimal)
0b0100 == 2**2 == 4 (decimal)
0b1000 == 2**3 == 8 (decimal)
So practically, we can add above numbers in binary:
--------------------------------
0001 (1) | 0011 (3) | 0111 (7)
+ | + | +
0010 (2) | 0100 (4) | 1000 (8)
= | = | =
0011 (3) | 0111 (7) | 1111 (15)
4 enabled bits in number 0b1111 could be converted to decimal with this formula: 0b1111 == 2**(bit_number+1)-1 == 15, where RED bit number is 3 (starting from 0)
Back to file permissions:
Let’s issue another command to check file permissions:
$ stat /etc/passwd
File: /etc/passwd
Size: 2829 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 30937510 Links: 1
Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root)
Access: 2021-08-07 15:47:01.513224885 +0300
Modify: 2021-07-29 15:46:25.903259562 +0300
Change: 2021-07-29 15:46:25.903259562 +0300
Birth: -
Here we can see some number (in red) representing file permissions: 0644
0644 is the numeric representation of -rw-r--r--.
Each group represents 3 bits that are Read (R) Write (W) Execute(X) which may be in enabled (1) or in disabled (0) state.
Each 3 bit forms a binary number containing 3 bits only.
It is possible to change file permissions with the chmod command using these numbers.
For example:
We want following permissions:
Owner is allowed to READ, WRITE, EXECUTE
Group is allowed to EXECUTE
ANY is allowed to EXECUTE
For the OWNER part, we enable all bits: 111 which is 7 in decimal
For the GROUP part, we enable only Execute bit 001 and it’s 1 in decimal
For the ANY part, we enable again Execute bit only 001 and it’s 1 in decimal
As a resulting number we will have: 711
chmod 711 somefile #will set our desired permissions to somefile
No comments:
Post a Comment