Unix File System Permissions

File/Folder Permissions and Ownership

• File system permissions control the ability of user and group accounts to read, modify, and execute the contents of files and to enter directories.
• Three types of access (permissions): read (r), write (w), execute (x).
• Each file belongs to a specific user and group (ownership).
• Access to files is controlled by user (u), group (g), and other/everyone (o) permission bits, usually set using a numerical value.

Access Levels and Permissions

• Different access levels depending on numerical values:
  • 0 (---) – no access to the file whatsoever
  • 1 (--x) – execute permissions only
  • 2 (-w-) – write permissions only
  • 3 (-wx) – write and execute permissions
  • 4 (r--) – read permissions only
  • 5 (r-x) – read and execute permissions
  • 6 (rw-) – read and write permissions
  • 7 (rwx) – read, write, and execute permissions (full permissions)

Directory Permissions

• Base permission for a directory is 777 (drwxrwxrwx), which grants everyone the permissions to read, write, and execute.
• Example of 644 permissions:
  • Owner/User: Read and Write
  • Group: Read only
  • Other/Everyone: Read only

Setting Permissions and Ownership

• To set permissions, use the chmod command followed by the permission value and the file name.
• Example: chmod 755 file_name sets the permissions to 755 for the file file_name.
• To recursively change permissions, use the -R flag: chmod -R 755.
• To change ownership, use the chown command followed by the user and group names, and the file name.
• Example: chown user:siteground file_name sets the owner to user and the group to siteground.

Understanding Users and Groups

• In Linux, a user is an individual who interacts with the system, with a unique username and user ID (UID).
• User accounts are used to log in, run processes, and access files and directories.
• Groups are collections of users, used to simplify access control and permissions management.
• A group has a unique group ID (GID).

User Management

• Creating users: use the useradd command followed by the username.
• Example: sudo useradd viswa creates a new user named viswa.
• Setting user password: use the passwd command followed by the password.
• Modifying user attributes: use the usermod command.
• Deleting users: use the userdel command with the -r flag to remove the user and their home directory.

Group Management

• Creating groups: use the groupadd command followed by the group name.
• Example: sudo groupadd mygroup creates a new group named mygroup.
• Adding users to groups: use the usermod command with the -aG flag.
• Example: sudo usermod -aG mygroup username adds the user to the mygroup group.
• Changing group ownership of files: use the chown command with the group name.
• Deleting groups: use the groupdel command followed by the group name.

Group Database Files

• /etc/group contains all group details as a list.
• /etc/gshadow contains all group members details as a list.

Password Aging Policy

• To ensure system and network security, various security mechanisms are used, including user password expiration.
• The chage command and /etc/login.defs file are used to manage password policies.
• Password aging policy settings include:
  • The last password change date
  • The password expiration date
  • The password inactive date
  • The account expiration date
  • The minimum number of days between password changes
  • The maximum number of days between password changes
  • The number of days of warning before the password expires