Linux file system is a simple and effective tree-like structure. This structure is very effective in controlling the access of each user. File permission has a major role when we deal with server security. The permission of a file gives privilege for each user to read, write or execute a file.
File Permission
In Linux system, a file has three types of owners “User”, “Group” and “Other”, where user and group exist in the system and the other is a third party user which do not belong to the system. These three users have separate permission on a file/directory and this can be modified as per our requirements. The root user has all permission on all files and has the authority to change the permission for all users.
The permission of each user on a file can be checked using the command
ls –l
Code :
ls –l
Result :
-rw-rw-r– 1 sshuser sshuser 8 Feb 17 07:25 hashroot
The first set of values represents the file permission. The first entry represents the type, d for-directory, and null(-) for the file. The three continuous entry represents each user’s permissions on file. The first one is owner permission and followed by group and other user permission respectively. These each alphabetic value represents each numerical value and they are as follows
r=4 (read permission)
w=2(write permission)
x=1(execute permission)
The permission of each user on file can be changed using the command chmod
Eg : chmod
ls –l
-rw-rw-r– 1 sshuser sshuser 8 Feb 17 07:25 hashroot
chmod 655 hashroot
ls –l
-rw-r-xr-x 1 sshuser sshuser 8 Feb 17 07:25 hashroot
In hosting environment, the default permission of one file inside an account is 644 and for the directory, it is 755. It is better to configure in this way considering the security reasons. The permission of file and directory inside an account can be changed into the default one with the following commands.
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
For cPanel, it easy to change with a cPanel provided script,
we get https://raw.githubusercontent.com/PeachFlame/cPanel-fixperms/master/fixperms.sh
sh ./fixperms.sh -a USER-NAME
And this can be done for all accounts inside the server by following the below steps,
we get https://raw.githubusercontent.com/PeachFlame/cPanel-fixperms/master/fixperms.sh
sh ./fixperms.sh -all
Special Permission
Rather than the standard set of permission Linux operating systems offer some special kinds set of permission that offer a higher level of functionality. They are as follow.
setuid
setuid stands for “set user ID on execution”. This permission permits users to run certain programs with escalated privileges. When a stuid is set for an executable file the users may execute that program with a level of access that matches the user who owns the file. The setuid permission can be viewed by the “ls –l” command.
ls –l hashroot
-rwsr-xr-x 1 root 54192 Nov 20 17:03 password
For setting the setuid permission we use the command chmod
chmod u+s hashroot
No executable files can be given a setuid permission but this will not have any special effect. In this case, the setuid will shows in Capital S,
ls –l hashroot
-rwS-r—r—1 user 0 Mar 6 10:45 hashroot
setgid
setgid is equivalent of setuid that grant permission of the group who owns the file. It operates in the same way as setuid and denoted same as s and S.
Sticky bit
Sticky bit can be assigned to directories and files. When sticky bit is assigned to a file then the directory owner or file owner or the root user only can edit, delete or rename the file. This is especially given to the file which is saved in the “tmp” directory.
chmod o+t /opt/dump/
Or
chmod +t /opt/dump/
User Permission
The root user has all the privileges on a Linux system and also has the authority to control other users. From a normal user, we can change to the root user using the command “su” which stands for switch user. In hosting atmosphere, it is common to have command line access to the servers, from where they can try to use the su command. For the security of the server, the root user has prevented this from happening. In cPanel server this can be achieved using removing the users from the wheel users list.
ServerAdminz is a server support company specialized in Outsourced 24/7 Web Hosting Support, Remote Infrastructure Management, NOC, Cloud and Enterprise Security Services. With over 10+ of years of experience in working with major Data Centers and ISPs with 130+ experienced technicians, we continue to manage more than 49,000 servers from 85+ countries and has bagged 5 international awards.
If you have any queries on linux permissions feel free to leave us a message and our representative will get back to you.[two_third last=”yes” spacing=”yes” center_content=”no” hide_on_mobile=”no” background_color=”” background_image=”” background_repeat=”no-repeat” background_position=”left top” border_position=”all” border_size=”0px” border_color=”” border_style=”” padding=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”” animation_speed=”0.1″ class=”” id=””]
Leave A Comment
You must be logged in to post a comment.