UNIX Permissions Write a 200 to 300word response in which yo

UNIX Permissions

Write a 200- to 300-word response in which you provide and explain some of the different file permissions available within UNIX^®. Include how certain settings can help increase the security of the system.

Solution

Please follow the data and description :

UNIX Permissions :

UNIX provides a secure method for storing and the manipulation of the files. Every file in UNIX has the following attributes :

a) Owner permissions These owner\'s permissions determine what are the actions respective owner of the file can perform on the file.

b) Group permissions These determine what actions a user, who is a member of the group that a file belongs to, can perform on the file.

c) Other permissions The permissions for others indicate what action all other users can perform on the file.

Permission Indicators :

While using the ls -l command, it displays the various information related to the file permission.

Example,

$ls -l /home/abc
-rwxr-xr-- 1 abc users 1024 Nov 14 00:10 myfileData
drwxr-xr--- 1 abc users 1024 Nov 14 00:10 mydirectory

Above the first column represents the different access mode namely the permission associated with a file or directory. The permissions are then broken into groups of threes, and each position in the group denotes a specific permission, as one of the read (r), write (w), execute (x).

Here, the first three characters (2-4) represent the permissions for the file\'s owner. For example -rwxr-xr-- represents that owner has read (r), write (w) and execute (x) permission.

The second group of three characters (5-7) consists of the permissions for the group to which the file belongs. For example -rwxr-xr-- represents that group has read (r) and execute (x) permission but no write permission.

The last group of three characters (8-10) represents the permissions for everyone else. For example -rwxr-xr-- represents that other world has read (r) only permission.

Changing Permissions :

If at all the owner needs to change the file or directory permissions, they could use the chmod abbreviated as change mode command. There are two ways to use chmod as symbolic mode and absolute mode.

SUID and SGID File Permission :

Whenevr a command is executed, it will have to be executed with special privileges in order to accomplish its task. As an example, when we change the password with the passwd command, the new password is stored in the file path /etc/shadow. When we change the password, we need to have the write permission to this file. This means that the passwd program has to give the user additional permissions so that the user can write to the file /etc/shadow.

Additional permissions are given to the programs through a mechanism known as the Set User ID (SUID) and Set Group ID (SGID) bits. When the user will execute a program that has the SUID bit enabled, then the respective user inherit the permissions of that program\'s owner. Programs that do not have the SUID bit set are run with the permissions of the user who started the program. This is same for the SGID as well.

The SUID and SGID bits will appear as the letter \"s\" if the permission is available. The SUID \"s\" bit will be located in the permission bits where the owners execute permission would normally reside. For example, the command

$ ls -l /usr/bin/passwd
-r-sr-xr-x 1 root bin 19031 Feb 14 16:25 /usr/bin/passwd*
$

Which shows that the SUID bit is set and that the command is owned by the root. A capital letter S in the execute position instead of a lowercase s indicates that the execute bit is not set. If the sticky bit is enabled on the directory, files can only be removed if you are one of the following users

The owner of the sticky directory

The owner of the file being removed

The super user, root

To set the SUID and SGID bits for any directory try the following

$ chmod ug+s dirname
$ ls -l
drwsr-sr-x 2 root root 4096 Jun 19 09:10 dirname
$

Hope this is helpful.