IT:AD:NET:HowTo:Security:Concepts:UNIX

• (UP)

  • concepts_securitytoken
  • IT:AD:NET:HowTo:Security:CAS
  • IT:AD:NET:HowTo:Security:CAS:Issues
  • IT:AD:NET:HowTo:Security:Concepts:UNIX
  • IT:AD:NET:HowTo:Security:Identity
  • IT:AD:NET:HowTo:Security:Signing

• User:
  • Name:Nick
  • Name:WWW
• Group:
  • Set of Priveleges
  • Name:Perlfect
• Permissions:
  • Read, Write, Execute
• Ownership:
  • Every Item has an Owner User

    • Every Item has an Owner Group
    • Every Item has an All (neither Owner User or Owner Group)
    • Therefore, for every item, one of the following can apply:
      • Nick is the owner
      • Nick belongs to the group that owns the file
      • Nick is neither the owner, or belongs to a group that owns the file.

    1. rwxr-xr-x 1 nick users [= Owner(Nick):rwx, OwnerGroup(users):r-x, All:r-x

    drwxr-xr-x 1 nick users [= Owner(Nick):rwx, OwnerGroup(users):r-x, All:r-x

• Directories:
  • If it has a d prefix , it's for directories, and meaning changes a bit.
  • read = list contents

    • write = add items
    • execute = user can cd into the directory.
• Use chmod:
  • set permissions by target
    • u: owner
    • g: group
    • o: other (neither u or g)
    • a: all

Example:

$ ls -l socktest.pl 
-rwxr-xr-x   1 nick     users         1874 Jan 19 10:23 socktest.pl*

$ chmod a-x socktest.pl 
$ ls -l socktest.pl 
-rw-r--r--   1 nick     users         1874 Jan 19 10:23 socktest.pl

$ chmod g+w socktest.pl   
$ ls -l socktest.pl 
-rw-rw-r--   1 nick     users         1874 Jan 19 10:23 socktest.pl

$ chmod ug+x socktest.pl 
$ ls -l socktest.pl 
-rwxrwxr--   1 nick     users         1874 Jan 19 10:23 socktest.pl*

$ chmod ug-wx socktest.pl 
$ ls -l socktest.pl 
-r--r--r--   1 nick     users         1874 Jan 19 10:23 socktest.pl