File System Security

ls -l

First Columm

• d = directory• l = symbolic link• b = block special file• c = character special file• p = fifo (or named pipe) special file• - = ordinary file• s = named socket special file

• rwx --- ---– user “owner” permissions:– if you created it, you own it

• --- rwx --- – group “owner” permissions: – you and other people in the owner’s group

• --- --- rwx– other “world” permissions:– everyone else

Second Column

Three types of file access:• Read – List the contents of a file• Write – Update the contents of the file• Execute – If the file is a program, run it

Three types of directory access:• Read – List the files in the directory• Write – Rename or delete files in the directory,

or copy files to the directory• Execute – cd to the directory

chmod

• chmod u (user)• chmod g (group)• chmod a (all)

– chmod u+w ./quarters = add write permission to user– chmod g+rwx ./quarters = add all permssions to all– chmod a-wx ./quarters = remove write and execute for all

chmodRead Write Execute Octal Outcome Outcome

4 2 1 7 rwx4 2 - 6 rw-4 - 1 5 r-x4 - - 4 r--- 2 1 3 -wx- 2 - 2 -w-- - 1 1 --x

chmod 744 ./quarterschmod 774 ./quarterschmod 544 ./quarters

umask

• Change the system-wide default permission• Default permissions for all files created in the

future until umask is changed

• umask 077

chown

• chown = change file ownership

• chown hoffmann ./quarters

chgrp

• chgrp = change group owner

• chgrp thegame ./quarters

newgrp

• switching groups

• newgrp thegame