5
C O N T R O L L I N G F I L E A N D
D I R E C T O R Y P E R M I S S I O N S
Not every user of a single operating system
should have the same
level of access to files
and directories. Like any professional or
enterprise-level operating system, Linux has
methods for securing file and directory access. This
security system allows the system administrator—the
root user—or the file owner
to protect their files from
unwanted access or tampering by granting select users
permissions to read,
write, or execute files. For each file and directory, we can specify the per-
mission status for the file’s owner,
for particular groups of users, and for
all other users. This is a necessity in a multiuser, enterprise-level operating
system. The alternative would be quite chaotic.
In
this chapter, I’ll show you how to check for and change permissions
on files and directories for select users, how to set default file and directory
permissions, and how to set special permissions. Finally, you will see how a
hacker’s understanding of permissions might help them exploit a system.
50
Chapter 5
Different Types of Users
As you know,
in Linux, the root user is all-powerful. The root user can do
basically
anything on the system. Other users on the system have more lim-
ited capabilities and permissions and almost never have the access that the
root user has.
These other users are usually collected into
groups that
generally share
a similar function. In a commercial entity, these groups might be finance,
engineering, sales, and so on. In an IT environment,
these groups might
include developers, network administrators, and database administrators.
The idea is to put people with similar needs into a group that is granted
relevant
permissions; then each member of the group inherits the group
permissions. This is primarily for the ease of administering permissions
and, thus, security.
The root user is part of the root group by default. Each new user on the
system must be added to a group in order to inherit
the permissions of that
group.
