Paranoid Penguin - Linux Filesystem Security, Part I
Listing 4. Changing a File's Permissions with chmod
bash-$ ls -l baton_dealers.txt -rw-rw-r-- 1 maestro conductors 35414 Mar 25 01:38 baton_dealers.txt bash-$ chmod go-rw baton_dealers.txt bash-$ ls -l baton_dealers.txt -rw------- 1 maestro conductors 35414 Mar 25 01:38 baton_dealers.txt
In Listing 4's sample chmod command (chmod go-rw), go tells chmod to change the group permissions and other permissions; -rw says to remove read and write permissions for those two categories of permissions, group and other. Thus, a chmod command has three parts: a permission category, some combination of u, g and o or a for all; an operator, - to remove, + to add; and a list of permissions to add or remove, usually r, w or x.
We now know how to change basic permissions on regular files, but what about directories? Directory permissions work slightly differently from permissions on regular files. Read and write are similar; for directories these permissions translate to list the directory's contents and create or delete files within the directory, respectively.
Execute is a little less intuitive on directories, however. Here, execute translates to use anything within or change working directory to this directory. That is, if a user or group has execute permissions on a given directory, the user or group can list that directory's contents, read that directory's files (assuming those individual files' own permissions include this) and change the working directory to that directory with the command cd. If a user or group does not have execute permission on a given directory, the user or group is unable to list or read anything in it, regardless of the permissions set on the things inside. If you lack execute permission on a directory but do have read permission and you try to list its contents with ls, you receive an error message that, in fact, lists the directory's contents. But this doesn't work if you have neither read nor execute permissions on the directory.
Suppose our example system has a user named biff who belongs to the group drummers. Also suppose that his home directory contains a directory called extreme_casseroles that he wishes to share with his fellow percussionists. Listing 5 shows how biff might set that directory's permissions.
Listing 5. A Group-Readable Directory
bash-$ chmod g+rx extreme_casseroles bash-$ ls -l extreme_casseroles drwxr-x--- 8 biff drummers 288 Mar 25 01:38 extreme_casseroles
Per Listing 5, only biff has the ability to create, change or delete files inside extreme_casseroles. Other members of the group drummers can list its contents and cd to it. Everyone else on the system, however, is blocked from listing, reading, cd-ing or doing anything else with the directory.
Those are the most basic concepts and practical uses of Linux filesystem security. In Part II, we'll go further in depth and discuss (among other things) setuid, setgid and numeric permission modes. Until then, be safe!
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
- How to Deliver Hybrid Apps in 2 Weeks [Webcast]
- One Port to Rule Them All!
- Secure Server Deployments in Hostile Territory
- Django Templates
- PHP for Non-Developers
- Privacy Is Personal
- Linux Kernel 4.1 Released
- July 2015 Issue of Linux Journal: Mobile
- The AtoMiC Toolkit!
- Practical Books for the Most Technical People on the Planet