CMPD393 System Administration

Chapter 4:
Maintaining Security
 Objectives
• Use chmod to change file permissions in an
absolute manner
• Learn how the administrator uses three basic file
permissions bits
• Use chown and chgrp to change the owner and
group owner of files
• Restrict a user’s activities with the restricted
shell
 Introduction
• Security in a computer system eventually
involves files
• Faulty file permission – exploit by malicious user
• System Administrator’s responsibility - ensure
that system directories (/bin, /usr/bin, /etc, /sbin)
and files in them are not writable by others
Very important to be
Linux Structure
protected!
• Tune in to
https://www.youtube.com/watch?v=D-VqgvBMV
7g&t=143s

• And watch the video until 5.23 /13.29

 Listing File Attributes

Last
Number Owner modification
of links Name date & time
$ ls –l
total 2
drwxrw-r-- 1 ixo team 0 2012-08-30 18:42 Material
-rwxr-xr-x 1 dc010101 dba 5234 2012-12-20 22:22 file1.txt

File Permission Group File name

type Name
 File Permission
• Basic permission
– Read, r : content of the file is accessible
– Write, w : permitted to create, modify, or remove the
file
– eXecute, x : allowed to run or “pass through”
• Category
– Owner (user)
– Group
– World (public/everyone/all)
 File Permission

group

rwxr-xr-x Example:
Access permission for file1.txt
owner world

• Owner is allowed to: Read, write and execute file1.txt

• Group is allowed to: Read, and execute file1.txt
• World is allowed to: Read, and execute file1.txt
 Exercise
• What are the permission for every
category for file with the following
permission: ‘rwx-wx--x’?
Commands File Permission

chmod
chown
chgrp
 Change File Permission
• chmod command: change file permission
• Method: Absolute assignment
– Done with octal numbers (base 8)
– A set of 3 bits represent one octal digit
• Example:
$ chmod 754 file1.txt

• General structure
chmod <newPermissionInOctal> <filename>
 Change File Permission

Binary Octal Permissions Significance

000 0 --- No permission
001 1 --x Executable only
010 2 -w- Writable only
011 3 -wx Writable and executable
100 4 r-- Readable only
101 5 r–x Readable and executable
110 6 rw- Readable, writable
111 7 rwx Readable, writable, executable
Example : rwxr-xr-- Permission: 754

READ WRITE EXECUTE

1 1 1 4+2+1 = 7
22 21 20

READ WRITE EXECUTE

1 0 0 4+0+1 = 5
22 21 20

READ WRITE EXECUTE

1 0 0 4+0+0 = 4
22 21 20
 Exercise!
• Change permission for ‘test.txt’ to ‘rwx rw-
r--’

• Change permission for ‘Next’ folder to ‘r-

x--x---’
 Change File Ownership

• chown command: transfer ownership of a file to

a user

• Example:
$ chown dc010101 Material

• General structure
chown <newUserName> <filename>
 Exercise
• Change owner name of ‘Avengers’ file to
‘Hulk’
 Change File Group Owner
• chgrp command: change a file’s group owner
• A user can change the group owner of a file, but
only to a group to which he/she belongs to
• Example:

$ chgrp dba Material

• General structure
chgrp <NewGroupName> <FileName>
 Exercise
Change group name of ‘Drama’ file to
‘section01’.

Answer:-
STERN REMINDER! For chown and chgrp!

• If you wanted to change any sets of

permission INSIDE Linux Server for chown
and chgrp, administrative permission
would be necessary. ALWAYS add in
SUDO before typing in command.
• Example:-
sudo chown Hulk Avengers
sudo chgrp Section01 Drama
Changing ownership and group
in single command!
• Tune in to
https://www.youtube.com/watch?v=D-VqgvBMV
7g&t=547s

• Navigate until the END of video.

• You could / might be asked regarding
combination of owner and group
ownership change in one command.
• HOWEVER, no need to remember the
groups, newgrp command.
What do you able to understand from above
image?
General structure :
chown <newUser>:<newGroup> <filename>
 References

1. Das, S. (2012). Your UNIX/LINUX The Ultimate

Guide: Third Edition. McGraw-Hill
2. Hahn, H. (2008). Harley Hahn's Guide to Unix and
Linux. California: McGraw-Hill Higher Education

This teaching material belongs to:

Systems and Networking Department,
College of Information Technology,
Universiti Tenaga Nasional.