СHRISTMAS
WHEEL OF FORTUNE

Tap the button and win a guaranteed prize right now!

By registering, you are signing up to receiving e-mails.
JT
July 12 2024
Updated July 12 2024

What is Chmod and how does it work?

Linux Maintenance Security

The Linux family of distributions are mainly multitasking and multi-user operating systems, which inherently implies a requirement for differentiation of user rights. For this purpose, there are a number of utilities in the OS, which, in accordance with the POSIX standard, allow you to delimit rights using a discretionary access model. One of them is chmod, let's consider the principle of the access model and the utility's role in it.

What is chmod and the Linux discretionary model?

Chmod is a standard OC Linux utility that sets access rights for files and folders, allowing you to define the order in which different users can access a resource. As mentioned earlier, many Linux distributions are based on a discretionary access differentiation model. This means that each file and directory has its own list of attributes: owner, group and a list of permissions for three categories of OS users. Let's take an example, let's create a "secret directory" and files to it by commands:

mkdir -p /tmp/Secret-folder
touch /tmp/Secret-folder/gg
touch /tmp/Secret-folder/gt

And let's immediately look at the standard attributes that the OS will give you:

ls -la /tmp/Secret-folder
File permissions
Screenshot №1 — File permissions

To the left of the displayed files and directories, you can see the set of their attributes, where the example of the gg file is:

  • -rw-r--r-- access rights to the file;
  • root root entry indicates the owner and group;
  • jul 9 06:10 displays the time the file was last opened/modified.

Since we are the owners of the file, we can easily control the state of the access attributes, let's take a closer look at them. Each element on the left side has strings defining access rights to the file:

First bit
Screenshot №2 — First bit

This bit may also contain SUID and GUID values that allow to run the file on behalf of its owner/group of owners, rather than those provided by the user. This solution allows you to temporarily grant rights, however, it is strongly not recommended for use! Since there is no privilege differentiation system, it is better to use sudo for this purpose.

Creator's permissions
Screenshot №3 — Creator's permissions

Then there are the file owner rights, which allow read and write access to the file, however, the owner or root can always change their level of access to the file or/and directory.

Group's permission
Screenshot №4 — Group's permission

An owner's group brings together users who are in the same group as the owner. Usually, they either have the same rights as the owner or slightly reduced rights.

Other users permission
Screenshot №5 — Other users permission

The other users are those that are not included in the list of the owner and his group. As a result, the string of access attributes is divided into 3 triplets and one bit: the rights of the owner, group, other users and the control bit. We will come back to the last one, let's consider their work on a practical example.

How to use chmod?

Similar to the previously created folder at the beginning, let's implement the following directory and the files in it:

Schema of files
Screenshot №6 — Schema of files

You may have noticed objects with a name in the form of a dot or two, and to the left of them the type of directory. The point is that when we go to the folder itself, we may need to briefly refer to it or the directory above it, and that's what these links are for. One point links to the current directory, two points link to the directory above.

For example, let's allow users in the owner group to write to a file, they currently have read-only permissions:

chmod 664 /Minfin2/gg
Change permissions
Screenshot №7 — Change permissions

What do the numbers 664 mean? It was decided that each right in the triplet would have a numerical designation:

  • 4 is read or reading;
  • 2 is write, or writing, deleting, creating objects;
  • 1 is execute or execute, scripts, binary files.

Each digit is the sum of the rights for one triplet group, the first 6 is rw for the owner, the second 6 for the group and the last 4 read for the rest. So 664 is equivalent to rw-rw-r-- the attributes of the file. Let's try from another user in the owner group to delete the file gg, the w access parameter on the file allows us to do this. But we catch the error permission denied:

Permission denied
Screenshot №8 — Permission denied

Why? Because there are permissions on the file, the point is that Linux has a hierarchical access rights check. This means that on the path to the file itself, the user must have permissions in directories too, except for the files themselves. Let's try to assign them and then delete the file:

chmod 775 /Minfin2 && rm /Minfin2/gg
Remove file
Screenshot №9 — Remove file

And success! The file was deleted, thanks to the fact that permissions were correctly granted to the file itself and the directory in which it was stored. If numbers are not a suitable form of control, we can use symbols. For example, give the owner the full set, the group and others the triplet r-x:

chmod ugo-rwx /Minfin2/gg && chmod u+rwx /Minfin2/gg && chmod /Minfin2/gg go+rx

As you can see this solution is much longer than the numerical rights designation, however, it is just as functional and fulfils the tasks. All steps in the tutorial can be performed on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.

Create Server
Screenshot №10 — Create Server

It will take some time to deploy server capacity. After that you can connect in any of the convenient ways.

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.