Cybertek Defense

Linux-Based Access Controls

Access controls used in Linux are no different than those used in Windows.  Linux uses the same permission tier such as Owner, group, and All Other Users to distinguish what user has access to what in a file system.  Use of numerical and alphabetical values help provide specific permissions to group members and other users.  There are three steps when provided permissions to users in Linux…

STEP 1 – Permissions:
  • Owner of File = 1st number in an octet
  • Group Members = 2nd number in an octet
  • All Other Users – 3rd number in an octet 
Linux also uses an octet form when supplying permissions to a file such as the same with IP addresses.  Just be aware that Linux has a certain way of coordinating the permissions so the user and computer can understand them better.  We will discuss the purpose of the octet placement later, and while we discuss these permissions in the basic form, Linux has more values and options when it comes to assigning permissions.

Owners maintain the file and have the highest level of permissions by default.  They are able to delete the file, make changes to the file name, or make edits to the file within the file itself.  

Group members are users who have been granted access to the file but have limited access or permissions of what they can do.  The owner adds these users or can remove them, change specific permissions for the user such as the user can only read the file and not write, or make the user just be able to see the file listed but cannot access the file in any way.

 All other users are simply those that are not part of the owner or group members.  These users might be able to see the file list in the directory, but has no ability to access the file or read/write to it.

STEP 2 – Numerical Values:

While permissions can help provide the groups users can be put into, numerical values are needed to specify the specific permission values such as read, write, execute, etc.  Numerical values are given is such a way that the values can be added together to create a new number instead of adding multiple numbers to the permission value.  The numerical values are…

0 = No Permission – Cannot access the file
1 = Execute – Run the file or be able to search for the file
2 = Write – Open and modify the file
4 = Read – View only of the file
6 = Read and Write – Open and modify the file
7 = Read, Write, and Execute – View, open, and modify the file

As mentioned, a user can have more than one numerical value.  If Bob needs read and write permissions to a file, we would simply add the number 4 and 2 together to get 6.  Likewise, we can set Bob’s permissions to read, write, and execute with a number of 7.  The max numerical value a user can have is 7 and the lower a user can have is 0.  Once again, these numbers will be used within an octet fashion to better understand what permission are given in Linux, we will discuss that next.  

STEP 3 – Alphabetical Values:

As mentioned many times, Linux uses an octet system to set the permissions and numerical values of a user.  Think of this as an IP address where an IP address is separated by dots between each octet.  This is similar to Linux permissions that the depending on the numerical value the user is assigned to, and the permission group they are put under will determine what octet you will see filled.  In a single file, there are 10 values that can be entered.  See the example below on what this looks like in Linux form.

There is a lot going on in this picture but I will describe what each section means.  Remember the following values

“r” (read) = 4
“w” (write) = 2
“x” (execute) = 1
“-” no permissions = 0

First off the basics…

Once a user is assigned a permission and level, we can use the ls-l command within the folder to see a list of files or folders and their associated permissions.  We then get a return value total of 0 which means there are no folders within this folder.  But, we do have some files that are in this directory.  The first returned value we see is a file called “testfile” 

Now let’s break it down…

  1. This file has permissions of -r–r–r– The very first value of our octet is a dash.  From this, we know that this means it is indicating the file is a file and not a directory or a link to a website.
  2. The next value is an “r” meaning read only to the file.  This value is presented in the first octet specified for the owner group.  Remember that each octet is a set of 3 value.  We know that it is read only because the following two values after the “r” are dashes.
  3. We then move to the next octet, the Group set, which has the same permission value of “r”, meaning read only.
  4. The last octet, All Other Users is also similar with the letter “r” for read only.
All files and folders in Linux will not be the same format, as you can see for the second file we returned contains different types of values for each group such as “d” indicating that it is a directory and not a file, and “rwx” for the first octet showing that the directory contains read, write, and execute permissions for the owner of the directory.
Exit mobile version