File Protection
Steven Zeil
1 Protection and Permissions
Not every file on the system should be readable by everyone. Likewise, some files that everyone needs (such as the executables for commands like cp, mv, etc.) should not be subject to accidental deletion or alteration by ordinary users. This is where file permissions come into play.
Unix allows three forms of access to any file: read, write, and execute. For an ordinary file, if you have read (r) permission, you can use that file as input to any command/program. If you have write (w) permission, you can make changes to that file. If you have execute (x) permission, you can ask the shell to run that file as a program.
The owner of a file can decide to give any, all, or none of these permissions to each of three classes of people:
-
To the owner of the file him/herself
-
To members of a designated “group” established by the systems staff. Groups are generally set up for people who will be working together on a project and need to share files among the group members.
-
To anyone else in the world.
These three classes are abbreviated “u”, “g”, and “o”, respectively. The “u” is for “user”, “g” for “group”, and “o” is for “others”. Until you actually join a project that needs its own group, you will mainly be concerned with “u” and “o” classes.
The ls -l command will show the permissions granted to each class. For example, if you said
ls -l ~/playing
you might see the response
-rwxrwx--- 1 johndoe student 311296 Jul 21 09:17 a.out
-rw-rw---- 1 johndoe student 82 Jul 21 09:12 hello.c
-rw-rw---- 1 johndoe student 92 Jul 21 09:13 hello.cpp
-rw-rw---- 1 johndoe student 85 Jul 20 15:27 hello.wc
On the far right, you see the actual file names. In front of that you are shown the date and time on which that file was last modified. In front of the date is the size of the file (in bytes). The two columns near the middle that contain names indicating the owner of the file (in this case, the owner has login name johndoe) and the group to which that file is assigned (in this case, the group student). Some typical groups are “wheel”, “faculty”, “gradstud”, and “student”. “Wheel” has no members, but groups like “student” and “gradstud” have very broad membership, as their names imply.
Finally, look at the pattern of hyphens and letters at the far left of the ls output. The first character will be a “d” if the file is a directory, “-” if it is not. Obviously, none of these are directories. The next 3 positions indicate the owner’s (u) permissions. By default, you get read and write permission for your own files, so each file has an “r” and a “w”. a.out is an executable program, so the compiler makes sure that you get execute (x) permission on it. The other files can’t be executed, so they get no “x”. This way the shell will not even try to let you use hello.c or any of the other source code files as a program.
The next three character positions indicate the group permissions. In this case, the group permissions are the same as the student owner’s permissions - all members of the student group can read or write these files and can execute the a.out program.
The final three character positions indicate the permissions given to the world (others). Note that in this case, people other than the owner or members of the same group cannot read, write, or execute any of these files.
Directories also can get the same rwx permissions, though the meaning is slightly different. If you have read permission on a directory, you can see the list of files in the directory via ls or other commands. If you have execute permission on a directory, then you can use that directory as one component of a path (e.g., ~yourName/directory-with-x-permission/foo.txt) to get at the files it contains. So, if you have execute permission but not read permission on a directory, you can use those files in the directory whose names you already know, but you cannot look to see what other files are in there. If you have write permission on a directory, you can change the contents of that directory (i.e., you can add or delete files).
2 chmod
The chmod command changes the permissions on files. The general pattern is
chmod class+permissions files
or
chmod class-permissions files
Use “+” to add a permission, “-” to remove it. For example, chmod o+x a.out gives everyone permission to execute a.out. chmod g-rwx hello.* denies members of your group permission to do anything at all with the “hello” program source code files.
You can also add a -R option to chmod to make it “recursive” (i.e., when applied to any directories, it also applies to all files in the directory (and if any of those are directories, to the files inside them, and if…). For example, if I discovered that I really did not want the group to have permission to write or execute my files in ~/playing, I could say:
chmod -R g-wx ~/playing
An alternate way of setting and removing permissions is to specify all 9 of the permissions (user, group and world - read write and execute) at once by giving them as a three-digit number. Each digit must be in the range 0-71 and the digits give the permissions for the owner, group and world, in that order. The digits are computed as binary numbers with read permission in the 4’s position, write permission in the 2’s position, and execute permission in the 1’s position. Each bit in this number is 1 if permission is granted and zero if permission is denied. So, for example, if we wanted to give the owner read and write permission but not execute permission, the digit would be computed as:
\[ \mbox{owner} = 4 * 1 + 2 * 1 + 0 = 6 \]
If we wanted to give the group read permission only, the digit would be computed as:
\[ \mbox{group} = 4 * 1 + 2 * 0 + 0 = 4 \]
and if we wanted to give no permissions at all to the world,
\[ \mbox{world} = 4 * 0 + 2 * 0 + 0 = 0 \]
We would then set the permissions for the file by giving these three digits in the chmod command:
chmod 640 hello.c
Example 1: Try This: Setting Permissions on a FileStart by copying a file into your directory to work with.
cd ~/playing cp ~cs252/Assignments/textFiles/hello.sh . ls -l hello.sh cat hello.sh ./hello.sh echo '#comment' >> hello.sh cat hello.shAll of the above commands should succeed.
- The
>>part of theechocommand above uses a technique called redirection that we will study later. In this case, it allows us to add lines to the end of a text file.You should see the change we have made in the second
catoutput.Now let’s take away all permissions and try those things again.
chmod 000 hello.sh ls -l hello.sh cat hello.sh ./hello.sh echo '#comment' >> hello.shWith these permission settings, we can’t do anything at all with that file.
Let’s add read permission:
chmod 400 hello.sh ls -l hello.sh cat hello.sh ./hello.sh echo '#comment' >> hello.sh cat hello.shLet’s add execute permission:
chmod 700 hello.sh ls -l hello.sh cat hello.sh ./hello.sh echo '#comment' >> hello.sh cat hello.sh
- We could also have written the
chmodcommand aschmod 700 hello.shIt’s more difficult to demonstrate the effect of group and world permissions, because they affect how other people see your files, but we can do it using a file that does not belong to us.
ls -l ~cs252/Assignments/textFiles/text1.txt ls -l ~cs252/Assignments/textFiles/text2.txtBecause you are neither the owner of those files, nor in the group they belong to, the “world” permissions control your attempts to use those files. See if you can predict, from the permissions you see, what the results of the next two commands will be before you execute them:
cat ~cs252/Assignments/textFiles/text1.txt cat ~cs252/Assignments/textFiles/text2.txt
Example 2: Try This: Setting Permissions on a Directorycd ~ chmod 700 ~/playing/hello.sh ls -ld playingThe
doption for ls asks it to show us the info on the directory itself instead of, as it sould usually do, the info on the files inside the directory.Right now, everything should be good:
ls playing cat playing/hello.sh cp playing/hello.sh playing/hello1.shLet’s take away our permissions on the directory.
chmod 000 playing ls -d playingTake note of which commands work and which ones don’t.
ls playing cat playing/hello.sh cp playing/hello.sh playing/hello1.shNow, let’s give ourselves read permission on the directory:
chmod 400 playing ls -d playing ls playing cat playing/hello.sh cp playing/hello.sh playing/hello1.shNow, let’s change that to execute permission:
chmod 100 playing ls -d playing ls playing cat playing/hello.sh cp playing/hello.sh playing/hello1.shFinally, let’s give ourselves read, write, and execute permission:
chmod 700 playing ls -d playing ls playing cat playing/hello.sh cp playing/hello.sh playing/hello1.sh ls playing
3 Beware the umask!
Suppose you never use the chmod command. What would be the protection levels on any files you created?
The answer depends upon the value of umask. Look in your ~/.bashrc file for a command by that name, and note the number that follows it. If you don’t have one, just give the command
umask
and note the number that it prints.
The umask number is a 3 digit (base 8) number, similar to the numeric form of the permissions in the chmod command. The first digit describes the default permissions for the owner (you), the second digit describes the default permissions for the group, and the final digit describes the default permissions for others. Each of these three numbers is, in turn, formed as a 3-digit binary number where the first digit is the read permission, the second is the write permission, and the third digit is the execute permission.
Unlike the chmod command, however, in each binary digit of the umask, a 0 indicates that the permission is given, a 1 that the permission is denied.
So if my umask is \(027\), that means that
-
I (the owner) have \(000\) — permission to read, write and execute my own files.
-
The group to which a file belongs has \(010\), permission to read, no permission to write, and permission to execute that file.
-
The rest of the world has \(111\), no permission to read, write or execute.
Of course, these permissions can be changed for individual files via the chmod command. The umask only sets the default permissions for cases where you don’t say chmod.
If you want to change your default permissions, you do it via the umask command by giving it the appropriate 3-digit octal number for the new default permissions. Some common forms are:
umask 022- Owner has all permissions. Everyone else can read and execute, but not write.
umask 077- Owner has all permissions. Everyone else is prohibited from reading, writing, or executing.
Since the point of the umask command is to establish the default behavior for all your files, this command is normally placed within your .bashrc file.
4 Planning for Protection
At the very least, you will want to make sure that files that you are preparing to turn in for class assignments are protected from prying eyes. You need to do a little bit of planning to prepare for this. There are two plausible approaches:
-
Use a stringent enough umask (e.g.,
umask 077) so that everything is protected by default.-
The only disadvantage is that files that you want to share (e.g., the files that make up your personal Web page) must be explicitly made world-readable (
chmod go+r files).
-
-
Use a more relaxed umask (e.g.,
umask 022) so that your files are readable by default, but establish certain directories in which you carry out all your private work and protect those directories so that no one can access the files within them. For example, you might do
cd ~
mkdir Assignments
chmod go-rwx Assignments
Now you can put anything you want inside ~/Assignments, including subdirectories for specific courses, specific projects, etc. Even if the files inside ~/Assignments are themselves unprotected, other people will be unable to get into ~/Assignments to get at those files.
- The one disadvantage to this approach is that it calls for discipline on your part. If you forget, and place your private files in another directory outside of
~/Assignments, then the relaxed umask means that those files will be readable by everyone!
1: Technically, we are giving a 3-digit Octal (base 8) number.