Controlling Access to Files in Linux: Secure Your System

CONTROLLING ACCESS TO FILES:

In this chapter we will be dealing with two things.
1. Special Permissions or Advanced Permission
2. Access Control List (ACL)

1. Special Permissions or Advanced Permission:
There are three special permissions that can be assigned to a file or directory apart from
basic file permissions(rwx), they are
1. SUID – SET USER ID
2. SGID – SET GROUP ID
3. STICKY BIT

Permission Symbolic Form Numeric Form Syntax
---------- ------------- ------------ -------------------------
SETUID s or S 4 #chmod u+s or #chmod u-s or #chmod 4766
SETGID s or S 2 #chmod g+s or #chmod g-s or #chmod 2766
STICKYBIT t or T 1 #chmod o+t or #chmod o-t or #chmod 1766

Note:- Where s= setuid + execute permission and S= setuid only. Same is for SGID and also for sticky bit .

SUID – SET USER ID:-
Change user ID on execution. If SETUID bit is set, when the file will be executed by a user, the
process will have the same rights as the owner of the file being executed. Many of the system
commands are the best example for SUID, basically the owner of the commands will be root,
but still a normal user can execute it.

Example
By default ping command is having suid, so all users can run that command but if suid is
removed and a normal user wants to user execute it, then it will show 'operation not permitted'

#which ping
#ls -l /bin/ping

Note:- observe that in the permissions “–rwsr-xr-x” it contains an “s”, which means SUID is placed.

• Let’s remove suid on Ping command and logged in as normal user and check the results

#chmod u-s /bin/ping
#su - root
#ping 192.168.10.95

SGID – SET GROUP ID:

Set group ID, used on executable files to allow the file to be run as if logged into the group
(like SUID but uses file group permissions)
SGID can also be used on a directory so that every file created in that directory will have the
directory group owner rather than the group owner of the user creating the file.

Example:
• When a directory is created and its group is set to some group. Now if SGID is applied to it,
and the group member creates files and directory inside it, then it will get the same group
rather than getting user’s primary group.

• Let’s see it practically.

#mkdir /ktsdir
#chgrp kktgroup ktsdir
#ls -ld ktsdir
#chmod g+s ktsdir
#ls -ld ktsdir
#chmod go+w ktsdir
#su - ktuser3
#cd /ktsdir
#touch file{1..5}
#ls -l

Note:- when a file is created by any user it will get the group as primary group of the owner which is usually owner’s private group with same name.

STICKY BIT:
If sticky bit is applied on a file or directory, then only root and owner of that file or directory can
delete it. Even if others are having full permissions they cannot delete the file or directory.

• Let see it practically.

#chmod o+t ktsdir
#ls -ld ktsdir
#su -ram
#cd /ktsdir
#ls
#rm file1

#SGID
#StickyBit
#LinuxPermissions
#SecurityBestPractices
#arn
#arntech
#arntraining
#arntrainings
#arntechtrainings

linux acl permissions in telugu,sgid,linux sgid,linux suid sgid,linux suid sgid sticky bit,suid and sgid in linux,suid sgid linux,suid sgid sticky bit,and sticky bit,unveiling the power of sgid for efficient group access,exploring the functionality of the sticky bit,safely implementing suid and sgid in linux,and sticky bit issues,ARNTechTrainings,linux in telugu,SetUid,SetGid,StickyBit,which,chgrp,chmod,Stay One Step Ahead: Mastering Linux File Access Control,Linux File Access,File Permissions Linux,Linux Security,Manage Linux Files,Linux chmod Command,Linux User PermissionsLinux Command Line Security Protect Files Linux,Linux chown Tutorial,Linux System Administration,controlling access to files in linux,controlling access to files with linux file system permissions,set user id linux,how to set user id,how to set user id and password,how to add a group in linux,how to add users to a group in linux,sticky bit setuid setgid,sticky bit in unix,sticky bit,suid sgid sticky bit,linux permissions suid sgid and sticky bit,linux file permissions sticky bit,Controlling Access to Files in Linux: Secure Your System,sgid, setuid, sticky bit, suid, setgid, linux permissions, linux file permissions, linux tutorial for beginners, linux, linux command line tutorial, linux tutorial, linux commands, linux for beginners, linux training for beginners, learn linux, linux sgid, linux suid, what is suid, what is sgid, suid in Telugu, sgid in Telugu, suid Telugu, sgid Telugu, linux course for beginners, linux commands with examples, linux basic commands, linux command line basics,sticky bit, sticky bit chmod, stiky bit in linux, stiky bit, stcky bit in linux, what is sticky bit, linux sticky, linux stikcy, chmod, linux file permissions explained, linux file permissions chmod, chmod command, sticky bit in linux, chmod linux, sticky bit linux, chmod command linux, chmod command in linux, chmod 777,linux file permissions, linux tutorial, linux 755, linux 644,intro to linux,permissions,arnte