{"id":48,"date":"2024-01-31T16:16:43","date_gmt":"2024-01-31T16:16:43","guid":{"rendered":"https:\/\/shaynepatelcybersecurityportfolio.online\/?p=48"},"modified":"2024-01-31T16:16:43","modified_gmt":"2024-01-31T16:16:43","slug":"file-permissions-in-linux","status":"publish","type":"post","link":"https:\/\/shaynepatelcybersecurityportfolio.online\/?p=48","title":{"rendered":"File Permissions in Linux"},"content":{"rendered":"\n

This Linux project was when I was getting my Google’s Cybersecurity Certificate. The course had many hands on labs paired up with the content for learning’s. As you follow along, I’ll provide details at every section of the lab and the overview to begin with. Keep in mind, these labs were written as if I was part of a fictional team and organization.<\/mark><\/p>\n\n\n\n

Project Description<\/strong><\/h3>\n\n\n\n

The research team at my organization needs to update the file permissions for certain files and directories within the <\/mark>projects<\/mark> directory. The permissions do not currently reflect the level of authorization that should be given. Checking and updating these permissions will help keep their system secure. To complete this task, I performed the following tasks:<\/mark><\/p>\n\n\n\n

Check file and directory details<\/strong><\/h3>\n\n\n\n

The following code demonstrates how I used Linux commands to determine the existing permissions set for a specific directory in the file system.<\/mark><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The first line of the screenshot displays the command I entered, and the other lines display the output. The code lists all contents of the <\/mark>projects<\/mark> directory. I used the ls command with the <\/mark>-la<\/mark> option to display a detailed listing of the file contents that also returned hidden files. The output of my command indicates that there is one directory named <\/mark>drafts<\/mark>, one hidden file named <\/mark>.project_x.txt<\/mark>, and five other project files. The 10-character string in the first column represents the permissions set on each file or directory.<\/mark><\/p>\n\n\n\n

Describe the permissions string<\/strong><\/h3>\n\n\n\n

The 10-character string can be deconstructed to determine who is authorized to access the file and their specific permissions. The characters and what they represent are as follows:<\/mark><\/p>\n\n\n\n

    \n
  • 1st character<\/strong>: This character is either a <\/mark>d<\/mark> or hyphen (<\/mark>–<\/mark>) and indicates the file type. If it\u2019s a <\/mark>d<\/mark>, it\u2019s a directory. If it\u2019s a hyphen (<\/mark>–<\/mark>), it\u2019s a regular file.<\/mark><\/li>\n\n\n\n
  • 2nd-4th characters<\/strong>:<\/mark> These characters indicate the read (<\/mark>r<\/mark>), write (<\/mark>w<\/mark>), and execute (<\/mark>x<\/mark>) permissions for the user. When one of these characters is a hyphen (<\/mark>–<\/mark>) instead, it indicates that this permission is not granted to the user.<\/mark><\/li>\n\n\n\n
  • 5th-7th characters: <\/mark><\/strong>These characters indicate the read (<\/mark>r<\/mark>), write (<\/mark>w<\/mark>), and execute (<\/mark>x<\/mark>) permissions for the group. When one of these characters is a hyphen (<\/mark>–<\/mark>) instead, it indicates that this permission is not granted for the group.<\/mark><\/li>\n\n\n\n
  • 8th-10th characters: <\/strong>These characters indicate the read (<\/mark>r<\/mark>), write (<\/mark>w<\/mark>), and execute (<\/mark>x<\/mark>) permissions for other. This owner type consists of all other users on the system apart from the user and the group. When one of these characters is a hyphen (<\/mark>–<\/mark>) instead, that indicates that this permission is not granted for other.<\/mark><\/li>\n<\/ul>\n\n\n\n

    For example, the file permissions for <\/mark>project_t.txt<\/mark> are <\/mark>-rw-rw-r–<\/mark>. Since the first character is a hyphen (<\/mark>–<\/mark>), this indicates that <\/mark>project_t.txt<\/mark> is a file, not a directory. The second, fifth, and eighth characters are all <\/mark>r<\/mark>, which indicates that user, group, and other all have read permissions. The third and sixth characters are <\/mark>w<\/mark>, which indicates that only the user and group have write permissions. No one has execute permissions for <\/mark>project_t.txt<\/mark>.<\/mark><\/p>\n\n\n\n

    Change file permissions <\/strong><\/h3>\n\n\n\n

    The organization determined that other shouldn’t have write access to any of their files. To comply with this, I referred to the file permissions that I previously returned. I determined <\/mark>project_k.txt<\/mark> must have the write access removed for other.<\/mark><\/p>\n\n\n\n

    The following code demonstrates how I used Linux commands to do this:<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The first two lines of the screenshot display the commands I entered, and the other lines display the output of the second command. The <\/mark>chmod<\/mark> command changes the permissions on files and directories. The first argument indicates what permissions should be changed, and the second argument specifies the file or directory. In this example, I removed write permissions from other for the <\/mark>project_k.txt<\/mark> file. After this, I used <\/mark>ls -la<\/mark> to review the updates I made.<\/mark><\/p>\n\n\n\n

    Change file permissions on a hidden file<\/strong><\/h3>\n\n\n\n

    The research team at my organization recently archived <\/mark>project_x.txt<\/mark>. They do not want anyone to have write access to this project, but the user and group should have read access.<\/mark><\/p>\n\n\n\n

    The following code demonstrates how I used Linux commands to change the permissions:<\/mark><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The first two lines of the screenshot display the commands I entered, and the other lines display the output of the second command. I know <\/mark>.project_x.txt<\/mark> is a hidden file because it starts with a period (<\/mark>.<\/mark>). In this example, I removed write permissions from the user and group, and added read permissions to the group. I removed write permissions from the user with <\/mark>u-w<\/mark>. Then, I removed write permissions from the group with <\/mark>g-w<\/mark>, and added read permissions to the group with <\/mark>g+r<\/mark>.<\/mark><\/p>\n\n\n\n

    Change directory permissions<\/strong><\/h3>\n\n\n\n

    My organization only wants the <\/mark>researcher2<\/mark> user to have access to the <\/mark>drafts<\/mark> directory and its contents. This means that no one other than <\/mark>researcher2<\/mark> should have execute permissions.<\/mark><\/p>\n\n\n\n

    The following code demonstrates how I used Linux commands to change the permissions:<\/mark><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The first two lines of the screenshot display the commands I entered, and the other lines display the output of the second command. I previously determined that the group had execute permissions, so I used the <\/mark>chmod<\/mark> command to remove them. The <\/mark>researcher2<\/mark> user already had execute permissions, so they did not need to be added.<\/mark><\/p>\n\n\n\n

    Summary<\/strong><\/h3>\n\n\n\n

    I changed multiple permissions to match the level of authorization my organization wanted for files and directories in the projects directory. The first step in this was using ls -la to check the permissions for the directory. This informed my decisions in the following steps. I then used the chmod command multiple times to change the permissions on files and directories.<\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"

    This Linux project was when I was getting my Google’s Cybersecurity Certificate. The course had many hands on labs paired up with the content for learning’s. As you follow along, I’ll provide details at every section of the lab and the overview to begin with. Keep in mind, these labs were written as if I […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48"}],"version-history":[{"count":5,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":58,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions\/58"}],"wp:attachment":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}