Groups and Users

Next: FIREWALLS AND PROXY SERVERS Up: GENERAL LINUX Previous: Services and Daemons Contents Index

Groups and Users

File and directory permissions are the basic means for providing security on a system. They are also the last line of defense against an unauthorized user reading or modifying information that does not belong to them. A properly configured system contains files and directories which are only accessible to the users in which were authorized to access those files and directories. The set of rules that a file or directory is given to tell it who can and can't access it are known as permissions. These file and directory permissions are assigned by both user and group.

Each file and directory has three sets of permissions associated with it. It gives permissions to owner, group and other. Below is the result of a sample directory listing produced by executing ls -l, displayed with each field broken down:

$\resizebox*{4.4in}{!}{\includegraphics{images/Permissions.eps}}$

[Field 1:]Permissions for this file. We will break down these nine file permission settings in the next section.
[Field 2:]Number of hard links to this file or directory. These links can be directories.
[Field 3:]Owner of the file. The users user name is displayed, if no user name is associated with the owner then the user ID number is displayed.
[Field 4:]The group to which the file belongs. A group name will be displayed here, if no group name is associated with the ID then the ID number is displayed.
[Field 5:]This is the size of the file in bytes.
[Field 6:]The date of the last time the file was modified.
[Field 7:]The name of the file.

There are three options for file permissions. Read (r), write (w) and execute (x). These three options can each be assigned to the user, group and other attributes of each file and directory. We can break down field one above as follows:

: 1222333444
-rw-r-r-

Special Flag
Owner permissions
Group permissions
Other permissions

We have S as a special attribute. Here is a list of special attributes:

d - Directory
s - socket
b - block special file (IE: /dev/hda)
c - character special file (IE: /dev/tty)
l - sybolic link
p - named pipe

Next we have the owner of the file, followed by the group and finally the other. Each one can have their own set of read, write and executable permissions.

Next: FIREWALLS AND PROXY SERVERS Up: GENERAL LINUX Previous: Services and Daemons Contents Index