CS计算机代考程序代写 file system cache Microsoft PowerPoint – 05_security-and-permissions-converted-a.pptx

Microsoft PowerPoint – 05_security-and-permissions-converted-a.pptx

File Security and Permissions

© Max Magguilli (2021)

File Permissions (1)

◆ With respect to a particular file, Unix divides the
set of all users on a system into three categories:

– user

❖The owner of the file.

– group users

❖Your group may be 2ndyr, or same as your user

name.

❖Used for easier administration of access control.

❖Normally only the superuser can set up groups.

❖Users can be in more than one group.

– others

❖Everyone else.

File Permissions (2)

◆ Permissions can be viewed with the ls -l command
compute[1] > ls -l
total 1247

-rw——- 1 csnow 99 1117 Jul 23 15:49 bad.cpp

drwx–x–x 2 csnow 99 8 Jul 17 10:13 bibd/

drwxr-xr-x 2 csnow csnow 32 Aug 27 23:18 cache/

-rw——- 1 csnow 99 2081 Jul 23 15:49 tst2.s

-rw-r-xr– 1 csnow 99 1275 Jul 23 15:49 vecexpr.cpp

-rw-r-xr–

File type
– = regular file

d = directory
l=symbolic link

User
Permissions

Group
Permissions

Other
Permissions

r read permission
w. write permission
x. execute permission

File Permissions (3)

◆ Permissions are changed with the chmod
command.

◆ There are two syntaxes you can use:
chmod DDD file [file …]

– DDD are 3 octal digits representing bits of protection

– rwx rwx rwx can be thought of as 111 111 111 in
binary

rw-r–r–

110100100

6 4 4 chmod 644 file

File Permissions (4)

◆ chmod [ugoa][+-=][rwx] file […]

– This is the “symbolic” method.

– chmod u+rwx file gives the User Read, Write, and

eXecute

– chmod g+rx file gives the Group Read and eXecute

– chmod o-rwx file removes R, W, and X from Others

– chmod a+x file gives All eXecute permission

– chmod g=r file gives Group Read permission and
makes sure it has nothing else

◆ Symbolic modes can be appended with commas

– chmod u=rwx,g-w,o-rwx file for instance

File Permissions (5)

◆ The -R option (recursive) to chmod is useful when
working with directories.
– All files and directories would receive those permissions.

– It recursively changes the mode for each chmod operand
that is a directory.

– chmod -R a+rw dir gives everyone read and write
permission to each file under dir (not execute though!!!)

– chmod -R a+rwx dir gives the executable access to allow
people to actually access the files under dir

❖Makes all files executable though …

– chmod -R a+rwX dir gives the executable access only to
those files already executable (programs, directories, …)

The umask command

◆ umask sets the default permissions for any file
you will create

◆ Format is backwards to the chmod command

– tells you which permissions will NOT be given

❖umask 077 means don’t let anyone but the User
do anything with my files by default

◆ Generally set umask once in your .bash_profile
file and never set it again

8

END OF PART 1

SECURITY AND PERMISSIONS

Files and inode (1)

◆ Each file is associated with an inode (index node) in the
inode table of a file system

◆ The inode is accessed by the inode number and
contains the following attributes of the file

– File type (regular, directory, device, link, etc.)

– File permission (the nine permissions and three more)

– Number of links (number of aliases of the file)

– The UID of the owner

– The GID of the group owner

– File size in byte

– Date and time of last modification

– Date and time of last access

– Date and time of last change of the inode

– An array of pointers for all disk blocks used by the file

Files and inode (2)

◆ Use stat file_name to check inode contents of file_name

◆ An inode does not store the name of the file

◆ An inode does not store the inode number of the file

◆ File name and its inode number are stored in the
directory containing the file

◆ A directory is a file containing file name and its
associated inode number of each file in the directory

◆ A directory is a special file because you can not directly
read or write its file content

◆ Each file system has its inode table stored in a separate
area of the disk

◆ The inode number of a file is unique within a single file

system

Regular File Permissions

◆ The meaning of regular file permissions are
simple

– Requires execute permission to run the file as a
command or a program

– Requires read permission to read the file content

❖example: can use more, vi (read only), or open
file for read

– Requires write permission to write the file or modify
the file

❖example: can cp to it or open file for write

Directory Permissions (1)

◆ The meaning of directory permissions are
different from the regular file permissions

– Requires execute permission to access the directory
itself and files and subdirectories in the directory

❖example: cd into the directory

– Requires read permission to list the contents of the
directory

❖example: ls the directory

– Requires write permission to create files, delete
files, and rename files in the directory

❖example: rm a file or mv with a new name

Directory Permissions (2)

compute[1] > ls -l

drwx–x— 2 csnow 99 Jul 17 10:13 bibd/

◆ Files in bibd/ are accessible to user

◆ Files in bibd/ are accessible by name (if you
know the name) for group users

◆ Files in bibd/ and subdirectories are
not accessible to others.

compute[2] > ls -l bibd
-r–r—rwx 1 csnow 99 173 Jul 17 10:13 readme

Exercise – File permission

◆ Create a directory dir1 in your home directory

◆ Edit a file test.txt in dir1

◆ Remove your own read permission of test.txt

◆ Try to display the content of test.txt by cat

◆ Add you own read permission back for test.txt

◆ Remove your own write permission of test.txt

◆ Make some changes to test.txt with an editor
and try to save.

◆ Try to delete the file test.txt

15

END OF PART 2

SECURITY AND PERMISSIONS

◆ Create a directory dir2.
– What is the permission of

dir2?

– What argument is provided to
umask in your .bash_profile
or .bashrc file?

◆ Copy test.txt to dir2/test2.txt

◆ Remove your own ‘r’

permission of dir2.

– Try to ls dir2.

– cat dir2/test2.txt

– cd dir2

– ls

– cd ..

◆ Set your own permission of
dir2 to be r-x

– cp test.txt dir2/test3.txt

– rm dir2/test2.txt

– edit the file dir2/test2.txt using

an editor and save the changes

◆ Set your own permission of
dir2 to be rw-

– cd dir2

– cat dir2/test2.txt

– cp test.txt dir2/test3.txt

– ls dir2

Exercise – Directory Permission