|
Linux-Permissions.HOWTO
Version 0.6 - March 3, 1998
This document describes to the best of the authors understanding the use
and definitions of file and directory permissions as used on Linux systems
operating with the ext2 file system and linux kernel 2.0.33
WARNING! Improper use of information contained in this document may potentially
cause damage to your system files, hardware, and/or setup, and can
also cause security holes to be inadvertently created which may give
others access to your personal files, or root files if root is the one
doing the modifications. Use this information at your own risk.
This document gives an example of how to set up access permissions to control
group file access under Linux using an anonymous FTP directory tree as an
example.
This document assumes that you have access to the root account to set things
up though the information is also very useful for controlling access to files
in your personal directory tree or group project directory trees of which you
are a member even if you don't have root access.
Terminology:
Symbolic permission bits you will find on files and directories:
r = read access
w = write access
x = execute access
s or S = set user id, or set group id. Also known as the "sticky" bit.
t or T = restrict deletions to the owner of the file only.
Sticky Bit = Also known as the 'S' flag is a special flag that can be set
on a file or directory that does different things depending on
how it's used. Understanding how to properly make use of this
flag is critical to maintaining a secure linux system as improper
use of this flag can lead to unintentional security holes that
can potentially allow unauthorized users to gain access to the
root account on your system. This bit acts differently on
under different unix operating systems. In this HOWTO, we are
only considering how this bit affects files and directories
operating under the second extended (ext2) linux standard
filesystems with linux kernel versions in the 1.x and 2.0.x
series kernels.
user = Permissions for the owner (or creator) of the file
group = Permissions for those who are a member of the file's group
other = Permissions for others, (world access)
suid = acronym for Set User Identification
sgid = acronym Set Group Identification
newgrp = Contraction of the words 'new group'. Command to change the default
group for your current session from a list of groups of which you
are a member. Restrictions: Changing the default group for a given
session will not override the s bit on the group permissions for a
directory entry. In otherwords, files in that directory will still
inherrit the group name of the parent directory when created.
see: man newgrp
groups = Command to list the groups to which you belong.
chmod = Command to modify the permission flags of files or directories.
Restrictions:
Can be used by root to modify permissions on any file or directory.
Can be used by the owner to modify permissions on any owned file
or directory.
Can not be used by group members or others to modify permissions
regardless of permissions.
see: man chmod
chown = Command to modify the user and group ownerships of a file or directory
Restrictions:
Can be used by root to change both the owner and group
of any file regardless of permissions.
Can be used by the owner of a file to change the
files group if the owner is a member of the target group.
Can not be used by a group member or others to modify the
owner or group of the file regardless of permissions.
Using this command will remove any sticky bits on the file.
see: man chown
chgrp = Command to modify the group ownership of a file.
Restrictions:
Does not affect user ownership of a file.
Can be used by root to change the group of any file.
Can be used by the owner of a file to change the
files group ownership if the owner is a member of the target group.
Can not be used by group members or others to modify the group
regardless of permissions.
Using this command will remove any sticky bits on the file.
see: man chgrp
ls = linux command to list files.
see: man ls
umask = Command to set up a file creation mask to make sure some permissions
are always off when a file or directory is created (even if on by
default) or to allow default permissions to be passed on to the file.
A one bit in the umask ensures the permission is always off for new
files. A zero bit will allow the default permission to be passed to
the new file. A typical umask would be 022 which would ensure that
anyone other than the owner could not write or modify a file, but
everyone could read or possibly execute the file. The umask is an
octal number (base 8). A umask of 027 would disallow anyone other
than owner and group from accessing files you create. (note: if you
are root, don't use 027 or it will create a lot of problems for your
users.) Root should use 022 then modify permissions manually on any
files you wish to allow group write access. You should never allow
world write access on files owned by root. If you are setting up
group projects where it is planned that anyone belonging to the
group should have write access to group files, then each group
member should set their private umask to 002 or 007 either
permanently, or at least while working in group project directories.
You should never use a umask of 000 as this will allow anyone
to modify files you create when using this umask.
see: man umask
find = The find command under Linux allows you to target specific
groups of files, directories file links, pipes, character devices,
or just about any other type of file(s) in a Linux system for
manipulation.
see: man find
-------------------------------------------------------------------------------
If you use ls -l to list files, it will show file permissions in the form:
drwxrwxrwx Symbolic codes
| ^^^----- others (world access) [ - r w x t T ]
| ^^^--|----- group (group access) [ - r w x s S ]
|^^^--|--|----- user (owner access) [ - r w x s S ]
^--|--|--|----- file type [ - d b c p l s ]
| | | |
| | | \_____ - r w x t T - = permission flag for world is not set
| | | r = file is world readable. On directories
| | | the directory is world listable if the
| | | x flag is set. The directory is not
| | | world accessible at all if the x flag is
| | | not set.
| | | w = file or directory is world writable
| | | x = file is world executable. On directories,
| | | the directory is world accessible. If the
| | | read flag is unset on a directory, the
| | | files are still accessible to world if
| | | the exact file name is known.
| | | t = restrict delete to owner only.
| | | lower case means file is also world
| | | executable. On directories, restrict delete
| | | of any files in the directory to owner only.
| | | T = same as the lower case t except the x flag
| | | is not set for the world.
| | |
| | \________ - r w x s S - = permission flag is not set for group
| | r = file is group readable, on directories
| | the directory is group listable if the
| | x flag is set. Not group accessible at all
| | if the x flag is not set.
| | w = file or directory is group writable
| | x = file is group executable. On directories,
| | the directory is group accessible. If the
| | read flag is unset on a directory, the
| | files are still accessible to group if
| | the exact file name is known.
| | s = allow sgid (set group id) to the same group
| | as that of the file when file is executed.
| | Lower case s also means the group x flag is
| | set.
| | If set on a directory, any files created
| | will not inherit the flag, but will
| | inherit the same group as that of the parent
| | directory. Any subdirectories created will
| | inherit both the parent group and the s flag.
| | S = same as the lower case s except the x flag
| | is not set for the group.
| | Warning! Improper use of the s flag "Sicky bit"
| | can create security holes.
| |
| \___________ - r w x s S - = permission flag not set for owner
| r = file is owner readable. On directories
| the directory is owner listable if the
| x flag is set. Not owner listable
| if the x flag is not set.
| w = file or directory is owner writable.
| x = file is owner executable. On directories,
| the directory is owner accessible. If the
| read flag is unset on a directory, the
| files are still accessible to the owner if
| the exact file name is known.
| s = allow suid (set user id) to same owner
| as that of the file when the file is executed.
| lower case s also means the user x flag
| is set.
| If set on a directory, any files created
| in that directory will not inherit the s
| flag but will inherit the same ownership
| as that of the parent directory. Any
| subdirectories created will inherit both
| the parent directory ownership and the s flag.
| S = same as the lower case except the x flag
| is not set for the owner.
| Note: The owner of a file or directory can always change
| permissions on that file or directory even if they
| are all turned off. ie: "d---------". Also, the
| owner of a directory can delete files in that
| directory created by anyone else, including root,
| and can delete empty directories created by anywone
| else, including root, in the directories they own.
| This does not apply to recursive deletes. This is a
| diliberate feature of the ext2 filesystem. However,
| though you can delete such files or empty
| directories overriding the permissions on the file,
| you can not necessarily modify them, or change
| permissions or ownerships on these types of files.
| Warning! Improper use of the s flag "Sticky bit" can create
| security holes.
|
\______________ type of file: b = file is a block device (buffered) special
usually used for disk drives.
s = socket
d = directory
l = symbolic link (not a hard link)
- = regular file
c = file is a character device (unbuffered)
special. Usually used for tty's.
p = named pipe (FIFO)
see the /dev directory for examples of some of
these types of files. As a normal user you
will generally be dealing only with regular
files, directories, and possibly symbolic
links. System administrators and device
driver programmers may from time to time have to
deal with the other file types in their work.
They are beyond the scope of this document.
see: man mknod
note: do an ls -l /dev for some examples
also, you can use the find command to find specific types of files
examples:
find /dev -type s find all sockets in the /dev directory
find /dev -type b find all block devices in /dev
find * -type f find all regular files in the current
directory and subdirectories
Permissions on files can be changed with the chmod command. (see: man chmod)
ownership of the files can be changed with the chown and chgrp commands.
(see: man chown ; man chgrp )
If the numeric mode of chmod is used, the file permissions are expressed
with a number in octal (base 8) which represent a bit pattern for the
symbolic permissions. Some typical examples:
Note: The bit patterns are included here to illustrate that the first octal
number is what determines whether or not the "s" or "t" flags are set in
the coorsponding symbolic permissions for a given file or directory.
(Wether or not the file is a directory, device, or regular file is not
determined by the chmod command but by how you create the file.
ref: see man entries for mkdir and mknod for creating new directories
or making devices. Also see /dev/MAKEDEV (A script to help correctly
create standard device entries in the /dev directory.)
Examples:
chmod resulting symbolic
octal number bit pattern permission flags comments
-----------------------------------------------------------------------------
0777 000 111 111 111 drwx rwx rwx world read, write, execute
1777 001 111 111 111 drwx rwx rwt world read, write, execute
restrict delete to owners
only. May be useful on a
system wide /tmp directory
0666 000 110 110 110 -rw- rw- rw- world read/write, no execute
ie: text file
0755 000 111 101 101 -rwx r-x r-x owner read, write, execute,
group read, execute
world read, execute
ie: normal program file
0750 000 111 101 000 -rwx r-x --- owner read, write, execute
group read, execute
world access off.
ie: restricted program file
2772 010 111 111 010 drwx rws -wT owner read, write, execute
group read, write, execute
set group id to that
of the parent directory's
group for any files created
in this directory.
world write access only.
Restrict deletes to owner only.
This combination with or
without the delete restriction
might be useful on the
incoming directory entry of
an anonymous FTP upload
directory.
2770 010 111 111 000 drwx rws --- owner read, write, execute
group read, write, execute
sgid on files created in
this directory to the group
of the parent directory.
world access off.
This combination would be
useful for group project
directories where multiple
users will need to share
files. Note: the users
umask should be set to 002
or 007 when creating files
in this directory to give
other group members write
access to group files they
create.
2664 010 110 110 100 -rw- rwS r-- example of an "improper" use
of the sgid flag on a regular
text file.
4664 400 110 110 100 -rwS rw- r-- example of an "improper" use
of the suid flag on a regular
text file.
4755 100 111 101 101 -rws r-x r-x example of proper use of the
suid flag for a file that
is intended to temporarily
set the user id to that of
file. example /bin/login
generally used on stable
security programs only.
6755 110 111 101 101 -rws r-s r-x example of proper use of both
the suid and sgid flags on
a file that is intended to
temporarily set both the
user id and group id to
that of the file.
example /usr/sbin/sendmail.
This can create security holes
if such a program is designed
improperly, is unstable, or
can be crashed when in use
which might be made to drop
the user to a root shell if
the owner of the file happens
to be root.
2775 010 111 111 101 drwx rws r-x sgid to parent group for any
files created in this
directory.
world read access on.
may be useful for certain
public directories in an
anonymous FTP directory
structure for the directories
entries, not for the files in
those directories. Same for
group projects with world
read access intended.
If so used, the files and
directories should not be
owned by "ftp" since that
is the ownership that
anonymous users aquire when
they login. Set ownerships
to ftpadm or root or something
else if you do this.
0664 000 110 110 100 -rw- rw- r-- world read only text file.
2771 010 111 111 001 -rwx rws --x world execute only, no read.
sgid to files' group upon
execute. (potential security
hole since group has write
access)
3755 011 111 101 101 -rwx r-s r-t world execute, sgid group,
restrict delete to owner only.
pointless, but possible.
3775 011 111 111 101 -rwx rws r-t world execute, group modify,
sgid group, restrict delete
to owner only, pointless and
a possible security hole.
3770 011 111 111 000 -rwx rws --T group execute and modify,
no world access, but
restrict delete to owner only.
possible security hole.
3770 011 111 111 000 drwx rws --T group directory that restricts
delete of files to owner only
but allows group members to
create new files. No world
access.
6777 110 111 111 111 -rws rws rwx File with a major security
hole. Improper use of the
suid and sgid flags since
there is world read, write,
execute permissions.
ie: the file could be easily
replaced by anyone with
anything to gain root access
if the owner and/or group are
root.
2007 010 000 000 111 ---- --S rwx security hole.
4007 100 000 000 111 ---S --- rwx security hole.
6007 110 000 000 111 ---S --S rwx security hole.
7002 111 000 000 010 ---S --S -wT security hole.
4002 100 000 000 010 ---S --- -w- security hole.
as root, use:
find / -perm 6000
To find all suid and sgid programs, files, and directories on your system.
Become familiar with the normal (authorized) ones.
If you don't understand why a given file has a suid or sgid bit set, and are
concerned that the file in question may pose a security risk (maybe a game
file or something), you can try removing the sticky bit and see if it still
works without it. If the file isn't needed by everyone on the system, you
will create a much more secure system by removing world permissions for the
file and setting up a trusted group to which you can add members that need
access to the file.
The following is an example of how to change directory ownerships and
permissions on directories entries only in a directory structure and assumes
you have a group already setup on your system called "ftpadm":
(this would normally be done as root)
Warning: Don't do this unless you are damn sure about what you are doing.
You may get yelled at by your sys admin.
find /home/ftp/pub -type d -exec chown root:ftpadm {} \;
find /home/ftp/pub -type d -exec chmod u=rwx,g=rwxs,o=rx {} \;
What these two command lines do, is first find all the directory entries
recursively under the path /home/ftp/pub, then passes each hit to the
command(s) "chown" and "chmod" replacing the braces {} in that command with the
full path of each directory name. The \; ends each "-exec" sub-command
allowing the "find" command to continue on to the next target.
The first find command sets the user ownership to `root' and the group
ownership to `ftpadm' for all directory entries in this directory tree.
the -type d flag restricts the targets to directories. (ignoring any files in
those directories). The second find command targets the same directories
but modifies the permissions with the chmod command.
Note the use of the sticky bit 's' on the group permissions.
A similar command line could be used to target files only, ignoring
directory entries:
Warning: Don't do this unless you are damn sure about what you are doing.
You may get yelled at by your sys admin.
find /home/ftp/pub -type f -exec chown root:ftpadm {} \;
find /home/ftp/pub -type f -exec chmod u=rw,g=rw,o=r {} \;
See the man page on the "find" command (man find) for more usage tips.
Note the lack of use of the s flag on the above example.
the -type f flag means we are targeting files only now instead of directories.
Copyright 1997-1998 by Garen L. Erdoisa All Rights Reserved.
This document is provided as is. The author makes no claims that any of the
information contained herein is accurate, or will remain accurate in the
future or will pertain to your particular system setup and/or operating
system.
In other words, use the information at your own risk.
The author disclaims any responsibility for any use whatsoever of information
contained in this document, regardless of whether it damages your computer or
any information on your computer system or creates security holes in your
system setup allowing others to damage your system hardware or software or
any other types of files.
WARNING! Improper use of information contained in this document can potentially
cause damage to your system files, hardware, and/or setup, and can
also cause security holes to be inadvertently created.
Permission is granted to copy and distribute modified versions of this
HOWTO under the conditions for verbatim copying, provided that the
entire resulting derived work is distributed under the terms of a
permission notice identical to this one.
Permission is granted to copy and distribute translations of this
manual into another language, under the above conditions for modified
versions, except that this permission notice may be included in
translations approved by the Free Software Foundation instead of in
the original English.
This HOWTO was written by
Garen L. Erdoisa <gerdoisa@micron.net>
<scamper@trisk.com>
|
Re: за права в бъдеще време [re: Cтepн™]
