UNIX 202 Section 2

Chapter 4 presented a look at how UNIX file security works. In order to log into a unix system, you must have a user ID which is assigned to you by a superuser, a.k.a. system administrator. The superuser does this by creating an entry in the /etc/passwd file, which can only be modified by a superuser. Your user ID is what everyone else in the unix system knows you by. Users may be organized into groups in order to share files while still protecting those files from people outside of the group, a user may be in more that one group. You can find out what group you or anyother UNIX user is in using the groups command.

There are three different levels of security in UNIX, these are system, directory and file. The superuser controlls the system security by controlling who is allowed to access the system by modifying the /etc/passwd file. Directory Security is controlled the same way as file security, using a set of permission codes associated with each file and directory. These codes are either symbolic or octal.

These codes, as mentioned above, are either symbolic or octal. Using symbolic code, the letter r stands for read, w stands for write and x stands for execute. These are all different permissions that are either granted or denied to the user, group, and others. These can be set using the chmod command. An example of what a file's permission may look like: -rwxr-x---. This means that (not including the first dash because it is a file, if it were a directory there would be a "d") The first three characters stand for the user's permission, read write and execute. The second set of three is the group permission, read and execute, and the last three in this case all dashes means that others have no permission. If we were using octal code, the "r" has a value of 4, the "w" a value of 2 and the "x" has a value of 1. So we could change all of the permissions to read and execute by saying "chmod 555 file".

User masks can be thought of as a variable in octal code that decides what the default permission is of any newly created directories and files. In UNIX the default permissions are: 777 for directories and 666 for files. The superuser decides what your mask is when he creates your login file. The way user masks work, is by setting an octal code that will remove permissions from these defaults once a file or directory is created. For example, the default permission for a directory is 777 (everyone has read, write, and execute permission) however if the mask is set to 024, this means that 0 permission will be subtracted from the user, 2 will be subtracted from the group (2=write) and 4 will be subtracted from others (4=read). So this means that new directory permissions are 753 and file permission is 642. You can check your mask by using the umask command. When the umask command is used with no arguments, it will simply return the user's mask. It can also be used to change the mask, example: umask 011.

All files and directories must have an owner and a group. When you create a file or directory, you are the owner and the group is whatever group(s) you may be in. The ownership and group can be changed using the chown command and the group can be changed using the chgrp command. The chown command changes the owner, and if you want, the group too. The new owner can be either a user ID or a login name. The same goes for the new group. The chgrp command works the same as the chown command, except it only changes the group. Once the ownership is changed, only the superuser or the new owner can change the ownership, so there is no way for a normal user to get the ownership on their own. Syntax for chown: chown options newOwner:newGroup file

The only options for these commands is the -R option which stands for recursive. The recursive option will recursively change the ownership and/or group of all files and directories in a working directory.