`
If you find these tutorials useful, Please consider making a donation.

TheFrugalComputerLinuxLogo.png
TheFrugalComputerGuy.png
Linux Command Line 9
Advanced File Permissions







Linux Command Line (25) setuid

The setuid permission bit flag is for set userID. When the setuid flag is enabled, it allows users to run an execute file with the permissions of the file owner.

The most common example used when explaining the setuid permission bit flag is the passwd command. Every user on the system can update their password by executing passwd. The passwords are stored in the /etc/shadow - A file that is owned by root and can only be updated by privileged users. When a user on the system executes passwd, they run it as the root user which allows passwd to update the /etc/shadow file.

When the setuid is enabled, the file owner executable permission bit will show as an s instead of an x.

The rest of the video shows how create our own executable file and enable the setuid bit. We find that the executable file must be a compiled program and the file owner must be root.





 






Linux Command Line (26) setgid and sticky bit

setgid is short for set the groupID flag. When the setgid bit flag is enabled for a directory, it allows all members of that group, to be able to create a files and directories in that directory, with the group of that directory.

When the setgid flag is enabled, an s will replace the x for the group executable permission bit.

The sticky bit a a permission bit flag that when enabled for a directory, will only allow file owners permissions to remove their own files and directories from that directory.

When the sticky bit is enabled, the other executable bit will show as a t instead of an x





 






Linux Command Line (27) ACLs pt1

I have added a group called auditors and a directory called auditors-need-to-read in the chemistry directory

We want everyone in the chemistry group to continue to have read, write, and execute permissions for every file in the chemistry directory but we also want the new auditors group to have read permissions for the chemistry directory and the auditors-need-to-read directory. To do this we will need to use ACLs

ACL is for Access Control List and the command we use to view the file ACLs is getfacl (for get File Access Control List) and the command we use to set ACL file permissions is setfacl for (set File Access Control List)





 






Linux Command Line (28) ACLs pt2

We pick up from where we left off in the last video, showing the lisa user created default file ACL permissions for the auditors group for the auditors-need-to-read directory

We then look at what the file ACL mask is and how it works

We then show how to remove ACL permissions and how to remove all file ACL permissions to leave the files as if no file ACL permissions were ever added.





 






Linux Command Line (29) File Attributes

File Attributes, like file ACLs may not work completely on all Linux file systems - and we look at the man page to show that some of the attributes will not work on the file system used in this video.

We see that lsattr is for lists attributes and chattr is for change attribute

We see how to set the immutable file attribute and make a file unchangeable. Then we see how to remove the immutable file attribute.

Then we look at setting the append only file attribute and see it only allow additions or appended data to that file, but the data on the file is unchangeable and remove the append only file attribute.

We also look at making a directory immutable and end making a directory append only.