Security With chmod: Part 1 - The Basics

E

Eric Hansen

Guest
Every Linux system comes with chmod, which allows you to change the mode of a file, directory, etc... Next to chown (change owner) chmod is the next most important programs you can have in your arsenal to properly secure your system. Here I'll go over some of the basics of chmod and how it can help you, and then the next part will cover some more advanced topics like the sticky bit.
Switches
chmod comes with a few nice features to help you in your usage. Some of the important ones are what we'll cover.
Code:
  -v, --verbose          output a diagnostic for every file processed
Prints out information, mostly if a file was modified or not.
Code:
  -c, --changes          like verbose but report only when a change is made
Similar to -v but supresses any text unless its to tell you that a file's been modified.
Code:
  -R, --recursive        change files and directories recursively
This lets you change multiple files and folders to the same permissions. This is a huge time saver when you're setting up files on a web server, for example, when it requires 755 permission and the folder is set to 644.
Code:
      --preserve-root    fail to operate recursively on '/'
By default if you run a command like "chmod -R 000 /" it will essentially break your system. This switch prevents this from happening.
Code:
      --reference=RFILE  use RFILE's mode instead of MODE values
If a file already exists with the permissions you want you can use this switch instead and not specify the mode at all.
File Permission Types
When you upload files via FTP you will most likely have to modify the permissions, especially if you have your web server properly configured. There are three different types of permissions to be concerned with:
  • User
  • Group
  • World
The "user" type is specific to the username owner of the object. "group" is the same as user but, as you can guess, is for the owner's group. Lastly, "world" is for everyone on the system. Group and world are the two that should have the most focus when you are wondering what kind of permissions everyone should have.
How Permissions Work
With chmod there are 3 different types of permissions each group has:
  • read (4)
  • write (2)
  • execute (1)
The number next to each one is the numerical value for it. For each permission you want the type to have, you add it up. So if you want a user to have read and write permissions then the user type will be 6.
 

Attachments

  • slide.jpg
    slide.jpg
    75.6 KB · Views: 109,250
Last edited:



Staff online

Members online


Top