Security With chmod: Part 1 - The Basics

Discussion in 'Filesystem' started by Eric Hansen, Nov 13, 2013.

  1. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    Every Linux system comes with chmod, which allows you to change the mode of a file, directory, etc... Next to chown (change owner) chmod is the next most important programs you can have in your arsenal to properly secure your system. Here I'll go over some of the basics of chmod and how it can help you, and then the next part will cover some more advanced topics like the sticky bit.
    Switches
    chmod comes with a few nice features to help you in your usage. Some of the important ones are what we'll cover.
    Code:
      -v, --verbose          output a diagnostic for every file processed
    Prints out information, mostly if a file was modified or not.
    Code:
      -c, --changes          like verbose but report only when a change is made
    Similar to -v but supresses any text unless its to tell you that a file's been modified.
    Code:
      -R, --recursive        change files and directories recursively
    This lets you change multiple files and folders to the same permissions. This is a huge time saver when you're setting up files on a web server, for example, when it requires 755 permission and the folder is set to 644.
    Code:
          --preserve-root    fail to operate recursively on '/'
    By default if you run a command like "chmod -R 000 /" it will essentially break your system. This switch prevents this from happening.
    Code:
          --reference=RFILE  use RFILE's mode instead of MODE values
    
    If a file already exists with the permissions you want you can use this switch instead and not specify the mode at all.
    File Permission Types
    When you upload files via FTP you will most likely have to modify the permissions, especially if you have your web server properly configured. There are three different types of permissions to be concerned with:
    • User
    • Group
    • World
    The "user" type is specific to the username owner of the object. "group" is the same as user but, as you can guess, is for the owner's group. Lastly, "world" is for everyone on the system. Group and world are the two that should have the most focus when you are wondering what kind of permissions everyone should have.
    How Permissions Work
    With chmod there are 3 different types of permissions each group has:
    • read (4)
    • write (2)
    • execute (1)
    The number next to each one is the numerical value for it. For each permission you want the type to have, you add it up. So if you want a user to have read and write permissions then the user type will be 6.

    Attached Files:

    • slide.jpg
      slide.jpg
      File size:
      75.6 KB
      Views:
      108,013
    Last edited: Nov 18, 2013
    careprost likes this.
  2. careprost

    careprost New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Very helpful thank you)

Share This Page