Linux file permissions
Every file/directory has three types of owners in Linux. The permissions for each of these 3 owners is represented in Numeric (group of octal representation) or symbolic representation.
Symbolic Notation
The Linux permissions are symbolically denoted similar to something like -rwxrw-w-- or drw-rw-rwx.
Here in symbolic notation, the first letter will either be a ‘d’ or - (blank). Here a ‘d’ means, it is a directory and - means it is a file or it is not a directory. Next coming to the notations ‘r’, ‘w’, and ‘x’. ‘r’ represents the permission to read a file or directory. ‘w’ represents the write permission on a file/directory. ‘x’ implies the execute permission on a file/directory.
The next three places after the ‘d’ bit is for user permission, here rwx is given in order to represent the user has read, write and execute permission. If the user is not given either one or more of these permissions, then it is simply represented by a - (dash). Similarly for group permissions, the next three bits are used, where the permission assigned are represented by the respective letters and a dash is used for the unassigned permissions. Same goes for the other permissions which are represented by the last three bits.
Octal notation
Four numbers are used for the purpose of providing the permissions for a file or directory. The first of these four numbers is reserved for assigning the special permissions, which we will look into in the special file permissions section of this article. The second number is for assigning the user permissions. The third number is for assigning the group permissions and the fourth number is for assigning the other permissions.
Here each permission is assigned based on the weight calculated after examining their symbolic notation. In rwx, ‘r’ is considered as having weight 4, ‘w’ has weight 2 and ‘x’ has weight 1. So these weights are added up to form an Octal notation.
For example:
chmod 4777 filename denotes -rwsrwxrwx, here only setuid special permission is set. Also this is a file so the first bit is -.
chmod 7757 directoryname denotes drwsrwsrwt, where all the special permissions are set. Since this is a directory, first bit is d.
Special file permissions
There are 3 types of special permissions in Linux.
When these permissions are assigned, the user who runs the file or directory assumes the role of the owner of that particular file or directory.
The three special permissions are setuid (Set User id), setgid (Set group id) and sticky bit.
setuid permission:
Set user identification when set, gives the user who runs an operation on that particular file or directory the powers of the owner of that file or directory. i.e., when this special permission is set, the user who runs an operation, indirectly performs the operation as the owner of that file or directory.
setgid permission:
When this special permission is set, the user who runs any operation on a directory or file gets the same privileges of the owner of that directory or file.
Sticky bit:
This special permission is used to prevent unauthorized users from deleting a file or directory. By setting sticky bit, the files or directory can be deleted only by the owner of that file or directory.
Setting the special permissions using symbolic representation
For assigning
(i) setuid:
chmod u+s filename/directoryname
(ii) setgid:
chmod g+s filename/directoryname
(iii) sticky bit:
chmod +t filename/directoryname
For removing
(i) setuid:
chmod u-s filename/directoryname
(ii) setgid:
chmod g-s filename/directoryname
(iii) sticky bit:
chmod -t filename/directoryname
How to set special bits using numeric notation
The special permissions setuid, setgid and sticky bit are denoted as 4,2 and 1 respectively in octal notation representation. So, in the reserved first bit of numeric notation, we give 7 (4+2+1) if we want to give all the special permission to a directory or file. For removing all the special permissions, just give the first number of numeric notation as zero. For removing certain special permissions, just leave out their weights (4,2, or 1) from the first number.
NOTE:
The setuid, setgid and sticky bit permission are of no use if the executable bit (x) is not set in the respective user, group or other permissions. We can identify when the executable bit is not set, as the set bit will be denoted by upper case ‘S’ and sticky bit will be denoted as upper case ‘T’. When the respective executable bits are set, the setuid, setgid permissions are represented by lower case ‘s’ and sticky bit is represented by lowercase ‘t’ and this time, the special permissions work.
PS: This is just a short post of my learnings. So there may not be in depth information of the topic. Will be adding to it as and when I learn more.