File Permissions and Ownerships

Chapter 2: Understanding File Permissions and Ownership

In this chapter, we will delve deeper into the Linux file system, the types of users, the concept of the root user, permission management using both numeric and symbolic methods, and the role of the sudoers file. Understanding these concepts is essential for securing a Linux environment.

The Linux File System Overview

The Linux file system is structured hierarchically, starting from the root directory (/) and branching out into subdirectories. Each file and directory has associated permissions and ownership settings, determining who can read, write, or execute the file.

Key Components of the Linux File System:

• Files: The basic units of data storage. They can be regular files, directories, symbolic links, etc.

• Directories: Containers for files and other directories, allowing for organized file storage.

• Special Files: Include device files (representing hardware devices), named pipes, and sockets.

Types of Users in Linux

1. Root User:

   • The superuser with complete control over the system.

   • Has unrestricted access to all files and commands, enabling administrative tasks such as installing software, modifying system settings, and managing user accounts.

   • The root user is represented by the username root and has a user ID (UID) of 0.

2. Regular Users:

   • Created for individual users to perform daily tasks without needing root privileges.

   • Each user has their own home directory and specific permissions associated with their files.

3. Service Accounts:

   • Special accounts used by system services or applications, often without a home directory and typically restricted from interactive logins.

File Permissions in Linux

File permissions in Linux are classified into three categories: User (owner), Group, and Others. Each category can have three types of permissions: read (r), write (w), and execute (x).

Numeric vs. Symbolic Permissions:

1. Numeric Method:

   • Permissions are represented by three digits, with each digit corresponding to a specific permission set:

     • User (Owner): 4 (read), 2 (write), 1 (execute)

     • Group: 4 (read), 2 (write), 1 (execute)

     • Others: 4 (read), 2 (write), 1 (execute)

   • The sum of permissions for each category creates a three-digit code. For example:

     • 755:

       • User: 7 (4+2+1) – read, write, execute

       • Group: 5 (4+1) – read, execute

       • Others: 5 (4+1) – read, execute

       • For example, to add execute permission for the user:

         chmod 700 file.txt

2. Symbolic Method:

   • Permissions are represented using letters:

     • u for User (owner)

     • g for Group

     • o for Others

     • a for All (user, group, others)

   • The operators used are:

     • +: Adds a permission

     • -: Removes a permission

     • =: Sets exact permissions

   • For example, to add execute permission for the user:

     chmod u+x file.txt

The sudoers File

The sudoers file controls who can run what commands as the root user or another user. It allows for fine-grained control over permissions, letting certain users execute commands with elevated privileges while maintaining system security.

• Located at /etc/sudoers, it should only be edited with the visudo command to prevent syntax errors.

• Users can be granted permissions to execute specific commands or all commands as root, enhancing flexibility and security.

Use Cases for File Permissions

1. Web Server Files:

   • Set the web server’s document root directory to be readable by the web server user, but not writable.

2. Sensitive Data:

   • Restrict access to files containing sensitive information (e.g., passwords) by allowing only the owner to read/write.

3. Shared Projects:

   • Allow group members to collaborate by setting write permissions for the group on project files.

4. Executable Scripts:

   • Grant execute permission to scripts while keeping read/write permissions restricted to the owner.

5. Temporary Directories:

   • Use temporary directories with restricted permissions to hold files that should not be accessed by unauthorized users.

6. Service Accounts:

   • Set specific permissions for service accounts to ensure they can access only the files needed for their operation.

7. Backup Files:

   • Restrict permissions on backup files so that only administrators can modify or delete them.

8. User Home Directories:

   • Ensure user home directories are private by default, allowing only the user to read/write.

9. Public Files:

   • Set public files (e.g., shared documents) to be readable by all users while restricting write access.

10. System Configuration Files:

    • Protect system configuration files from unauthorized changes by limiting write access to the root user only.

✅ Step-by-Step: Set Up Logging for Permission Changes

1. Install auditd

sudo apt update
sudo apt install auditd audispd-plugins

2. Enable and start the service

sudo systemctl enable auditd
sudo systemctl start auditd

3. Add audit rules for permission changes

Edit the audit rules file:

sudo nano /etc/audit/rules.d/perm_change.rules

Paste the following rules:

-a always,exit -F arch=b64 -S chmod -k perm_change
-a always,exit -F arch=b64 -S fchmod -k perm_change
-a always,exit -F arch=b64 -S fchmodat -k perm_change
-a always,exit -F arch=b64 -S chown -k perm_change
-a always,exit -F arch=b64 -S fchown -k perm_change
-a always,exit -F arch=b64 -S fchownat -k perm_change

If you're on 32-bit, change arch=b64 to arch=b32.

Save and exit.

4. Restart auditd

sudo systemctl restart auditd

5. Test it

Now run a command like:

chmod 777 test.txt

Then view the log:

sudo ausearch -k perm_change

---

✅ Output Example:

You’ll see entries like:

type=SYSCALL msg=audit(1713119712.234:123): arch=c000003e syscall=90 success=yes ...
exe="/usr/bin/chmod" ...

---