Linux File Permissions Management
File permissions in Linux
I secured directories and files by auditing and modifying Linux file permissions using commands like `ls -la` and `chmod`. Ensured appropriate access levels for users and groups, aligning permissions with organizational security policies.
Project description
The work that my organization's research team has done in changing file permissions for certain files and directories within the project directory greatly affects our operations. The existing permissions are not at the appropriate authorization level. Checking and updating the same will help maintain the security of our system. For this challenge, I did the following:
Check file and directory details
The following code illustrates how I utilized Linux commands to identify the current permissions assigned to a specific directory in the file system.
The first line in the screenshot shows the command I entered, while the remaining lines show the output. The code lists the whole contents of the projects directory. I ran the ls command with the -la option to get a complete list of the file contents, which included hidden files. My command produced the following output: one directory entitled drafts, one hidden file named .project_x.txt, and five other project files. The 10-character string in the first column represents the permissions assigned to each file or directory.
Describe the permissions string
The 10-character string can be deconstructed to determine who is authorized to access the file and their specific permissions. The characters and what they represent are as follows:
1st character: This character is either a d or hyphen (-) and indicates the file type. If it’s a d, it’s a directory. If it’s a hyphen (-), it’s a regular file.
2nd-4th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the user. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted to the user.
5th-7th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the group. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted for the group.
8th-10th characters: These characters indicate the read (r), write (w), and execute (x) permissions for other. This owner type consists of all other users on the system apart from the user and the group. When one of these characters is a hyphen (-) instead, that indicates that this permission is not granted for other.
For example, the file permissions for project_t.txt are -rw-rw-r--. Since the first character is a hyphen (-), this indicates that project_t.txt is a file, not a directory. The second, fifth, and eighth characters are all r, which indicates that user, group, and other all have read permissions. The third and sixth characters are w, which indicates that only the user and group have write permissions. No one has execute permissions for project_t.txt.
Change file permissions
The organization decided that the group should not have write access to any of their files. To comply with this, I used the file permissions I had previously returned. I determined that project_m.txt write access must be removed for others.
The code below shows how I used Linux commands to accomplish this:
The first two lines of the screenshot show the commands I entered, while the remaining lines show the results of the second command. The chmod command modifies the permissions of files and directories. The first input defines which permissions should be altered, while the second provides the file or directory. In this example, I deleted the group's read and write permissions to the project_m.txt file. After that, I used ls -l to review the changes I had made.
Change file permissions on a hidden file
The research team at my organization just archived project_x.txt. They do not want anyone with write access to this project, but the user and group should have read access.
The code below shows how I used Linux commands to modify the permissions:
The first two lines of the screenshot show the commands I entered, while the remaining lines show the results of the second command. I know .project_x.txt is a hidden file because it begins with a period. In this example, I deleted write permissions from both the user and the group while adding read capabilities to the group. I deleted the user's write permissions with u-w. Then, I used g+r to add read access to the group and g-w to remove write permissions from it.
Change directory permissions
My organization only wants researcher2 to have access to the drafts directory and its contents. This suggests that only researcher2 should have execute permissions.
The code below shows how I used Linux commands to modify the permissions:
The directory (drafts) with restricted rights. Only researcher 2 has execute permissions, as you can see in the image. I used the chmod command to eliminate the group's execute permissions, which had previously been identified. They didn't need to be added because the researcher2 user already had execute permissions.
Summary
I modified a number of permissions for files and directories in the projects directory to reflect the degree of authority my organization desired. Checking the directory's permissions with ls -la was the initial step in this process. This helped me make decisions about the next steps. I then changed the permissions of files and directories several times using the chmod command.