Permissions

Every Linux file has a set of permissions that determine who can read, write, or execute the file. Running ls -l displays these permissions.

Only the owner of a file or dir can change permissions (the exception is the super user)

Example:

$ ls -l init
-rwxr-xr-x 1 root root 1440152 May  7  2022 init*

File Types:

-: regular file
d: directory
l: symbolic link
p: pipe
s: socket
c: character device
b: block device

Permissions can be read, write, or execute for user (#2 in text graphic above) , group (#3 in text graphic above), and others (#4 in text graphic above)

SUID, GID, Sticky Bit Permissions

SUID

SUID = Set UserId bit
When the SUID bit is set, the file is executed as the owner of the file, rather than the person running that file

$ touch suidfile
$ ls suidfile
suidfile
$ ll suidfile
-rw-rw-r--. 1 azureadmin azureadmin 0 Aug 28 17:46 suidfile
$ chmod 4660 suidfile
$ ls -l suidfile
-rwSrw----. 1 azureadmin azureadmin 0 Aug 28 17:46 suidfile

Find SUID files: find . -perm /4000

SGID

File is executed as the owning group of the file, rather than the person running the file

$ touch sgidfile
$ chmod 2440 sgidfile
$ ll sgidfile
-r--r-S---. 1 azureadmin azureadmin 0 Aug 28 17:49 sgidfile

Find GUID Files: find . -perm /2000

Sticky bit

The sticky bit is typically set on public directories to inhibit file erasures by non-owners

ACLs

In addition to the standard UGO/RWX permission model, you can also apply ACLs to files and directories
ACLs define permissions for named users and named groups
ACLs are categorized into two groups, default ACLs and access ACLs
- Access ACLs are set on individual files and directories
- Default ACLs can only be applied at the directory level and are inherited by subdirectories and files
There are two commands to manage ACLs getfacl and setfacl setfactl -m user:mary:rwx /marysFile