File Permissions

Understanding the output of the stat command

Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.

Summary

The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us!

Basic example

If we use the command on our /etc/passwd file, we might get output like below.

# stat /etc/passwd
  File: /etc/passwd
  Size: 3387      	Blocks: 8          IO Block: 4096   regular file
Device: 10303h/66307d	Inode: 47186412    Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-05-08 15:17:01.121123879 +0200
Modify: 2024-03-04 14:01:44.569913427 +0100
Change: 2024-03-04 14:01:44.577913496 +0100
 Birth: 2024-03-04 14:01:44.569913427 +0100

Explanation of the fields

Let’s have a look at all the fields and understand what the shared information means.

How to change file permissions

Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.

Summary

Changing file permissions: chmod

The primary command to change file permissions on a Linux system is chmod. It’s a basic system administration utility and pre-installed on the system.

To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l command, that lists them with the long format.

ls -l /etc/hosts
-rw-r--r-- 1 root root 241 Feb  2 19:10 /etc/hosts

There are two syntax styles to tell chmod what the new value should be. So let’s look at them both.

Linux file permissions

Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.

Summary

File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file.

This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information.

Main permissions

  • Read (r): Allows users to view the contents of a file or directory
  • Write (w): Grants users the ability to modify the contents of a file or directory
  • Execute (x): Enables users to execute a file or access the contents of a directory
PermissionAbbreviationOctal value
Readr4
Writew2
Executex1

Possible combinations:

Introduction in Linux file permissions

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.

Summary

Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them.

Read, Write, and Execute

Linux file permissions are divided into three main categories:

  • Read (r): Allows users to view the contents of a file or directory
  • Write (w): Grants users the ability to modify the contents of a file or directory
  • Execute (x): Enables users to execute a file or access the contents of a directory

User, Group, and Others

These permissions are each assigned to three entities:

How to find hard links or files that point to a specific file

Learn how to find hardlinks on a file system or which files they have in common. We will use the find command to get this information quickly available.

Summary

If you want to know which hard links are present, the find utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links.

Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another.

When we have a directory with hard links, we can discover by looking at the link count of each file. If it has more than 1 link, then there must be a hard link present.

Changing file permissions on macOS (and using flags)

Using file flags on macOS. While performing system hardening on macOS, you may encounter a typical chmod error. Learn how to fix this type of error

Summary

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

File permissions of the /etc/shadow password file

Got an issue with the file permissions of your /etc/shadow password file? Look no further and get it fixed.

Summary

The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files.

Passwd file

The password file stores local accounts of the system. It is a readable text file and uses colons (:) to separate the fields. In this file the account names, identifiers, and other descriptive fields are stored. This file helps with converting user IDs to names (and back).

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

Summary

Hardening Linux binaries by removing setuid

Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets.

Root permissions

The command ping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds. The truth is that a network socket needs to be opened, to send an ICMP package.

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. Learn how to achieve this.

Summary

A.1.2.d Verify that viewing of log entries is restricted to the owning entity.

To limit exposure to information, PCI DSS requires access of logging to only the entity owning that log file. In other words, we have to search for those entries which can be seen by others.

By default, most log files on Linux based systems will be stored in /var/log. We can do a quick check for any files which are world readable, by using find.

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.

Summary

Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.

Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

Conducting a Linux Server Security Audit

Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.

Summary

Auditing a system can be a time-consuming job, which is no different when conducting a Linux server security audit. Within this article, we give some highlights regarding the audit and tips to automate them by using Lynis.

The business goal

Before auditing any system, determine the business goal of the system. How critical is this system for doing business? What if the system goes down?