053 Manage Default File Permissions

Tech Tutorial: Manage Default File Permissions #

Introduction #

In this tutorial, we will dive into managing default file permissions on Red Hat Enterprise Linux (RHEL), a crucial skill for any system administrator preparing for the Red Hat Certified Systems Administrator (RHCSA) exam. Understanding and correctly setting file permissions ensures the security and proper functioning of the Linux operating system.

File permissions in Linux dictate who can read, write, or execute a file. When a file is created, its permissions are determined by the user’s umask value which we will explore in this guide.

Step-by-Step Guide #

1. Understanding Linux File Permissions #

In Linux, each file and directory has associated permissions. Permissions are given to three categories of users:

  • The owner of the file.
  • The group associated with the file.
  • Others (everyone else).

Permissions are defined as follows:

  • Read (r): Permission to read the file.
  • Write (w): Permission to modify the file.
  • Execute (x): Permission to execute the file as a program.

These permissions are reflected as three characters for the owner, three for the group, and three for others (e.g., rwxr-xr--).

2. Viewing File Permissions #

To view the permissions of a file or directory, use the ls command with the -l option:

ls -l filename

Example output:

-rw-r--r--. 1 user group 0 Sep 29 12:00 filename

This output shows the permissions (rw-r--r--), the number of links (1), the owner (user), the group (group), the size in bytes (0), and the date and time of last modification.

3. Understanding umask #

The umask (user mask) command determines the default permission set when a new file or directory is created. umask is not the permissions but rather the complement of the permissions that will be set.

For example, the common umask 0022 ensures that new files have permissions 644 (-rw-r--r--) and directories have 755 (drwxr-xr-x).

To view the current umask, type:

umask

4. Setting umask #

To change the umask setting for the current session, type:

umask 0027

This command sets a more restrictive permission for new files (640 -rw-r-----) and directories (750 drwxr-x---).

5. Detailed Code Examples #

Let’s see how to use umask with real-world examples:

Example 1: Creating Files with Custom umask #

Set the umask and create a file:

umask 0077
touch example1
ls -l example1

Output:

-rw-------. 1 user group 0 Sep 29 12:10 example1

Here, only the owner has read and write permissions.

Example 2: Creating Directories with Custom umask #

Set the umask and create a directory:

umask 0022
mkdir exampledir
ls -ld exampledir

Output:

drwxr-xr-x. 2 user group 6 Sep 29 12:15 exampledir

This directory is accessible by others but they cannot write to it.

Conclusion #

Managing file permissions is a fundamental aspect of securing and administering a Linux system. By understanding and properly using umask, administrators can ensure that files and directories are created with appropriate permissions, thereby safeguarding the system against unauthorized access. Always remember to check your current umask before creating sensitive files or directories, and adjust it according to the needed security level. As you prepare for the RHCSA exam, practice these commands and scenarios to build your confidence and expertise in managing default file permissions on RHEL systems.