Subtitles of the Movie

Exam objective 1.104.5 has a weight of 5, and verifies that candidates are able to control file access through the proper use of file permissions. You should be able to manage access permissions on a regular file, a special file, and a directory. You should be able to use access modes such as SUID and GUID and the Sticky bit to maintain security. You need basic knowledge of ACL and how to change the default creation mode. There are only three things that can be done with a file. You can read from it, write to it, and execute it as a program, so you can only grant or deny three permissions. Each file has nine bits that control permissions. Three control permissions for the user; the owner of the file, three for members of the group owning the file, and three for everybody else. You can look at how these bits are set with the long display option of ls. The bit settings are displayed by the letters on the left. The first one is not a permission. It's an indication of the file type. A dash for a regular file, and a D for a directory; other letters for special files, but they all work the same. This first one has all permissions set, so all permissions are granted. The second one has the read, write, and execute set only for the user. The third one has permission set only for the group, and this one has permission settings only for others. This last one has a combination of permission set and is a directory. These permissions apply to files inside the directory so, for example, if a directory denies execute permission, the files inside that directory can't be executed even if they try to grant permission to do so. The setting of umask determines the permission settings when you create a new file. The number shown is in Base 8, so each digit represents 3 bits. Looking at the last three digits representing the nine permission bits, any bits set to 1 has that permission denied. Using Touch to create a file causes umask to set the permissions. The permissions are set according to the pattern of the umask bits, and it's easy to change umask, you just give it an octal number. Entering it without an argument that way causes it to display its setting. And now new files will use the new setting. You can see that this new file has no execute permissions. This chmd command can be used to change the permission settings of any existing file. The command used octal values to set all permissions. If you don't like octal, you can use the names with a plus or minus sign. This command turns off the write and execute options for the user. You can use either the letters or the octal digits. They both do the same things.