IV SECURING

FILES IN LINUX

File Access Permissions (FAPs)

● In a multiuser environment, such as Linux multiple users work on the system
simultaneously.

● These users share system resources such as the hard disk, memory and devices
attached to the system.

● Therefore on of the important tasks of an administrator is to manage the files and

directories of the users and groups.

● Each user on the Linux system is assigned a user Login, a password, and a group or
groups to which the user belongs.

● Example:
Project- workers

● In Linux file access permissions (FAPs) help to secure files and folders.
● File access permissions refer to the permissions associated with a file with respect to
the following.

1. The file owner

2. The Group owner

3. Other users

● The permissions that can be granted or revoked are symbolically represented by the
letters r, w, and x and are grouped together as rwx for different users in Linux.

● The permissions for a file or a directory are:

- r indicates the read permission. It can be represented by the number 4.

- w Indicates the write permission. It can be represented by the number 2.

- x Indicates the execute permission. It can be represented by the number 1.

1
 Access Denoted by Action Permitted on Action permitted on a
Type a file Directory

Read r Allows you to display Allows you to list the

,copy, and compile contents of the
the file. directory.

Write w Allows you to edit, Allows you to create

rename, and move the new files and
file to another subdirectories within
location. this directory.

Execute x Allows you to Allows you to move to

execute the file with the specified directory
the read permission. using the cd command

Viewing Files Access Permissions

● if we use the ls command to display the names of files.

● When you use the -1 option with the ls command, the command displays the names of
files with the date and time of creation, user name, group name and access
permissions for the file.

- Lets us understand how we can assign permissions in linux by using the following
sample directory list:

Example:

[steve@localhost steve]$ ls -1

Total 21

-rw-rw-r- 1 steve steve 134 sep 21 10:48 DEADJOE

Drwxr-xr-x 5 steve steve 1024 sep 20 23:30 desktop

Drwx-- 2 steve IRDTECH 1024 sep 22 09:00 mail

-rwxr-xr-x 1 steve IRDTECH 12901 sep 22 03:44 a.out

2
 drwxrwxr -x 2 steve steve 1024 sep 22 02:11baseball

drwxrwxr -x 2 steve steve 1024 sep 21 10:42baseball

rw-rw-r- 1 steve steve 58 sep 22 03:44 program.cc

drwxrwxr -x 2 steve steve 1024 sep 21 22:56 tennis

● The first character indicated the type of file, such as an ordinary file, a hidden file or a
directory.

● The next sets of three characters display the read, writes, and execute permissions in
order for the file owner.

● The following three characters are the permissions for the group owner, and the last
three are the permissions for the others users.

● If the permission available r, w, x is displayed: else a hyphen is displayed.

1. The read permission allows a user to:

● List the content of the directory

2.The write permission allows a user to:

● Copy file to a directory

● Remove file form the directory
● Rename file from the directory
● Make a sub directory
● Remove a sub directory from the directory
● Move file to and from the directory
3.The execute permission allows a user to:

● Change to a directory
● Display a file from directory
● Copy a file from a directory

Changing File Access Permissions

3
● You can modify the access permissions associated with a file or directory by using the
chmod command.

● However only the owner of a file can change the permissions associated with it.
● You can use the chmod command to grant or revoke permissions for files and
directories.

● Permissions can be granted to the:

1. File owner represented by the letter u

2. Group owner, represented by the letter g

3. Other users, represented by the letter o

● The permissions for a file or directory indicate the actions that can be performed on
the file or the directory.

● When using the chmod command, you use the +sign to grant permissions, and the –
sign to revoke the permissions.

● The syntax fort the chmod command is shown below:

Syntax:

chmod <mode> <filename>

● You use the chmod command to specify the mode in the following ways:
● Symbolic- The permission and the user type are
specified as symbols.

● Absolute – The permission is specified as a number.

Symbolic mode

● In the symbolic mode you use symbols to specify the permissions and the types of
users, such as file owner or order to whom the permission are to be granted are to be
granted or revoked.

● The following table explains the symbolic representation entities:

Symbol Meaning
u Owner of the file or directory
g Members of the same group

4
 o All other users

a All users

● To modify the permissions for a file ,the file owner must specify:
1. The type of user for whom the permission is to be modified.

2. The type of permission that is to be modified.

3. whether the permission is to be granted or revoked.

4. The name of the file for which the permission is to be modified.

Example:

[Steve@localhost]$ chmod u+x x.c

● Here ‘u’ indicates the file owner ,’+’ indicates that the permission is to be given, ‘x’
indicates the execute permission, and ‘x.c’ represents the file name.

● [Steve@localhost]$ chmod g-r x.c

● Here ‘g’ indicates the group owner and ‘-’ indicates that the permission is to be
removed.

● [Steve@localhost]$ chmod o-r x.c

● Here ,’o’ indicates other users.
● [Steve@localhost]$ chmod a-x x.c
● Here, ‘a’ indicates all the users.

Absolute mode

● In the absolute mode, you use a series of digits to present file permissions.
● Using the absolute mode is more convenient than using the symbolic mode because
you can specify different permissions for all the types of users in one statement.

● The following table explains the number that denotes each type of permissions:
Absolute Numbers for permissions

Number Permission

4 Read

5
 2 write

1 Execute

● The figure below depicts a sample representation of absolute numbers:

r w x r w - r - -

sum is 7 sum is 6 sum is 4

Sample Representation of absolute numbers

● You can assign permission by using the following command:

[steve@localhost steve]$ chmod 664 -/*.txt

The Umask value

● When you create as file the umask value and the mode value determine the initial file
permissions.

● The mode value indicates that all the users have read and write permissions for a file.
● By default the mode value is 666 for files and 777 for directories and executable files.
● To derive file access permissions the value of umask is subtracted from the mode
value.

By default the umask value is given as 002 for user and 002 for root user which means
that each file that a user create has the permission 666-002=664

● The umask value is specified in the /etc/profile file.

● You can use the umask command to print or modify the umask value of files and
directories.

● The mask is stored in the .bash profile file.

● When a new Bash shell is created the umask command is executed automatically.
● Syntax:
umask [value]

6
AUTOMATING TASK USING SHELL SCRIPTS

The shell as a command interpreter

• The shell acts as an interface between the user and the kernel and eliminates the need
for a programmer to communicate directly with the kernel.
• The command interpretation of shell as follows:
• When you log on linux prompt, indicating that it is ready to execute commands.
• When you give a command, the shell perform the following task:
• Reads the command
• The following figure depiets the process of command interpretation:

The echo command

• Use the echo command to display messages on screen.

• Example:

7
 $ echo “this is an example of the echo command ”
This is an example of an echo command
$
• The echo command displays text enclosed between”” on the screen

Executing a shell script

• The sequence of linux command that you use frequently

• Linux enables you to group the commands and execute them at once.
• You can store the command in file.
• The shell can read the files in which the commends are stored and executed them.
This file is called script file.
#!/bin/bash
Echo” this is my first bash script”
Example:
The following file is named hello:
#!/bin/bash
Echo”hello”
Echo”world”
The script file using the following commands:
$ chmod u+x hello
$ ./hello
Hello
World
Inserting comments
• You can include command entries in a shell script by prefixing statement with the #
symbol.

Example:

#!/bin/bash

Echo”hello”

# this is a comment line. This would not display any output.

Echo”world”

Variables:

Creating variables
• Variables can be created at any point of time by simply assign a value.
• A variable can be created without a value by leaving the right hand side of assignment

8
 Operator(=) blank.
Syntax:
<variable name=><value>

Example :

Name=”john lennon”

Referencing variable

• The $ symbol used to refer to the content of a variable.

• For example, assign the value of one variable to another,
Variable1=$ {variable2}
• To concatenate the values , we can use the following command:
$ x=today th
• The braces are optional in case you are not concatenate variable, the following two
commands will have the same result.
$ x=today
$ x={today }

Reading a value into a variable

• The shell also lets you specify a value for a variable using the keyboard.
• Enter the value into a variable during the execution of a shell script by using the read
Command
$ read f name
• You can use the echo command to display promt.
$ echo “enter your name”
Enter your name
$ read myname
Angela
• You can display the value of the variable my name by using the following command
$ read $ myname

Angela

Start

Accept name

9
 Accept number

Store data in 昀椀le

Stop

• You can use the following shell script store data to accept details of customer:
#!/bin/bash
Echo “enter the name of the customer.”
Read name
Echo “enter the mobile number.”
Read number
Echo “$name: $number”>> customerdata
• You can execute the store data shell script by using the command:
$ bash storedata
• You can execute it as follows:
$chmod *x storedata
./store data
• Execute the shell script, the following screen is displayed:
$ ./storedata
Enter the name of the customer.
David
Enter the mobile number.
932 1232233
• You can use the cat command:
$ cat customerdata
Angela :993212342
Steve :9423178643
Martin:756352190

Local and global shell variables

• The same variable name can be give different value without the parent shell knowing
About it. Such variable is called a local variable.
• When you create a variable, it is accessible only in which you create it.

• $ continent = Africa
• $ echo “continent”

10
• Africa
• $ sh create a child shell
• $ echo “$continent”
• There is no response
• $ continent = asia give a new value
• $ echo “continent”
• Asia
• Press <ctrl> d
• $ exit display exit and return to parent shell
• $ echo “continent”
• Africa parent is unware of asia
• $ sh create a another child
• $ echo “continent”
• Continent does not have any value
• Press <ctrl> d
• $ exit
• _ display exit and return to parent

• A variable that is made available to all the child shell of a shell is known as an
exported variables. Consider the following command:

• $ continent = Africa
• Export continent
• $ echo “continent”
• Africa
• $ sh create a another child
• $ echo “continent”
• Africa
• $
• $ continent = asia give a new value
• $ echo “continent”
• Asia
• Press <ctrl> d
• $ exit display exit and return to parent shell
• $ echo “continent”
• Africa
• $ _
• The variable created in a shell are local to the shell. In other words , variables created
in a shell are available only in the shell in which you create variables.
• You can use the export command to make a variable a global or accessible to child
shells.

11
Environment variable

• In a multiuser operating system such a linux each user work on a copy of the
shell.each shell as a set of special variables
• Which uer can edit to the shell environment.

The home variable

• In a linux operating system each user has an associated with directory called home
directory.
• The user to taken to the corresponding home directory
• The location of the directory of the user is stored in the environment variable HOME.
$ echo $HOME
The path variable
• The path variables contained a list of colon delimited path name of the directories that
are searched for any executable program.
$ PATH=/usr/bin:/bin
• Example :
• PATH=/bin:/usr/bin: searches in the order:/bin,/usr, /bin,and the current directory
• PATH =:/bin:/usr/bin searches in order : the current directory /bin, /usr/bin
• PATH=/bin: , ;/usr/bin searches in order: /bin, the directory and /usr/bin

The PS1 variable:

1. The PS1 or Prompt String 1 variable contains the shell prompt ,the $ symbol.

2. You can change the shell prompt by editing the value of the PS1 variable.

3. The following command will change the shell prompt HELLO:

$ PS1=“ HELLO” <Enter>

HELLO New prompt

The PS2 Variable

● The PS2 variable specifies that the value for the secondary prompt.
● By default the secondary prompt is the >symbol .
● The Linux operating system displays the secondary prompt when you type an
incomplete command on the command line.

● Example:
$ PS1 = ^

12
 >

>’

$............

The LOGNAME Variable

● The user login name is stored in the LOGNAME variable.

● Example:
● $ echo “$[LOGNAME]”.
● You might not enclose the LOGNAME quotation marks and braces.
● We use following command:
● $echo $ LOGNAME

The SHLVL variable

● The SHLVL variable contains the shell level that you are currently working in.
● When working on Linux you might create new shells and forget the level of
the shell in which you are working.

● In such a situation , you can use the SHLVL environment variable to know the
level of the shell in which you are working.

● In the Linux operating system the login shell is assigned the number 1.
● When you create a new shell the value of the variable SHLVL is incremented
by one.

● Example

$ echo $ SHLVL

1 This is the login shell.

$ sh Creates a new shell.

$ echo $ SHLVL

2 You are working in the new shell

$ exit Terminates the child shell.

exit

13
 $ echo $ SHLVL

The SHELL variable

● The SHELL environment variable stores the default shell of the user.
● You can view the value of the variable by using the following command:
● $ echo $ SHELL
● /bin/bash

The env command

● You use the env command to view a list of all the exported environment variables
and their respective values.

● Example
● Lab Program 2

Command Substitution
● In addition to pipes you can use command substitution to combine more than one
command in a command line.

● Suppose that you need to display the following message on the screen:
● The date is(output of the date command)
● To do so, you can enter any the following command:
● Echo “The date is ‘date’ “
The command date is enclosed in single backward quotation or a grave accent

The expr command:

● In most shells you cannot declare variable as integers.

● All variables are treated as character strings.
● Therefore, in the following declaration the variable var1 contains 2 and 5 and not the
number 25.

● var1=25
● Example
● $ expr 4+5

14
 ● You can use variables in the expr command:
$ a=5

$ b=4

$ expr $a+$b

● The use of the expr command is shown in the following code.

a=10

b=5

(i) a= ‘expr $ a - 7’

echo “a is equal to $a” (a=10-7) (a=3)

(ii) a= ‘expr ‘ $a \* $b’

echo “a is equal to $a “ = 3*5 =15

a=‘expr $a /3’

echo “a is equal to $ a” =15/3 =5.

Arithmetic Expansion

● To calculate the value of an expression you can enclose the expression $

((….)).

● Syntax:

● $ (( expression))

● Example

● $ echo $ ((45 +34))

79

● Example

● $ a=25
● $b=56
● $echo $((a+b))