CIS120Linux Fundementals

id, chmod and umask

In Linux, managing user identities and permissions is crucial for system security and functionality. Commands like id, chmod, and umask play a significant role in this management. Understanding these commands helps in effectively setting and modifying access controls on files and directories.

The id Command

The id command is used to display the user ID (UID) and group ID (GID) of the current user or a specified user. It provides detailed information about the user, including their primary group and any supplementary groups they belong to.

Example:

$ id
uid=1000(user) gid=1000(user) groups=1000(user),27(sudo),1001(developers)

In this example, uid=1000(user) indicates that the user's ID is 1000. The primary group ID is also 1000, and the user belongs to the sudo and developers groups as well.

You can also specify a username to get the ID details for that particular user:

$ id alice
uid=1001(alice) gid=1001(alice) groups=1001(alice),1002(projects)

The chmod Command

The chmod command is used to change the permissions of files and directories. Permissions determine who can read, write, or execute a file. There are three types of permissions: read (r), write (w), and execute (x). Each permission has an associated numerical value:

• Read (r) = 4
• Write (w) = 2
• Execute (x) = 1

These values are added together to set permissions. For instance, a permission setting of rwx (read, write, and execute) adds up to 7 (4+2+1).

Permissions are set for three categories of users: the owner, the group, and others. The chmod command can use either symbolic or numeric modes to change permissions.

Symbolic Mode

In Linux, symbolic mode is used to set file permissions by representing the user (or class of users) and the permissions themselves symbolically, using characters. This is an alternative to the octal (numeric) mode for controlling access to files and directories. Let me break it down step by step:

User Classes

In symbolic mode, permissions are assigned to three classes of users:

• u (user): The file owner.
• g (group): The users in the file's group.
• o (others): All other users.
• a (all): Refers to u, g, and o together.

Permissions

There are three types of permissions that can be granted or denied to each user class:

• r (read): Permission to read the file or list the contents of a directory.
• w (write): Permission to modify the file or change the contents of a directory.
• x (execute): Permission to execute the file or enter the directory.

Operators

You use the following operators to set permissions:

• + (add): Adds the specified permission.
• - (remove): Removes the specified permission.
• = (assign): Sets the specified permission and removes all others.

Examples

• Grant execute permission to the owner (user):

  chmod u+x filename
      

  This adds execute permission for the file owner.

• Remove write permission from group members:

  chmod g-w filename
      

  This removes the write permission from the group.

• Set read and write permissions for others (overwriting previous permissions):

  chmod o=rw filename
      

  This ensures that others can only read and write, removing any other permissions (like execute) if they exist.

• Grant read, write, and execute permissions to all users:

  chmod a+rwx filename
      

  This gives read, write, and execute permissions to everyone.

Combining Changes

You can make changes to multiple classes at once:

• Grant read permission to group and others:

  chmod go+r filename
      

• You can combine commands using a comma.
  For example, we have a permission of 777 and we want to change it to 655. We would do the following:

  chmod ug-x,o-rwx filename
      

Symbolic mode is helpful because it's human-readable and allows setting permissions selectively for different user classes in a clear way.

Numeric Mode

In numeric mode, you use a three-digit octal number to set permissions. Each digit represents the permissions for the owner, group, and others, respectively.

Example:

chmod 755 file.txt

This sets the permissions to:

• 7 (4+2+1) for the owner (rwx).
• 5 (4+0+1) for the group (r-x).
• 5 (4+0+1) for others (r-x).

Another example:

chmod 644 file.txt

This sets the permissions to:

• 6 (4+2) for the owner (rw-).
• 4 (4+0) for the group (r--).
• 4 (4+0) for others (r--).

The umask Command

The umask command sets the default permissions for newly created files and directories. The umask value determines which permission bits will be turned off by default. It is specified as a three-digit octal number.

Example:

umask 022

A umask value of 022 means that new files will be created with permissions 644 (666 - 022) and new directories with permissions 755 (777 - 022). The value 022 masks off the write permission for the group and others.

To view the current umask setting, simply run:

umask

To change the umask value temporarily for the current session, you can use:

umask 027

This sets the default permissions so that new files are created with permissions 640 and directories with permissions 750.

Unusual umask Values

A umask value of 222 is technically valid but results in very restrictive permissions for new files and directories.

Example:

umask 222

With a umask of 222:

• New files would have permissions 444 (666 - 222), meaning they are read-only for everyone.
• New directories would have permissions 555 (777 - 222), allowing read and execute permissions but no write permissions for anyone.

Such a setting might be useful in very specific scenarios where files and directories should not be modified by anyone once created.

Examples

1. Viewing user ID and group information:

id

Output:

uid=1000(user) gid=1000(user) groups=1000(user),27(sudo),1001(developers)

2. Changing file permissions using symbolic mode:

chmod g+w file.txt

This adds write permission for the group.

3. Changing file permissions using numeric mode:

chmod 755 script.sh

This sets the permissions to rwxr-xr-x.

4. Setting the umask value:

umask 027

This sets the default permissions so that new files are created with rw-r----- and directories with rwxr-x---.

5. Setting an unusual umask value:

umask 222

This results in new files with r--r--r-- and directories with r-xr-xr-x.

Summary

Understanding and effectively using id, chmod, and umask is essential for managing user identities and permissions in Linux. The id command provides information about user and group IDs, chmod allows for precise control over file and directory permissions, and umask sets default permission settings for new files and directories. Mastering these commands ensures better security and proper access control in a Linux environment.