How to Set Permission-based access on Linux

How to Set Permission-based access on Linux

·

3 min read

In the previous article, we created a new user and enabled ssh key access to the user. This guide covers how to restrict access using permissions.

Login as root

To log in as root, retrieve the root password from Vultr on the specific instance.

image.png

On your terminal, log in as root using.

ssh root@ip_address

image.png

To demonstrate how permissions work on Linux, we create a testfolder in the new user's directory while logged in as root, then change permissions for the user in that folder.

Test folder

Navigate to the new user home directory

cd /home/wamaitha

Create the testfolder

mkdir testfolder

image.png

Navigate to the testfolder, create a text file hello.txt, and populate the txt file with "Hello from root".

# cd into folder
cd testfolder

# create file and populate with echo
echo "Hello from root!" > hello.txt

# view file content of the hello.txt using cat
cat hello.txt

image.png

Check folder permissions as shown below

ls -l

image.png

The permissions are sectioned into 4; file type, user permissions, group permissions, and other user permissions. The permissions are a combination of read, write and execute. No permissions are denoted by a dash(-),

[file type][user][group][other users]

image.png

Root's permissions on the testfolder are

drwxr-xr-x
  • d - directory
  • rwx - root has read , write and execute permissions
  • r-x - the group associated with root has read and execute permissions only
  • r-x - other users on the directory have read and execute permission only.

We want to add the user wamaitha to this directory and give them read and write permissions. By default, a new user is created and added to a group of the same name. Check this using the group's command

groups wamaitha

image.png

Permissions

Permissions on Linux are given using the chmod command followed by the permission number.

Permission numbers are:

  • 0 = --- (no permissions at all)

  • 1 = --x (execute permission only)

  • 2 = -w- (write permission only)

  • 3 = -wx (write and execute permission only)

  • 4 = r- (read permission only)

  • 5 = r-x (read and execute only)

  • 6 = rw- (read and write permission only)

  • 7 = rwx (read,write and execute permissions)

With this, we can combine these numbers to change permissions. Chmod accepts three numbers. The first number represents the user's permission. The second represents the group permissions, and the third represents permission for all other users.

chmod 744  testfolder

For succinctness, the command above will yield:

  • read, write and execute permissions to the current user logged in (root) on the testfolder.
  • read permissions to the group (all groups that are added to the folder).
  • read permissions to all other users accessing the testfolder (other users like wamaitha).

Execute the command and check the permissions again.

image.png

Switch to the new user. If prompted for a password, use the password you used when creating the new user. The new user only has read permissions on the test folder. Thus any execution commands will be denied due to insufficient permissions.

su wamaitha

image.png

Resources

Classic SysAdmin: Understanding Linux File Permissions