George, who is new to unix, just learned about hidden files. Filenames that start with a period don't show up in a normal ls and are called hidden files. George had an idea. He'd put all his passwords in a file called .passwords, and since they are hidden they'd be safe. Right? ... Wrong. There are a few problems with George's idea. Firstly, an ls -a will show hidden files. Secondly, George needs to make sure the file's permissions protect it. If a malicious co-worker can look at the file, that co-worker can get all of George's passwords. George's password file needs to have the permissions set correctly.

Maintaining correct permissions on files is important for security.  

Watch a video on unix permissions

Let's learn about permissions.

Run the ls command on your system and you might get a list of names like this.

The ls -la command  will give you something like this. The -l option makes the listing long (and shows permissions) and the -a option shows all files, even the hidden files.ls la

The first character of the line indicates what type the file is.

  • d : directory

  • - : a nice, boring regular file

Other characters are occasionally seen, like l for a symbolic link, s for a socket, and b for a block file.

The next characters are related to the file's permissions, and the fields are typically filled with the characters r, w, x, or -.

  • r : permission to read the file

  • w : permission to write to the file

  • x : permission to execute the file

  • - : this permission is not granted to this file.

Read permissions are needed to read or view the contents of a file.  So, if you try to cat a file and get a 'Permission denied' error, check the permissions.

 read banana

The permission field is 9 characters long. The first three characters are for the file owner's permissions. The first character can only be an r or a dash. The second character can only be w or a dash. The third character can only be an x or a dash. The second set of three characters are for members of your group. The third set of characters are for everyone.

permissions chart

Permissions can be changed with numbers. The read permission counts as 4. Write counts as 2, and execute counts as 1. So, read and write permissions are 6, all permissions are 7, and read and execute are 5. Permissions can also be changed with the plus and minus character in front of r, w, or x.

permissions numbers

 

permissions screenshot

Back to George's .passwords file. At a minimum, George needs to set the permissions on the file to rw-------.

However, there are several other reasons that George shouldn't store his passwords in a .passwords file.

  • The file isn't encrypted, so if someone can get access to it, they can easily read it.

  • Calling the file .passwords is a nice way to save hackers time.

  • George can accidentally share the password file with someone, and since it is not encrypted, his passwords will be exposed.

Note: This article just talks about basic permissions. Other topics to learn include the sticky bit, SUID, and SGID.