If you’ve used Linux for a long time, you’re probably quite familiar with file permissions. Indeed, managing permissions is a critical part of managing a Linux system.
If you’ve used Linux for a long time, you’re probably quite familiar with file permissions. Indeed, managing permissions is a critical part of managing a Linux system.
In general, you should provide minimal access whenever possible. Every user (or group) should have just enough permissions and no more.
However, providing appropriate permissions to each user is often complicated by the permission scheme itself. Unix permissions — the model for Linux permissions — were designed in a day and age when computers were still relatively new and when the security implications of the Unix scheme had yet to be fully considered. Thus, Unix’s “legacy” permissions can be limiting in today’s world, particularly on multi-user systems.
Of particular note, an ordinary user has very limited abilities to grant access to his or her files to others. A user can give any combination of read, write, and execute permissions to the himself, the file’s group, and the world, and he can reassign the group of the file. But what if that user (say, amy) wants to give three other users (say, david, theo, and lola) read access to her file, while preventing others from reading the same file? This task is easy if the system has a group that consists only of the three target users: amy just assigns the file to that group and gives group read access to the file. However, this task is impossible for amy (and any other ordinary user) if no group…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
