Linux file permissions with the Knights’ who say Ni: Part 1

Some billions of years ago, the primordial soup stirred, a few moments later a fish like creator thought “hey.. this liquidy thing surrounding me is pretty damn cool, but I wonder what’s out there on land” and so this brave fish swam to the end of the water, then it wriggled, flipped and flopped a few feet in land to face its death! or so say the scientists, and we know they’ve never got it wrong <sarcasm/>. A few more idiotic episodes later Linus Torvalds released Linux for the first time, a free and open source operating system and changed the way software was put together and distributed.

the knights who say ni

Just like many of the physical and psychological characteristics we find in us today are there because mother nature found them to be the best choices out of the choices available to it, so is many technologies which we find in our software stacks there because they’re the best at solving the problems they intend to solve, but of course, unlike natural evolution, technological evolution is more susceptible to unhealthy coercion, too many sub par software win over better alternatives because they have the right kind of push, but maybe we can pass this off as survival of the fittest.

This series of articles is about two pieces of software that have survived the test of time because of their fitness of function, their efficiency, and elegance. In the first of this two part article, I will discuss Linux file permissions model and build a base on which we can build an article that covers how Python may be utilzed to work with these permissions and linux file systems in general.

Note: to try out the examples in this article you will need to have python 2.X installed on a linux distribution(i’m using ubuntu trusty which with python 2.7) you may also require root access for some of the commands listed. Spin up a ubuntu:14.04 container why don’t you?

Navigate to a location in your Linux file system that contain both files and folders and run the command below,

Code Block 1

You should see an output similar to what’s found below. Note that the areas of the output relevant to this article has been highlighted in yellow.

Let’s examine the three highlighted sections(columns) in more detail. From right to left these three columns represent the group owner of the file, the owner of the file and the permissions for the file.

Ownership

As the name stipulates the user and group ownership columns display to whom the file belongs to and which users of a group can manipulate it based on the permission mode set on the file(however there are exceptions to this clause, which we will look at later on). 

The Permission Modes

The Linux permission model is made up of read, write and execute permissions(plus a few other we will discuss in a later article). The permission mode is made up of 10 characters, that can be subdivided to directory identifier, user permission mode, group permission mode and other permission mode.

1st character(type)
Though everything is a file in Linux, there is a need to distinctly identify directories, this is achieved with the use of a character “d”, a file is denoted with a “-”.

Characters 2 through 4(users)
The user permission mode represents what permissions the owner has on the file. A user having r,w,x characters can read, write and execute.

Characters 5 through 7(groups)
The group permission mode represents what permissions the users who have the ownership group as their primary group has on the file. User’s who are have the ownership

Characters 8 through 10(others)
These three characters represent what permissions all other users(those who are not owners) have on the file.

Apart from its symbolic representation, Linux permissions may also be identified using numeral values. A mode can be numerically represented by assigning values, 4, 2 and 1 to read, write and execute permissions respectively and calculating the accumulated sum of the mode. For example, a file having just the read permission for user, group, and other modes will have a numeric representation of 444.

 

Exercise 1

Finally, unlike in windows file systems such as NTFS, Linux doesn’t automatically inherit file permissions, this behavior must be in most cases be explicitly stipulated using a mechanism called “special permissions”, the reach of this mechanism surpasses simple permission inheritance, we will discuss this set of permissions in the next part of the article.

Let’s try out some of what we’ve learned so far. The code block below creates a group, three users adding the group as the primary group to two of them. It then sets the user, group, and other permissions. Note that depending on the Linux distribution being used you may need to pass in additional flags to the useradd command.

Code Block 2

Now switch between the three users and try appending onto the file. You will find that as expected only pyuser1 and pyuser2 are able to carry out this task. 

Code Block 3

Output Block 3

Now that we have a working knowledge of the Linux permission model we can proceed with the Python side of things. The language provides wrapper modules that cover many of Linux CLI tools, these modules come bundled with the installation in most cases, os and shutil are two such modules.

In the second part of this article, we will look at how Python may be utilized for this task and discuss some Linux permission concepts that were not covered here.

Spread the word,

Leave a Reply

Your email address will not be published. Required fields are marked *