Linux file permissions with the Knights’ who say Ni: Part 2

The first part of this article covered the basics of the Linux permission model. However, two key concepts of the model were left out of the need for brevity. In the second and final part of this article, we look at these concepts and discuss how file permissions may be manipulated with Python.

Umask

This is a numerical permission mode value that can be set for each user that can work to limit the default permissions on the files he or she creates. For example, if a umask of 0222 is set for a user and he/she creates a new file the umask value will get subtracted from the files permissions at the time of its creation.

Special Permissions

“everything is a file” is one of the design philosophies of Linux, meaning a folder is as much a file as well… a file. Therefore, it makes sense that the default behavior of a file created inside a folder is not to inherit its parent’s folders permissions.

If permissions inheritance is needed, it should be specifically stated. This behavior of the Linux permission model gives rise to the need for a few special permission mechanisms.

Character Purpose
User bit. Denoted with a “s” or numeral 4. Executes the file set with this bit as the owner of the file.
Group bit. Denoted with a “s” or numeral 2. Executes the file set with this bit as the group owner of the file.
Sticky bit. Denoted with a “t” or a numeral 1. The sticky bit ensures files can be written by those who have the permission to do so, but can only be deleted by the owner of the file.

Manipulating File Permissions with Python

Python is a loosely typed general purpose programming language birthed and carved over the years by many loving hands, just like Linux. The capabilities of the language surpass that of a scripting language, however, in my dealings, I’ve come to find it to be the perfect level-up language for anyone who is used scripting with bash.

Both Python and Linux have lasted the test of time and earned the respect of the development community because they’ve both held elegance and efficiency as a high priority design goals when they were maturing as products.

Python provides wrapper modules that cover many of Linux CLI tools, these modules come bundled with the installation in most cases, os and shutil are two such modules.

Note: to try out the examples in this article you will need to have python 2.X installed on a linux distribution(i’m using ubuntu trusty which with python 2.7) you may also require root access for some of the commands listed.

Start a Python interpreter logged in as root, import the two modules mentioned and look at the functions they provide, let capabilities of the module sink into your brain.

Code Block 1

“Woah.. that’s some deep shit right there man”.

Wait.. who let you in? And haven’t I told you to stay in a corner and play with your hula hoop buddy…  hmm? Now scoot out of here and let the rest of us be productive.

In the example found in Code Block 2, the functions/classes os.listdir() and os.stat() are used to display the permission and ownership details of the contents of a folder. Note that in line 11 the file mode value of each file in the folder is converted to its binary representation, if you run the script with an accessible folder, you should get an output similar to the Output Block 2.

Code Block 2

Output Block 2

From left to right the output columns represent, the fully qualified file name, the UID of the file’s owner, GID of the group the file belongs to, a masked value for the permissions set on the file and finally the binary value of this masked value, it’s filtered so that it shows this value starting at -9 from the end of the string(this is done to get just those 9 bits we are interested in).

Let’s examine the binary output produced by line 11, recalling what we’ve learnt in the first part of this article on Linux permissions, we know permissions are represented with 9 characters, characters 2 through 4 represent the permissions of the user, characters 5 through 7 represent the permissions of the group and characters 8 through 10 represent everyone else. Further, this symbolic permission representation can also be denoted numerically. Here’s a link to the first part of the article if you need a refresher.

Now let’s decipher the permissions of the first file in the Output Block 2.

Similarly, you can decipher the numeric permission mode of each file if that’s needed.

Modifying file permissions in Python is as easy as doing it in the shell. The example in Code Block 2 uses methods os.chmod() and os.chown(). First, it, change the permissions of the files so that all of them belong to the user and group represented by UID/GID 1000 in Output Block 1. Secondly, it removes read permission provided to other owners of the file. Note that, root permission will be needed to execute this script successfully.

Code Block 3

Output Block 3

Note that in Code Block 2, line 9 the numeric permission mode was provided as a 0660, the leading digit represents the special permissions.

This brings and an end to the two part article on Linux file permissions and how Python may be used for its manipulation.

Spread the word,

Leave a Reply

Your email address will not be published. Required fields are marked *