Thursday, January 25, 2018

Special Permissions in Linux (Attributes)



Special Permissions in Linux

As we have already learned from previous parts of this article, every file or directory have three types of permission (read, write, and execute) for three types of user (owner, group and other). If attributes are not set, access will be granted based on this permission set, but if attributes are set, this permission set will be ignored while processing access request. In this article, we will learn the types of attribute and the way they are set on file/directory in detail with example.

Append (a) attribute is used to control the file operation. If this attribute is set, file can only be appended. Regardless how much permission a user have, he cannot perform other file operations (such as move, edit or delete) except append operation.

To understand it practically, let’s create a directory /Projects and a test file test-file under this directory.

[root@localhost~]# mkdir /project
[root@localhost~]# chmod 777 /project
[root@localhost~]# vim file1 /project
[root@localhost~]# ls -la /project/file1
[root@localhost~]# lsattr /project/file1

Note: No attributes are set bydefault

[root@localhost~]# chattr +a /project/file1
[root@localhost~]# lsattr /project/file1 

Note: Now it will show attribute (a) in this file.

============================

Denied file operation (delete, edit, rename, move, hard link)


Delete operation:

[root@localhost~]# rm -f /project/file1

rm: cannot remove '/project/file1' : operation not permitted

Edit operation:

[root@localhost~]# vim /project/file1
Type some words ...


:wq  (to save)

"/project/file1" can't open file for writing

:q!    (to quit without save)

Rename or move operation:

[root@localhost~]# mv /project/file1 /project/file2

operation not permitted

Hard link operation:

[root@localhost~]# ln /project/file1 /project/file1hardlink

operation not permitted

Allowed file operation (read, append, copy, soft link)


[root@localhost~]# cat /project/file1

[root@localhost~]# cat >> /project/file1

[root@localhost~]# cp /project/file1 /project/file2

[root@localhost~]# ln -s /project/file1 /project/file1softlink
[root@localhost~]# cat /project/file1softlink
















Posted by on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)