Summary
Now that you have completed this chapter, you should have a firm understanding of the following:

File system security is a key component of an overall network security policy. An overall network security policy should include:

  • Physical Equipment Access Security
  • Login / Password Security
  • File System Security
  • Virus Protection
  • Remote Access Security
  • Internet Firewall
  • Data Backups
  • Disaster Recovery Plan
  • Audits

Files and directories are protected by access permissions. The ls -l (List long) command will list the permissions of a file or directory. These permissions are assigned to three user categories: User, Group, and Other. The User is the owner of the file or directory. Group is the primary group the user belongs to, and Other represents all other users.

Three types of permissions can be applied to each file or folder, one set for each user category. These are Read, Write, and Execute. Read protects a file but allows its contents to be viewed. Write allows the contents to be modified, and Execute allows programs and shell scripts to be run. The meaning of permission types varies somewhat between file and directories.

Permission can be changed from the command line by using the chmod (change mode) command. This command can be used in the Symbolic (relative) mode or the Octal (absolute) mode. Symbolic mode uses characters to represent the user category (u = User, g = Group, o = Other) and permissions types (r = Read, w = Write, x = Execute). Octal mode uses numbers from 0 thru 7 to represent the permissions based on their total value of the permission for one of the three user categories.

Permission can also be changed using the CDE File Manager utility. By selecting a file or directory and clicking on Properties, you can view statistics for the file and view or change its permissions.