How to Deny File Permissions to Everyone Except Yourself

How to Deny File Permissions to Everyone Except Yourself in Linux

 

The role of permissions and files is much clearer in Linux when compared to Windows. Most people find it easier to understand compared to the complex system of groups and users that we find in Windows’ concept of permissions. For example, each file in a Linux-based operating system has three sets of permissions – the first being the permissions of the owner, the second being for a specific group of users, and the last group’s permissions are responsible for the rest of the system.

The levels of access to reading, writing, and executing are then described with a scale, ranging from 1 to 7. A value of ‘1’ allows for execution of the file, ‘2’ allows writing access, and ‘4’ allows the file to be read. To combine several permissions, you just add the numbers together. For example, if you want read and write access for a file, but no access to executing this file, the value to set for permissions would be 2 + 4, which is 6.

In this tutorial, we’ll see how to create a file in such a way that only the owner has full permissions over it. We’ll also see what happens when another user tries to read or modify that file. Finally, we’ll look at the role of “sudo” users who take on the root role for themselves, and how we can implement ironclad file security by hiding contents even from root if necessary.

Creating a File with “Owner Only” Permissions

Let’s say we have a file whose contents we want to have hidden from everyone else. In essence, others would be able to see that the file exists, and that’s about it. We don’t want them to see what’s inside it, or be able to modify it in any way. We do this using the following command:

chmod 700 test.txt

Where test.txt is the name of the file that I want to protect. Once we run this command, the file turns “green” when you list it in a command like “ls”, and it displays the new file permissions with the “ls -l” command, like this:

Only Owner can Access the File
Only the Owner can Access the File

Here, you can see the file permissions are restricted only to the first group – the owner – who has “rwx”, or read, write, and execute permissions. And the third column of “ls -l” is the owner name, which in this case is “root”.

For convenience sake, we’ve created this file in the home directory of another user called “testuser”. Here’s what happens when we log in as the new user and try and read the contents of test.txt:

Permission Denied to Other User
File access is Denied to the Other User

As you can see, testuser is denied the ability to access the file in any way. Any other user who tries to open this file will get the same error message. In this way, you can ensure that your important files are kept hidden from other users.

Allowing Others to ONLY Read the File

Perhaps there’s an important document or set of rules that you want others to be able to read, but not modify. We can achieve this using the following command:

chmod 744 test.txt

Here, “744” instead of “700” gives everyone else the permission to read the file, but nothing else. Here you can see that “testuser” is able to access the contents of the file after it has been assigned its “744” permissions:

Allowing Users to Read FIle
Allowing Other Users to Only Read the FIle

However, if they then try and modify the file using a file editor, like “vi”, they get the warning you expect as shown here:

File Cannot be Edited
The File is Read-only – It Can’t be Edited

Use this variant of the chmod command when you need others to see the file, but not modify it in any way.

Root or “Sudo” Users Still Have Access

Unfortunately, file permissions don’t apply to root or sudo users. For this example, I’ve added “testuser” to the sudoers file so they can use execute root commands using sudo. And when they do this, they can access the protected file as shown here:

Root Users have Full Access
Root Users have Complete Control Over the File

There’s no way around this using file permissions. Root, and users belonging to the “wheel” group can simply use “sudo” to get around these restrictions. Of course, it’s good practice to be wise with the capabilities you give your users – handing out sudo permissions to everyone is not a good idea. Since this is common practice, well-configured Linux systems shouldn’t have this problem.

True File Security – Even from Root

Ultimately, the only way to hide your files from everyone – including root users – is to use passphrase-based encryption. No other method can hide your information with 100% security from everyone, including the root and sudo users!


Of course, you don’t have to do any of this if you use one of our Outsourced Server Support Services, in which case you can simply ask our expert Linux admins to set up your file permissions for you. Just sit back, relax, and let our admins take care of the issue for you. They are available 24×7 to help you with your requests.

PS. If you liked this post on denying file permissions to everyone except yourself, please share it with your friends on the social networks by using the share shortcut buttons, or simply leave a comment in the comments section below. Thanks.

Using Hard and Symbolic Links in Linux

Using Hard and Symbolic Links in Linux

Back when Linux was in earlier development, it used to utilize a “flat” directory structure. This meant that unlike the hierarchical “tree-link” folders we have today, everything was located inside of a single folder. No subdirectories existed. It also meant that each file had to have a unique filename, without exceptions!

All of that changed when Linux baked “hard links” into its kernel. The special character sequence “..” was defined to mean the parent directory, and it’s now the backbone of the modern Linux filesystem as we know it today. With that, we can see the importance of hard links – and in this tutorial, we’ll explain the difference between symbolic links and hard links, and the use-case scenarios, as well as when to use each type of link.

(more…)

List of All Open Ports in Linux

How to Find Out List of All Open Ports in Linux

In this article, we will talk about how to find out a list of all open ports in Linux but before that, we will mention about ports in computer networking. In software terms, and more definitely in computer networking, a port is an available network location implemented in an operating system to assist differentiate traffic destined for various services or applications.

(more…)

How To Set Up SSH Keys

How To Set Up SSH Keys

In this tutorial, we will show you how to login to your Linux VPS using SSH keys. We will generate a key pair (private and public key), place the private key on your server and then use your locally stored private key to gain access to your server. This method provides a more secure way of connecting to your server, instead of just using a password. To set up SSH keys, carefully follow the steps below carefully.

(more…)

how to use linux fuser command

How To Use the Linux Fuser Command

We’ll show you, How To Use the Linux Fuser Command. The fuser command is used to identify which processes are using a specific file, unix socket or file system. In this tutorial we are going to show you few examples on how to use the fuser command on a Linux VPS.

(more…)

How-to-install-WordPress-on-a-CentOS-7-VPS-in-less-than-2-minutes

How to install WordPress on a CentOS 7 VPS in less than 2 minutes

This tutorial will show you how to setup and install WordPress on your CentOS 7 VPS in less than 2 minutes. While WordPress is already easy to setup and install, we’re going to make this process even easier. We’ve put together a script containing some commands which will help you set up and install WordPress on your CentOS 7 machine in no time.  Installing WordPress on a CentOS 7 VPS  is really an easy task and it can be done in less then 2 minutes.
(more…)

Install Sentora on Ubuntu

Install Sentora on Ubuntu

We’ll show you, how to install Sentora on Ubuntu. Sentora is completely free web hosting control panel for Linux, UNIX and BSD based servers written in PHP. It is fully featured and easy to use hosting control panel that can help users to manage their servers with ease through the user interface. Its installation is pretty easy and fast and includes all the software you will need to manage multiple websites and clients on a single server. In this tutorial we will guide you through the steps of installing Sentora control panel on Ubuntu.
(more…)

Install-Gogs-on-Ubuntu-16-04-1

Install Gogs on Ubuntu 16.04

We’ll explain to you, How to install Gogs on Ubuntu 16.04. Gogs is a free and open source self-hosted Git service, written in the Go programming language. It is very similar to GitLab and aims to be the easiest and most painless way to set up self-hosted Git service in your development environment. Its installation is pretty fast and simple

In this tutorial, we will learn how to install Gogs with Apache as a reverse proxy on Ubuntu 16.04 server.

(more…)

How to backup a WordPress site on your VPS

In this tutorial, we will show you how to manually backup your WordPress site on your VPS. It is highly recommended that you make regular backups of your WordPress site so you can easily restore it if something unexpected happens, for example, if your site breaks because of a faulty plugin, it gets infected with malicious files, you accidentally delete the contents of our database and so on. In order to fully make a backup of your WordPress site, we will need to to make a backup of your WordPress files and your WordPress database.

(more…)

Install OpenLiteSpeed on Ubuntu 16.04

Today we will show you, how to install and configure OpenLiteSpeed on your Ubuntu 16.04 VPS. OpenLiteSpeed is a lightweight, open source HTTP server developed and copyrighted by LiteSpeed Technologies, Inc. It provides a user friendly web interface and supports various operating systems, including Linux, Mac OS, SunOS and FreeBSD. It is fairly easy to install OpenLiteSpeed on an Ubuntu 16.04 VPS. The installation process should take about 10-15 minutes, if you follow the very easy steps described below. (more…)