Security is a big part of filesystems.
This episode will explain how traditional file system security works for Unix, or Linux, or Mac computers. They all follow a similar design. These operating systems could have another security system depending on the version. I’ll describe that system in another episode. You can read the full transcript of this episode below.
Transcript
But you can’t have a secure filesystem if you don’t understand how it works.
This is one thing you’re bound to come up against when programming. Just like when you come home and need to unlock your house door. If you forget your key, you get locked out.
The types of security problems you’ll be likely to face as a programmer are not usually the type where you forget the key. You’ll be more likely to face issues where you have to manipulate the locks, or pass your identity to other parts of your program, or even take on a different identity for a while.
Let’s say you do forget your house keys for a moment. After calling a relative with spare set of keys or the locksmith, you might be interested in things you can do to prevent this from happening again.
One solution is to just stop locking your door. Or hang the key from a chain next to the door on the outside so that anybody can use it. Would you consider doing this? Well, maybe if you live in a small rural town.
But even the small towns are likely to lock their doors. I remember a restaurant from when I was a kid that had no locks on the doors. The place didn’t need locks because it never closed.
Chances are, you want to keep your locks. So why does a common recommendation online to programming security questions advise you to set the security of your files or directory to 777?
That’s for a Unix computer system anyway. For Windows, a slightly less common advice is to add everyone to the access control list.
Both of these approaches are the equivalent of letting anyone use your keys anytime they want.
The filesystem can’t help you if you give it specific instructions to let anyone in. It should always be your goal of identifying the absolute minimum privileges needed by only those who should have access at all.
This episode will explain how traditional file system security works for Unix, or Linux, or Mac computers. They all follow a similar design. These operating systems could have another security system depending on the version. I’ll describe that system in another episode.
Understanding this design will give you the ability to configure your files so that you have just the right amount of permissions.
But first, why is this important? I mean, sure, we want to keep bad people and applications away from our information. But assuming you have a good reason to have access, why not just grant full access?
Let’s say you arrive for work and walk in the front door. You might have a badge or maybe everybody already knows who you are. You have access. Does that mean you should have access to the company bank account too? What about the company plans for the next 5 years?
Security is not a switch that gets turned on or off. There are levels. There are restricted areas.
And for large organizations, there can be a lot of changes as people come and go and move from one department to another.
Let’s start with you though. If you create a file, then it should probably belong to you. You should be able to open it again and make changes. You should be able to move it to a new folder or to delete it. And if the file is something that can be run like a script or an application, then you should be allowed to run it.
Traditional Unix based filesystems divide security into read, write, and execute permissions. You can either read the file or not. And you can either write changes to the file or not. And you can either execute the file or not. Each of these switches can be turned on or off individually. Although it’s normal that if you can write to a file, then you probably want to be able to read from it as well.
These switches are listed in the order read, write, and execute. And because they can be on or off, we can use a zero to mean the switch is off and a one to mean it’s on. This is really just a binary number with 3 digits. So 000 means that you can’t read, you can’t write, and you can’t run the file. While 111 means you can do everything. The number 111 in binary is the number 7 in decimal. So in decimal, the possible permissions go from 0 through 7.
Okay, that’s good for you. You’re the owner of the file and can control what you can do with it now. What about others? Well, Unix allows you to separate everybody else into two groups. The first group is actually a group. This gives you the ability to manage other people who have access because they belong to some group.
Maybe you work in a company that has a sales team and a manufacturing team. You happen to work in manufacturing and want to give access to others in your team. You get the same 3 controls, read, write, and execute. But this time, the value you select will apply not to yourself, but to anybody in your team.
Now, as your team changes and people come and go, the new team members will get the proper access automatically as long as they belong to the right group. You don’t need to change file permissions every time a new team member gets hired. You just need to add that team member to the group.
And finally, you get the same 3 controls for everybody else. When you put all this together, you can specify if you can read, write, or execute, if somebody in your team can read, write, or execute, and if anybody else can read, write, or execute your files. Each one of these gets a number from 0 through 7.
So when you set a file’s permissions to 777, what you’re saying is that you can do anything, your teammates can do anything, and everybody else in the world can do anything with the file.
Now, when I say anybody else in the world, they would still have to have access to your computer system and be able to login with a proper account. That doesn’t mean that you just posted the contents of a file on the internet for the 10 o’clock news.
But it does mean that anybody with access either granted or stolen will be able to do anything with the file.
It’s in your best interest to restrict access to just those who need it. You don’t even want to grant yourself a 7 if you don’t need it.
That might be surprising. After all, we’re used to having full control over our own things. Well, because you’re the owner, you can always give yourself more permissions later if needed. But by restriction access even to yourself, you make it harder to accidentally do things to your files that you don’t want.
There’s one more thing to understand. So far, I’ve described setting read, write, and execute permissions on files. But what about a directory or folder? You can set the same type of permissions on folders but the meaning changes slightly.
What does it mean to read a folder. There’s no data such as a document in a folder to read. That kind of data is stored as files. A folder just organizes files and subfolders. So what does it mean to read a folder?
Well, if you can read a folder, then you can get a list of the file names and subfolder names that exist in the folder.
What about writing to a folder? What does that mean? If you can write to a folder, then you can rename the contents of the folder. You can create new files and sub folders. And you can delete files and subfolders. This is important because there is no separate permission for a file that controls whether or not it can be deleted. If you think about it, deleting something is really just changing the list of the contents of the parent folder. Deleting a file means that the parent folder no longer contains that file. And to do this, you need to be able to write to the parent folder.
What about executing a folder? This gives you the ability to search through folder’s contents for information other than file or subfolder names. The names are controlled by the read permission. If you want to learn about the permissions or sizes or other aspects of a folder’s contents, then you need the execute permission. Some operating systems will also use this execute flag to determine if you can change into a directory and make it your current directory.