File permissions and ownership Hi there. It's great to have you back! Let's continue to learn more about how to  work in Linux as a security analyst. In this video, we'll explore  file and directory permissions. We'll learn how Linux represents permissions  and how you can check for the permissions  associated with files and directories. Permissions are the type of  access granted for a file or directory. Permissions are related to authorization. Authorization is the concept of granting  access to specific resources in a system. Authorization allows you to limit  access to specified files or directories. A good rule to follow is that  data access is on a need-to-know basis. You can imagine the security risk  it would impose if anyone  could access or modify anything they wanted to on a system. There are three types of permissions in  Linux that an authorized user can have. The first type of permission is read.  On a file, read permissions means contents on the file can be read. On a directory,  this permission means you can read  all files in that directory. Next are write permissions.  Write permissions on a file allow modifications of contents of the file. On a directory, write permissions indicate that  new files can be created in that directory. Finally, there are also execute permissions. Execute permissions on files mean that  the file can be executed if it's an executable file. Execute permissions on directories allow users to  enter into a directory and access its files. Permissions are granted for  three different types of owners. The first type is the user. The user is the owner of the file. When you create a file,  you become the owner of the file,  but the ownership can be changed. Group is the next type. Every user is a part of a certain group. A group consists of several users,  and this is one way to manage a multi-user environment. Finally, there is other. Other can be considered all other users on the system. Basically, anyone else with access  to the system belongs to this group. In Linux, file permissions are  represented with a 10-character string. For a directory with full permissions for the user group, this string would be: drwxrwxrwx.  Let's examine what this means more closely. The first character indicates the file type. As shown in this example,  d is used to indicate it is a directory. If this character contains a hyphen instead,  it would be a regular file. The second, third, and  fourth characters indicate the permissions for the user. In this example, r  indicates the user has read permissions,  w indicates the user has write permissions,  x indicates the user has execute permissions.  If one of these permissions was missing, there would be a hyphen instead of the letter. In the same way, the fifth, sixth,  and seventh characters indicate  permissions for the next owner type group. As it shows here,  the type group also has read,  write, and execute permissions. There are no hyphens to indicate that  any of these permissions haven't been granted. Finally, the eighth through tenth characters  indicate permissions for the last owner type: other. They also have read, write,  and execute permissions in this example. Ensuring files and directories are set  with their appropriate access permissions is  critical to protecting sensitive files and  maintaining the overall security of a system. For example, payroll departments  handle sensitive information. If someone outside of  the payroll group could read this file,  this would be a privacy concern. Another example is when the user,  the group, and other can all write to a file. This type of file is considered a world-writable file. World-writable files can pose significant security risks. So how do we check permissions? First, we need to understand what options are. Options modify the behavior of the command. The options for a command  can be a single letter or a full word. Checking permissions involves adding  options to the ls command. First, ls -l displays permissions to files and directories.  You might also want to display  hidden files and identify their permissions. Hidden files, which begin with  a period before their name, don't normally appear when you use ls to display file contents. Entering ls -a displays hidden files. Then you can combine these two options to do both. Entering ls -la displays permissions  to files and directories, including hidden files. Let's get into Bash and try out these options. Right now, we're in the project subdirectory. First, let's use the ls command to display its contents. The output displays the files in this directory,  but we don't know anything about their permissions. By using ls -l instead,  we get expanded information on  these files. Let's do this. The file names are now on the right side of each row. The first piece of information in each row  shows the permissions in  the format that we discussed earlier. Since these are all files and not directories,  notice how the first character is a hyphen. Let's focus on one specific file: project1.txt. The second through fourth characters of its  permissions show us the user  has both read and write permissions  but lacks execute permissions. In both the fifth through  seventh characters and eighth through tenth characters,  the sequence is r--. This means group and other have only read privileges. After the permissions, ls -l first displays the username. Here, that's us, analyst. Next comes the group name; in our case, the security group.  Now let's use ls -a The output includes two more files—hidden  files with the names: .hidden1.txt  and .hidden2.txt Finally, we can also use  ls -la to show the permissions for all files,  including these hidden files. I thought that was pretty interesting. Did you? You now know a little more about  file permissions and ownership. This will be helpful when working in  security because monitoring and  setting correct permissions is essential for protecting information. Take a small break and meet me in the next video.