EH1:
Linux Lab
|
ASIX/DAW/DAM-1
|
Task A1: Permissions and
ownership
|
22-1-24
|
TASK A1: Permissions and ownership
GENERAL CONDITIONS
1- Deadline:
18-2-24
2- Send your report as a PDF and ODT files attached
to an e-mail with the following specifications:
a) E-mail
address: cf(at)collados.org or jordi.binefa(at)fje.edu
depending on who is your teacher
b)
File Names:
b.1) ASIX1: asix1_surname_name_eh1act01.odt
asix1_surname_name_eh1act01.pdf
b.2) DAW1: daw1_surname_name_eh1act01.odt
daw1_surname_name_eh1act01.pdf
c) Subject:
c.1) ASIX1:
asix1_surname_name_eh1act01
c.2) DAW1:
daw1_surname_name_eh1act01
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size:
10, c) Questions typeface: Bold, d) Answers typeface: Regular
PERMISSIONS AND
OWNERSHIP: DOCUMENTATION
1- Introduction
Remember:
1- Linux is a multi-user system.
It means that more than one user can be operating the
computer at the same time.
2- In a multi-user system, users should not be not
allowed to:
* Interfere with the files belonging to another
users
* Interfere with system files and directories
(configuration files, boot programs, home directory, and so on)
3- In order to restrict what
the users ara allowed to do, Linux comes wtih a control mechanism
to determine who can access a particular file or directories and
what actions they can do to it.
4- There are two parts to the file control mechanism:
Permissions
and Ownership.
5- Permissions determine what a
user or group of users can do to a:
* File --> Read the contents, remove
contents, add new contents, changes contents, execute (for
binaries).
* Directory --> Add files, remove files, change
files, list the contents, gain access to the directory.
6- Ownership determine the set of permissions
obtained depending on who is the user or the group of users
working with a file or directory.
7- Linux supports two methods of controlling who can access
a file or folder and how they can acces it:
a) The traditional Linux
access permissions. This practical exercise discusses the
first method.
b) ACL (Access Control
Lists), which provide finer-grained control of access permissions.
This method is beyond the scope of this academic year
2-
Basic Linux file and folder permission
You should always remember the following ideas:
a) In Linux, file and directory
permissions and ownership control the access level that programs
and users have to files. This ensures that only authorized users
and programs can access specific files and directories.
b) Each
file and directory has its own set of permissions. These
permissions or access rights are assigned to users and groups.
Permissions control the ability of users and groups to view or
make changes to the contents of a file or directory.
c) In Linux, programs are bound to users and group and
therefore, permissions granted to those users control the the ability of programs to
view or make changes to the contents of a file or directory.
d) From the point of view of each particular file or
directory, there are three classes of users
with different kinds of ownership :
- A user called the owner.
The file or directory owner is by default the
creator of that file or directory. Ownership of files and
directories can be changed In Linux. The owner of a file or directory is the one who
can assign and modify permissions for that file or directory.
- A set of users called the group.
Users who are members of this group share the same permissions
and privileges on a file or directory due to their belonging
to that group.
- A set of users called the others:
Any user who is not member of group or is
not the owner. Members of others share the same
permissions and privileges on a file or directory.
- The root user is a special
user. Permissions and ownership do not have a practical effect
on root user. This user can change
ownership and permissions of any file or folder.
e) From the point of view of each particular file or
directory, three types of permissions can be
applied to each class of user :
- read permission:
- If read permission is granted for a file
to a user then, that user can view the contents of that file
with the help of nano, cat, geany, libreoffice,
visual studio code, etc...
- If read permission is
granted for a directory to a user then, that user can view
the contents of that directory with the help ls, tree,
etc...or their graphical
equivalents.
- write permissions:
- If write permission is granted for a file to
a user then, that user can add/remove/modify the
contents of that file with the help of nano, cat,
geany, libreoffice, visual
studio code, etc...
- If write permission is
granted for a directory to a user, that
user can add/remove/modify the contents of that
directory with the help cp, rm, mv,
nano, etc... or their graphical equivalents.
- execute permissions:
- If execute permission is
granted for a file to a user and that file is a
program then, that user can run that programan
otherwise the user can not run that program.
- If the
execute permission is granted for a directory to a user
then, that user is allowed to enter in the directory with
the help of command cd or its graphical
equivalent.
f) Permissions
can be denied or allowed.
g) For every file and directory on your system is mandatory
to specify:
a)
an owner and group
b)
permissions denied and allowed for the owner
c)
permissions denied
and allowed for the group
d)
permissions denied and
allowed for others
h) When you combine ownership and permissions, you
will be able to control who can access files and folders and what
actions they are able to do with it. Three kind of
permissions and three kind of users means that for every
file in your system, 9 parameters have to be set.
i) For every file or folder on the system,
permissions are assigned to users by following these steps:
1st step -->
If the user is the file/folder owner then the user gets the
permissions given to the owner. Permissions assigned for the group
and others are not taken into consideration.
2nd step
--> If the user is not the file/folder owner but is member of the group then the
user gets the permissions given to the group. Permissions
assigned for others are not taken into consideration.
3rd step
--> If
the user is not the file/folder owner and is not member of the
group then
the user gets the permissions given to others.
j) The
following commands can
display/create/change permissions and ownership for any file
or folder on your system:
- ls -ls displays
access permissions and ownership (additionaly, it shows
file size and last modification date and time)
- tree -pug recursively displays access
permissions and ownership
- chmod sets or unsets access
permissions
- chown changes file owner and
group
- chgrp changes group ownership
- id shows a list of groups
(name and identifier number) a user is member of
k) Additional (not mandatory) readings:
3- Interesting facts
a) You can see the contents of a folder using the graphical
user interface and therefore you could believe that you have
gained access to the directory but that's not true. You can see
the contents but you are not in the directory. That happens
because the GUI run 2 operations: it changes to the directory and
it shows the list of its contents. The first operation does not
works but the second operation works.
b) You can run a compiled program (for exemple a c
program) even if you remove the execution permission. That happens
because the program responsible for running a compiled program is
the operating system and like the user root, the operating system
is not affected by permissions over files and directories. But an
interpreted program like (for example a python or bash script
program) requires the help of an external program called
interpreter to be run and this external program is subjected to
the permissions and ownership rules.
4- ls -l
command: Displaying file/folder access permissions and ownership
a) When you run ls
with -ls option and the
name of a file, the command ls displays
a line of localrmation about the file. For instance:
dacomo@inf1-dacomo:~$ ls
-ls zpack.atr.gz
376 -rwxr-xr-- 1 dacomo
teachers 382911 Nov 23 zpack.tar.gz
From left to right, the line contains the following localrmation:
Size (blocks)
|
Type
|
Permissions
|
Number of Links or directories inside
|
Owner
|
Group
|
Additional localrmation
|
376
|
-
|
rwxr-xr--
|
1
|
dacomo
|
teachers
|
382911 Nov 23 zpack.tar.gz
|
Blocks of 1024 bytes
|
-
for a file
d
for a folder
l
for a link
|
r indicates read
permission
w
indicates write permission
x
indicates execute permission
-
The user does not have the permission in that position
|
1 for a file
1
or more for a folder
|
Name of
the owner
|
Name of
the group
|
Size in
bytes
The date
when the file/folder was created or modified
The name of the file or folder
|
b) The nine characters of Permissions are
divided in three groups:
* First group (characters from 1st to 3rd):
The first three characters specify the access permission for
the owner of the file/folder
* Second group (characters from 4th to 6th): The next three characters specify the
access permission for the special group.
* Third group (characters from 7h to 9th): The last three characters
specify the access permission for the other group.
c) When you run ls with -lsd option and the
name of a directory, the command ls displays a line of localrmation about
the directory. For instance:
dacomo@inf1-dacomo:~$
ls -lsd Desktop
-rwxr-xr-- 1 student00
students 465 22 may 2011 README
d) Recursive option -R for folders --> ls -ls -R
folder_name. Example: ls -ls -R /boot
5- tree -pug command:
Displaying folder access permissions and ownership in a
tree-like format
a) Description: The tree -pug command
displays the access permissions, owner and grup of a folder,
recursively in a tree-like format.
b) Synopsis: tree -pug /home/dacomo
6- chmod command:
Changing access permissions
a) Description: The chmod
command-line utility changes the access permissions of a file or
folder
b) Synopsis: chmod
<permissions> file_or_folder_name
c) Permissions in numeric mode: A three digit number in
octal format (0 to 7):
0 octal => 000 binary
=> ---
1 octal => 001 binary
=> --x
2 octal => 010 binary => -w-
3 octal => 011 binary
=> -wx
4 octal => 100 binary
=> r---
5 octal => 101 binary
=> r-x
6 octal => 110 binary
=> rw--
7 octal => 111 binary
=> rwx
d) Permissions in symbolic mode: ugoa (user/group/other/all), +/- (add/remove), rwx (read,write,execute)
e) Examples:
chmod
754 prova.sh =>
a) owner permissions: read, write and excute, b) group
permissions: read and execute, c) other permissions: read.
chmod
640 prova.sh =>
a) owner permissions: read, write b) group permissions:
read c) other permissions: no.
chmod
314 prova.sh =>
a) owner permissions: write and execute b) group
permissions: execute) other permissions: read.
chmod
u+r prova.sh => Adding read permissions to owner
user.
chmod
g-x prova.sh => Removing execute permissions to
group.
chmod a+x
prova.sh => Adding execute permissions to all
(everyone).
chmod ug+rw
prova.sh => Adding read and write permissions to owner
user and group.
chmod ugo-wx prova.sh =>
Removing write and execute permissions to owner user, group and
others (a=ugo).
f) Recursive option -R
for folders --> chmod
-R <permissions> folder_name. Example:
chmod -R 755
/home/student00 ==> Permissions of all files
and folders in /home/student00 will be changed to rwxr-xr-x using this single
command.
7- chown command:
Changing user and group ownership
a) Description: The
chown command-line
utility changes the owner and group of a file/folder.
b) Synopsis 1:
chown
<new_owner:new_group> file_or_folder_name
c) Synopsis 2:
chown
<new_owner> file_or_folder_name
d) Examples:
chown
etpclot:users prova.sh => Changes to
user etpclot and group users the ownership
of file prova.sh.
chown etpclot
prova.sh => Changes to user etpclot the
ownership of file prova.sh.
e) Recursive option
-R for folders --> chown -R <new_owner:new_group>
folder_name.
Example:
chown -R
etpclot:users /home/student00 ==>Ownership of all
files and folders in /home/student00
will be changed to etpclot:users using this single command.
8- chgrp
command: Changing group ownership
a) Description: The chgrp command-line utility changes the group of a
file/folder.
b) Synopsis: chgrp <new_group>
file_or_folder_name
d) Examples:
chgrp
users prova.sh => Changes to users the group of file prova.sh.
chown users /home =>
Changes to users the group of folders /home.
e) Recursive option -R for folders --> chgrp -R <new_group>
folder_name.
Example: chown -R users /home.
Group of all files and folders
in /home will be changed to users using this single command.
9- id command:
Displaying list of groups of which a user is member
The id command-line utility print a list of groups of which a
user is a member. For instance:
dacomo@inf1-dacomo:~$ id
uid=1000(dacomo) gid=1000(dacomo)
grups=1000(dacomo),24(cdrom),25(floppy),27(sudo),
29(audio),30(dip),44(video),46(plugdev),109(netdev),113(bluetooth),120(scanner),998(vboxsf)
In this example, dacomo is member of the following groups: dacomo, cdrom,
floppy,sudo,audio,dip,video,plugdev,netdev,bluetooth,scannerand
vboxsf
10- Writing proper sentences about permissions
Read (mandatory) the following document: About
Permissions
PRACTICAL EXERCISE
FIRST
PART - Working with permissions in numeric mode
0- (Do no take screenshots) Install caja-open-terminal.
Log out your current session. Log in again. Check that you can launch a terminal from a folder by
right-clicking anywhere in the folder and selecting "open in
a terminal".
1- Print the list of groups from which
your users is a member.
2- Copy
and paste the next script:
#Script to print username, current
folder, local date and time
#Author:
clear
DATE=$(date +%Y%m%d)
TIME=$(date +%H%M%S)
PWD=$(pwd)
echo "Hello $USER"
echo "Current Folder: $PWD"
echo "Local Date: $DATE"
echo "Local Time: $TIME"
exit 0
Add your
surname and name after "Author". Save the script in
a file with the following name: local.sh. Show local.sh and
its contents.
4- Display the permissions and ownership of local.sh. Check whether
or not this script is an executable file. Check whether or
not you are able to execute this script.
5- Using the numeric mode, change permissions of local.sh to: a) owner:
read, write, execute, b) group: read, execute and c) other:
execute.Check whether or not you are able to execute this
script.
6- Using the numeric mode, change permissions of local.sh to: a) owner:
write, execute, b) group: execute and c) other: none.Check
whether or not you are able to read this script using nano. or cat. What's happening?
7- Are you able to execute local.sh. Why?
8- Using the numeric mode, change permissions of local.sh to: a) owner:
read, execute, b) group: read and c)other: none. Are you
able to display the contents of local.sh file?. Why?.
9- Are you able to modify the contents of local.sh file?. Why?
10- Create a folder called eh01 in your personal folder. Display the
permissions and ownership of eh01. Try to change to eh01. Is it possible?.
Why?.
11- Using the numeric mode, change permissions
of eh01 to:
a) owner: read b) group: read and c) other: read. Try
to change to eh01.
Is it possible?. Why?.
12- Using the numeric mode, change permissions
of eh01 to:
a) owner: read,execute b) group: read,execute and c)
other: read,execute. Try to change to eh01. Is it possible?.
Why? Try to create a new folder called eh011 inside the eh01. Is it possible?.
Why?
13- Using the numeric mode, change permissions
of eh01 to:
a) owner: write,execute b) group: write,execute and c)
other: write,execute. Try to change to eh01. Is it possible?.
Why? Try to list the contents of eh01.Is it possible?. Why?
SECOND PART - Working
with permissions in symbolic mode
1- Using the symbolic mode, add the read permission for the
owner to folder eh01.
2- Using the symbolic mode, and running a single command,
add the read permission for the
group and others to folder
eh01.
3- Using the symbolic mode, and running a single command,
remove the write permission for the
group and others from
folder eh01.
4- Using the symbolic mode, and running a single command,
remove the execute permission for
the owner, group and others from
folder eh01.
5-Using the symbolic mode, remove the write permission for the
owner to folder eh01.
6- Using the symbolic mode, and running a single command,
add the write and execute permissions for
the owner, group and others to folder
eh01.
7- Using the symbolic mode, and running a single command,
remove any kind of
permission for any user
from folder eh01.
8- Using the symbolic mode, and running a single command,
give read, write and execute permissions
for any user to
folder eh01.
9- What doest it happen if you run the following
command: chmod -x eh01?. Find another
command which can perfom identical changes in the folder
permissions.
10- Using the symbolic
mode, and running a single command, give execute
permissions for the owner to folder
eh01.
THIRD PART -
Ownership of files and folders
1- Set the system user daemon as the owner of eh01.
Check permissions and ownership of eh01.
2- As your normal user: Try to change to eh01. Is it
possible?. Why?
3- Set tty
as the group of eh01. Check permissions and ownership of eh01.
4- Running a single command: set sys as the owner and disk as the group of eh01. Check permissions and ownership of eh01.
FOURTH PART - Recursion
1- Create the following directory tree
in your personal folder:
With the help of command tree and running a
single command: Check permissions and ownership of any
file or folder in webapp.
2- Running a single command and using
the recursive
option, set the following permissions to any file or
folder in webapp
-> owner: read and execute, group: read and
other: none. With the help of tree, check permissions and ownership of any
file or folder in webapp.
3- Running a single command and using the recursive option, set sys as the owner and adm as the group of any file and
folder in webapp. With the help
of tree, check permissions and ownership
of any file or folder in webapp.