M01: Introduction to Operating Systems

TU1: Installing, configuring and exploiting a computer system

ASIX1

Practical Exercise 5: Permissions and ownership

17-11-22

Practical Exercise 5: Permissions and ownership

GENERAL CONDITIONS
1- Deadline: 04-12-22
2- Send your report as a PDF and ODT files attached to an e-mail with the following specifications:
     a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending on who is your teacher
     b) File Names:
    b.1) ASIX1: asix1_surname_name_m01tu01pr5.odt
                           asix1_surname_name_m01tu01pr5.pdf
        b.2) DAW1: daw1_surname_name_m01tu01pr5.odt
                             daw1_surname_name_m01tu01pr5.pdf
     c) Subject:
       c.1) ASIX1: asix1_surname_name_m01tu01pr5
       c.2) DAW1: daw1_surname_name_m01tu01pr5
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular

PERMISSIONS AND OWNERSHIP: DOCUMENTATION

1- Introduction

Remember:

1- Linux is a multi-user system. It means that more than one user can be operating the computer at the same time.

2- In a multi-user system, users should not be not allowed to:
    * Interfere with the files belonging to another users
    * Interfere with system files and directories (configuration files, boot programs, home directory, and so on)

3- In order to restrict what the users ara allowed to do, Linux comes wtih a control mechanism to determine who can access a particular file or directories and what actions they can do to it.

4- There are two parts to the file control mechanism: Permissions and Ownership.

5- Permissions determine what a user or group of users can do to a:
    * File --> Read the contents, remove contents, add new contents, changes contents, execute (for binaries).
    * Directory --> Add files, remove files, change files, list the contents, gain access to the directory.

6- Ownership determine the set of permissions obtained depending on who is the user or the group of users working with a file or directory.

7- Linux supports two methods of controlling who can access a file or folder and how they can acces it:
      a) The traditional Linux access permissions. This practical exercise discusses the first method.
      b) ACL (Access Control Lists), which provide finer-grained control of access permissions. This method is beyond the scope of this academic year

2- Basic Linux file and folder permission

You should always remember the following ideas:

a) In Linux, file and directory permissions and ownership control the access level that programs and users have to files. This ensures that only authorized users and programs can access specific files and directories.

b) Each file and directory has its own set of permissions. These permissions or access rights are assigned to users and groups. Permissions control the ability of users and groups to view or make changes to the contents of a file or directory.

c) In Linux, programs are bound to users and group and therefore, permissions granted to those users control the the ability of programs to view or make changes to the contents of a file or directory.

d) From the point of view of each particular file or directory, there are three classes of users with different kinds of ownership :

A user called the owner. The file or directory owner is by default the creator of that file or directory. Ownership of files and directories can be changed In Linux. The owner of a file or directory is the one who can assign and modify permissions for that file or directory.
A set of users called the group. Users who are members of this group share the same permissions and privileges on a file or directory due to their belonging to that group.
A set of users called the others: Any user who is not member of group or is not the owner. Members of others share the same permissions and privileges on a file or directory.
The root user is a special user. Permissions and ownership do not have a practical effect on root user. This user can change ownership and permissions of any file or folder.

e) From the point of view of each particular file or directory, three types of permissions can be applied to each class of user :

read permission:

If read permission is granted for a file to a user then, that user can view the contents of that file with the help of nano, cat, geany, libreoffice, visual studio code, etc...
If read permission is granted for a directory to a user then, that user can view the contents of that directory with the help ls, tree, etc...or their graphical equivalents.

write permissions:

If write permission is granted for a file to a user then, that user can add/remove/modify the contents of that file with the help of nano, cat, geany, libreoffice, visual studio code, etc...
If write permission is granted for a directory to a user, that user can add/remove/modify the contents of that directory with the help cp, rm, mv, nano, etc... or their graphical equivalents.

execute permissions:

If execute permission is granted for a file to a user and that file is a program then, that user can run that programan otherwise the user can not run that program.
If the execute permission is granted for a directory to a user then, that user is allowed to enter in the directory with the help of command cd or its graphical equivalent.

f) Permissions can be denied or allowed.

g) For every file and directory on your system is mandatory to specify:
            a) an owner and group
            b) permissions denied and allowed for the owner
            c) permissions denied and allowed for the group
            d) permissions denied and allowed for others

h) When you combine ownership and permissions, you will be able to control who can access files and folders and what actions they are able to do with it. Three kind of permissions and three kind of users means that for every file in your system, 9 parameters have to be set.

i) For every file or folder on the system, permissions are assigned to users by following these steps:
         1st step --> If the user is the file/folder owner then the user gets the permissions given to the owner. Permissions assigned for the group and others are not taken into consideration.
         2nd step --> If the user is not the file/folder owner but is member of the group then the user gets the permissions given to the group. Permissions assigned for others are not taken into consideration.
         3rd step --> If the user is not the file/folder owner and is not member of the group then the user gets the permissions given to others.

j) The following commands can display/create/change permissions and ownership for any file or folder on your system:

ls -ls displays access permissions and ownership (additionaly, it shows file size and last modification date and time)
tree -pug recursively displays access permissions and ownership
chmod sets or unsets access permissions
chown changes file owner and group
chgrp changes group ownership
id shows a list of groups (name and identifier number) a user is member of

k) Additional (not mandatory) readings:

3- ls -l command: Displaying file/folder access permissions and ownership

a) When you run ls with -ls option and the name of a file, the command ls displays a line of information about the file. For instance:
dacomo@inf1-dacomo:~$ ls -ls zpack.atr.gz
376 -rwxr-xr-- 1 dacomo teachers 382911 Nov 23 zpack.tar.gz

From left to right, the line contains the following information:

Size (blocks)	Type	Permissions	Number of Links or directories inside	Owner	Group	Additional Information
376	-	rwxr-xr--	1	dacomo	teachers	382911 Nov 23 zpack.tar.gz
Blocks of 1024 bytes	- for a file d for a folder l for a link	r indicates read permission w indicates write permission x indicates execute permission - The user does not have the permission in that position	1 for a file 1 or more for a folder	Name of the owner	Name of the group	Size in bytes The date when the file/folder was created or modified The name of the file or folder

b) The nine characters of Permissions are divided in three groups:
      * First group (characters from 1st to 3rd): The first three characters specify the access permission for the owner of the file/folder
        * Second group (characters from 4th to 6th): The next three characters specify the access permission for the special group.
        * Third group (characters from 7h to 9th): The last three characters specify the access permission for the other group.

c) When you run ls with -lsd option and the name of a directory, the command ls displays a line of information about the directory. For instance:
dacomo@inf1-dacomo:~$ ls -lsd Desktop
-rwxr-xr-- 1 student00 students 465 22 may 2011 README

d) Recursive option -R for folders --> ls -ls -R folder_name. Example: ls -ls -R /boot

4-    tree -pug command: Displaying folder access permissions and ownership in a tree-like format

a) Description: The tree -pug command displays the access permissions, owner and grup of a folder, recursively in a tree-like format.

b) Synopsis: tree -pug /home/dacomo

5-    chmod command: Changing access permissions

a) Description: The chmod command-line utility changes the access permissions of a file or folder

b) Synopsis: chmod <permissions> file_or_folder_name

c) Permissions in numeric mode: A three digit number in octal format (0 to 7):
        0 octal => 000 binary => ---
        1 octal => 001 binary => --x
        2 octal => 010 binary => -w-
        3 octal => 011 binary => -wx
        4 octal => 100 binary => r---
        5 octal => 101 binary => r-x
        6 octal => 110 binary => rw--
        7 octal => 111 binary => rwx

d) Permissions in symbolic mode: ugoa (user/group/other/all), +/- (add/remove), rwx (read,write,execute)

e) Examples:
    chmod 754 prova.sh => a) owner permissions: read, write and excute, b) group permissions: read and execute, c) other permissions: read.
    chmod 640 prova.sh => a) owner permissions: read, write b) group permissions: read c) other permissions: no.
    chmod 314 prova.sh => a) owner permissions: write and execute b) group permissions: execute) other permissions: read.
    chmod u+r prova.sh => Adding read permissions to owner user.
    chmod g-x prova.sh => Removing execute permissions to group.
    chmod a+x prova.sh => Adding execute permissions to all (everyone).
    chmod ug+rw prova.sh => Adding read and write permissions to owner user and group.
    chmod ugo-wx prova.sh => Removing write and execute permissions to owner user, group and others (a=ugo).

f) Recursive option -R for folders --> chmod -R <permissions> folder_name. Example: chmod -R 755 /home/student00 ==> Permissions of all files and folders in /home/student00 will be changed to rwxr-xr-x using this single command.

6-    chown command: Changing user and group ownership

a) Description: The chown command-line utility changes the owner and group of a file/folder.

b) Synopsis 1: chown <new_owner:new_group> file_or_folder_name

c) Synopsis 2: chown <new_owner> file_or_folder_name

d) Examples:
     chown etpclot:users prova.sh => Changes to user etpclot and group users the ownership of file prova.sh.
     chown etpclot prova.sh => Changes to user etpclot the ownership of file prova.sh.

e) Recursive option -R for folders --> chown -R <new_owner:new_group> folder_name.
     Example: chown -R etpclot:users /home/student00 ==>Ownership of all files and folders in /home/student00 will be changed to etpclot:users using this single command.

7-    chgrp command: Changing group ownership

a) Description: The chgrp command-line utility changes the group of a file/folder.

b) Synopsis: chgrp <new_group> file_or_folder_name

d) Examples:
     chgrp users prova.sh => Changes to users the group of file prova.sh.
    chown users /home => Changes to users the group of folders /home.

e) Recursive option -R for folders --> chgrp -R <new_group> folder_name.
    Example: chown -R users /home. Group of all files and folders in /home will be changed to users using this single command.

8-    id command: Displaying list of groups of which a user is member

The id command-line utility print a list of groups of which a user is a member. For instance:

dacomo@inf1-dacomo:~$ id
uid=1000(dacomo) gid=1000(dacomo) grups=1000(dacomo),24(cdrom),25(floppy),27(sudo),
29(audio),30(dip),44(video),46(plugdev),109(netdev),113(bluetooth),120(scanner),998(vboxsf)

In this example, dacomo is member of the following groups: dacomo, cdrom, floppy,sudo,audio,dip,video,plugdev,netdev,bluetooth,scannerand vboxsf

9- Writing proper sentences about permissions

Read (mandatory) the following document: About Permissions

PRACTICAL EXERCISE

FIRST PART - Working with permissions in numeric mode

0- (Do no take screenshots):

Install caja-open-terminal. Log out your current session. Log in again.
Open your personal folder. Change to the Documents folder.
With the right button of your mouse click on any free spot of in the Document folder and select the option "open in a terminal" when your system shows you a menu.
Check that your terminal has been opened directly in ~/Documents.

Now, whenever you need to run a terminal opened directly in your present folder, just click the right button of your mouse on any free spot of the folder and select "open in a terminal".

1- Print the list of groups from which your users is a member.

2- Copy and paste the next script:
#Script to print local date, time and listing current folder
#Author:
clear
DATE=$(date +%Y%m%d)
TIME=$(date +%H%M%S)
PWD=$(pwd)
echo "Hello $USER"
echo "Current Folder: $PWD"
echo "Local Date: $DATE"
echo "Local Time: $TIME"
exit 0
Add your surname and name after "Author". Save the script in a file with the following name: info.sh. Show info.sh and its contents.

4- Display the permissions and ownership of info.sh. Check whether or not this script is an executable file. Check whether or not you are able to execute this script.

5- Using the numeric mode, change permissions of info.sh to: a) owner: read, write, execute, b) group: read, execute and c) other: execute.Check whether or not you are able to execute this script.

6- Using the numeric mode, change permissions of info.sh to: a) owner: write, execute, b) group: execute and c) other: none.Check whether or not you are able to read this script using nano. or cat. What's happening?

7- Are you able to execute info.sh. Why?

8- Using the numeric mode, change permissions of info.sh to: a) owner: read, execute, b) group: read and c)other: none. Are you able to display the contents of info.sh file?. Why?.

9- Are you able to modify the contents of info.sh file?. Why?

10- Create a folder called test05 in your personal folder. Display the permissions and ownership of test05. Try to change to test05. Is it possible?. Why?.

11- Using the numeric mode, change permissions of test05 to: a) owner: read b) group: read and c) other: read. Try to change to test05. Is it possible?. Why?.

12- Using the numeric mode, change permissions of test05 to: a) owner: read,execute b) group: read,execute and c) other: read,execute. Try to change to test05. Is it possible?. Why? Try to create a new folder called test051 inside the test05. Is it possible?. Why?

13- Using the numeric mode, change permissions of test05 to: a) owner: write,execute b) group: write,execute and c) other: write,execute. Try to change to test05. Is it possible?. Why? Try to list the contents of test05.Is it possible?. Why?

SECOND PART - Working with permissions in symbolic mode

1- Using the symbolic mode, add the read permission for the owner to folder test05.

2- Using the symbolic mode, and running a single command, add the read permission for the group and others to folder test05.

3- Using the symbolic mode, and running a single command, remove the write permission for the group and others from folder test05.

4- Using the symbolic mode, and running a single command, remove the execute permission for the owner, group and others from folder test05.

5-Using the symbolic mode, remove the write permission for the owner to folder test05.

6- Using the symbolic mode, and running a single command, add the write and execute permissions for the owner, group and others to folder test05.

7- Using the symbolic mode, and running a single command, remove any kind of permission for any user from folder test05.

8- Using the symbolic mode, and running a single command, give read, write and execute permissions for any user to folder test05.

9- What doest it happen if you run the following command: chmod -x test05?. Find another command which can perfom identical changes in the folder permissions.

10- Using the symbolic mode, and running a single command, give execute permissions for the owner to folder test05.

THIRD PART - Ownership of files and folders

1- Set the system user daemon as the owner of test05. Check permissions and ownership of test05.

2- As your normal user: Try to change to test05. Is it possible?. Why?

3- Set tty as the group of test05. Check permissions and ownership of test05.

4- Running a single command: set sync as the owner and disk as the group of test05. Check permissions and ownership of test05.

FOURTH PART - Recursion

1- Create the following directory tree in your personal folder:

2- With the help of command tree and running a single command: Check permissions and ownership of any file or folder in webapp.

3- Running a single command and using the recursive option, set the following permissions to any file or folder in webapp:
    a) owner: read and execute
    b) group: read
    c) other: none

4- With the help of command ls and running a single command: Check recursively permissions and ownership of files and folders in webapp.

5- Running a single command and using the recursive option, set sync as the owner and mail as the group of webapp.

6- With the help of command tree and running a single command: Check permissions and ownership of any file or folder in webapp.