M01: Introduction to Operating Systems
TU1: Installing, configuring and exploiting a computer system
ASIX1
Practical Exercise 6: Permissions and ownership 29-11-16

Practical Exercise 6: Permissions and ownership

GENERAL CONDITIONS
1- Deadline: On 18-12-16    
2- Send your report as a PDF file attached to an e-mail with the following specifications:
     a) E-mail address:
cf(at)collados.org or jordi.binefa(at)fje.edu depending on who is your teacher
     b) File Name:
        b.1)
ASIX1 (Catalan): asix1_surname_name_m01tu01pr6.pdf
        b.2)
DAW1 (English): daw1_surname_name_m01tu01pr6.pdf
    
c) Subject:
       c.1)
ASIX1 (Catalan): asix1_surname_name_m01tu01pr6
       c.2) DAW1 (English): daw1_surname_name_m01tu01pr6
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular
6- Page numbering on footer bar

PERMISSIONS AND OWNERSHIP: DOCUMENTATION

1- Introduction

Remember:

1-  Linux  is a  multi-user  system.  It  means that more  than one user can be operating the computer at the same time. For example, if your computer is attached to a network, or the Internet, remote users can log via ssh (secure shell) and operate the computer. In fact, remote users can even execute graphical applications  have the graphical output displayed on a remote computer.

2-  In a multi-user system, users should not be not allowed to interfere with the files belonging to another users or the main system files and directories (configuration files, boot programs, home directory, and so on).  In  order to protect the users from each other and the system for any user, Linux comes wtih a file control mechanism to determine who can access a particular file or directories and what actions they can do to it.

3- There are two parts to the file control mechanism: 
Permissions  and  Ownership.

4- Permissions  determine the ways in which a user or group of users can use a file, in other word, what a user or group of users can do to a file.

5- Ownership determine the set of permissions obtained depending on who is the user or the group of users working with a file or directory.

6- Linux supports two methods of controlling who can access a file or folder and how they can acces it:
      a) The traditional Linux access permissions. This  practical exercise discusses the first method.
      b) ACL (Access Control Lists), which provide finer-grained control of access permissions. This method is discussed in the following practical exercise.

2- Traditional Linux access permission

You should always remember the following ideas:

1-  Each file and directory has its own set of permissions. These permissions or access rights are assigned to users and groups. Permissions control the ability of users and groups to view or make changes to the contents of a file or directory.

2- From the point of view of each particular file or directory,  there are  three types or classes of users  with  different kinds of ownership :
        a) A user called the owner.  The file or directory  owner  is usually the creator of the file or directory.  In Linux, files or directories that you created in your personal directory are  usually  owned  by you, unless you specifically change
        the ownership. The owner of a file or directory is the one who can assign permissions for the file or directory.
        b) A set of users called the group. Users who are members of this group share the same permissions and privileges on a file or directory due to their belonging to that  group .
        c) A set of users called the others : Everyone else  who is not member of group  or is not the  owner. Members of others share the same permissions and privileges on a file or directory.
        NOTE:   root  user is a special user. Permissions and ownership do not have a practical effect on root  user. 

3- Linux permissions dictate  3  things  a user can do with a file or directory. A user can attempt to:
         a) read  from a file or directory, in other words, a user can attempt to to view the contents of a file or directory.
         b) write  to a file or directory, in other words,   a user can attempt to change the contents of a file or directory.
         c) execute  it, in other words,   a user can attempt to to execute or run a file if it is a program or script.
         NOTE: If the  execute permission of a directory is set for a user then, the user is allowed to enter in the directory and access files and directories inside.


4- Permissions can be denied or allowed.


5-
For every file and directory on your system is mandatory to specify:
        a) an owner and group
        b) permissions denied and allowed for
the owner
        c)
permissions denied and allowed for the group
        d)
permissions denied and allowed for others

6- When you combine ownership and permissions, you will be able to control who can access files and folders and what actions  they are able to do with it. Three kind of permissions  and three kind of users means that for every file in your
system, 9 parameters have to be set.

7- For every file  or folder on the system, the effective permissions are assigned to users in this order:
     a) If the user is the file/folder owner then the user gets the permissions given to the owner. Permissions assigned for the group and others are not taken into consideration.
     b) If the user is not the file/folder owner but
is member of the group then the user gets the permissions given to the group. Permissions assigned for others are not taken into consideration.
     c)
If the user is not the file/folder owner and is not member of the group  then the user gets the permissions given to others.

8- You can use a set of command-line utilities to display, create and change  permissions and ownership for any file or folder on your system:
      a)  ls    -l     -- >   Display access permissions and ownership
      b)  chmod  -- >   Change access permissions
      c)  chown   -- >   Change file owner and group
      d)  chgrp    -- >   Change group ownership


2.1- ls -l command: Displaying file/folder access permissions and ownership
When you call ls with -l option and the name of a file/folder, the command ls displays a line of information about the file. For instance:
student00@computer01:~>ls  -ls  tasks.txt
-rwxr-xr-- 1 student00 students 465 22 may  2011 README

From left to right, the line contains the following information:
Type
Permissions
Number of Links or directories inside
Owner
Group
Additional Information
-
rwxr-xr--
1
student00
students
465 22 may 2011 README.txt
for  a file
d for a folder
l for a link
indicates read permission
w indicates write permission
x indicates execute permission
- The user does not have the permission in that position
1 for a file
1 or more for a folder
Name of the owner
Name of the group
Size in bytes
The date and time the file/folder was created or modified
The name of the file or folder

The nine characters of Permissions are divided in three groups:
a) First group (characters from 1st to 3rd): The first three characters specify the access permission for the owner of the file/folder
b)
Second group (characters from 4th to 6th): The next three characters specify the access permission for the special group.
c) Third group (characters from 7h to 9th): The last  three characters specify the access permission for the other group.

2.2- chmod command: Changing access permissions
a) Description: The chmod command-line utility changes the access permissions of a file or folder
b) Synopsis:  chmod  <permissions>  file_or_folder_name
c)
Permissions in numeric mode: A three digit number in octal format (0 to 7):
0 octal => 000 binary => ---
1 octal => 001 binary => --x
2 octal => 010 binary => -w-
3 octal => 011 binary => -wx
4 octal => 100 binary => r---
5 octal => 101 binary => r-x
6 octal => 110 binary => rw--
7 octal => 111 binary => rwx
d) Permissions in symbolic mode:  ugoa (user/group/other/all), +/- (add/remove),  rwx (read,write,execute)
e) Examples:
    chmod  754 prova.sh  => a) owner permissions: read, write and excute, b) group permissions: read and execute, c) other permissions: read.
    chmod  640 prova.sh  => a) owner permissions: read, write b) group permissions: read c) other permissions: no.
    chmod  314 prova.sh  => a) owner permissions: write and execute b) group permissions: execute) other permissions: read.
    chmod  u+r prova.sh => Adding read permissions to owner user.
    chmod g-x  prova.sh => Removing execute permissions to group.
    chmod a+x prova.sh => Adding execute permissions to all (everyone).
    chmod ug+rw prova.sh => Adding read and write permissions to owner user and group.
    chmod ugo-wx prova.sh => Removing write and execute permissions to owner user, group and others (a=ugo).
f) Recursive option -R for folders --> chmod -R  <permissions>  folder_name. Example: chmod -R  755  /home/student00 ==> Permissions of all files and folders in /home/student00 will be changed to rwxr-xr-x using this single command.

2.3- chown command: Changing user and group ownership
a) Description: The chown command-line utility changes the owner and group of a file/folder.
b) Synopsis 1:  chown  <new_owner:new_group>  file_or_folder_name

c) Synopsis 2:  chown  <new_owner>  file_or_folder_name
d)
Examples:
     chown  etpclot:users  prova.sh  => Changes to user etpclot and group users the ownership of file prova.sh.
   
chown  etpclot  prova.sh  => Changes to user etpclot  the ownership of file prova.sh.
e) Recursive option -R for folders --> chown -R  <new_owner:new_group>  folder_name. Example: chown -R  etpclot:users  /home/student00 ==>Ownership of all files and folders in /home/student00 will be changed to etpclot:users using this single command.

2.4- chgrp command: Changing group ownership
a) Description: The chgrp command-line utility changes the group of a file/folder.
b) Synopsis:  chgrp  <new_group>  file_or_folder_name
d) Examples:
     chgrp users  prova.sh  => Changes
to users the group of file prova.sh.
   
chown users  /home  => Changes to users the group of folders /home.
e) Recursive option -R for folders --> chgrp -R  <new_group>  folder_name. Example: chown -R  users  /home. Group of all files and folders in /home will be changed to users using this single command.

2.5.- id command: Displaying
list of groups of which a user is member
a) Description: The id command-line utility print an effective list of groups of which a user is a member.
b) Synopsis:  id

PRACTICAL EXERCISE

FIRST PART - Working with permissions in numeric mode
1.-
Copy and paste the next script:
#!/bin/bash 
# Script to print local date, time and listing current folder 
clear
DATE=$(date +%Y%m%d)
TIME=$(date +%H%M%S)
PWD=$(pwd)
echo "Hello $USER"

echo "Current Folder: $PWD"
echo "Local Date: $DATE"

echo "Local Time: $TIME"
exit 0

Save the script in a file with the following name: scr06.sh.
2- Display the permissions and ownership of scr06.sh. Check whether or not this script is an executable file. Check whether or not you are able to execute this script.
3- Using the numeric mode, change permissions of scr06.sh to: a) owner: read, write, execute, b) group: read, execute and c) other: execute.Check whether or not you are able to execute this script.
4- Using the numeric mode, change permissions of scr06.sh to: a) owner: write, execute, b) group: execute and c) other: none.Check whether or not you are able to open this script using nano. or cat. What's happening?
5- Are you able to execute scr06.sh. Why?
6- Using the numeric mode, change permissions of scr06.sh to: a) owner: read, execute, b) group: read and c)other: none. Are you able to display the contents of scr06.sh file?. Why?.
7- Are you able to modify the contents of scr06.sh file?. Why?
8- Print the effective effective list of groups from which your users  is a member.
9- Create a folder called dir06 in your home folder. Display the permissions and ownership of dir06. Try to change to dir06. Is it possible?. Why?.
10- Using the numeric mode, change permissions of  dir06 to: a) owner: read b) group: read  and c) other: read. Try to change to dir06. Is it possible?. Why?.
11- Using the numeric mode, change permissions of  dir06 to: a) owner: read,execute b) group: read,execute  and c) other: read,execute. Try to change to dir06. Is it possible?. Why? Try to create a new folder called dir061 inside the dir06.Is it possible?. Why?
12- Using the numeric mode, change permissions of  dir06 to: a) owner: write,execute b) group: write,execute  and c) other: write,execute. Try to change to dir06. Is it possible?. Why? Try to list the contents of dir06.Is it possible?. Why?


SECOND PART - Working with permissions in symbolic mode
1- Using the symbolic mode, add the read permission for the owner to folder dir06.
2- Using the symbolic mode, and running a single command, add the read permission for the group and others  to folder dir06.
3- Using the symbolic mode, and running a single command, remove the write permission for the group and others  from folder dir06.
4- Using the symbolic mode, and running a single command, remove the execute permission for the owner, group and others  from folder dir06.
5-Using the symbolic mode, remove the write permission for the owner to folder dir06.
6-
Using the symbolic mode, and running a single command, add the write and execute permissions for the owner, group and others  to folder dir06.
7- Using the symbolic mode, and running a single command, remove any kind of permission for any user from folder dir06.
8- Using the symbolic mode, and running a single command, give  read, write and execute  permissions for any user to folder dir06.
9- What doest it happen if you run the following command: chmod -x dir06?. Find another command which can perfom identical changes in the folder permissions.

THIRD PART - Ownership of files and folders
1-
Set the special user sys as the owner of dir06.
2- Set users as the group of dir06.
3- Running a single command set mail as the owner and adm as the group of dir06


FOURTH PART - Recursion
1-
Creates the following directory tree in your home folder:


Running a single command and using the recursive option, check the default permissions of any file or folder in games.
2- Running a single command and  using the recursive option, set the following permissions to any file or folder   in games:
a) owner: read and execute
b) group: read
c) other: none
Check the default permissions of any files or folder in games.
3- Running a single command, using the recursive option, set sys as the owner and adm as the group of games. Check the owner and group of any file or folder in games.
4- Remove recursively folders dir06 and games.