M01: Introduction to Operating Systems
TU1: Installing, configuring and exploiting a computer system
ASIX1
Practical Exercise 6: Permissions and ownership 25-11-19

Practical Exercise 6: Permissions and ownership

GENERAL CONDITIONS
1- Deadline: On 8-12-19   
2- Send your report as a PDF file attached to an e-mail with the following specifications:
     a) E-mail address:
cf(at)collados.org or jordi.binefa(at)fje.edu depending on who is your teacher
     b) File Name:
        b.1)
ASIX1: asix1_surname_name_m01tu01pr6.pdf
        b.2)
DAW1: daw1_surname_name_m01tu01pr6.pdf
    
c) Subject:
       c.1)
ASIX1: asix1_surname_name_m01tu01pr6
       c.2) DAW1: daw1_surname_name_m01tu01pr6
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular
6- Page numbering on footer bar

PERMISSIONS AND OWNERSHIP: DOCUMENTATION

1- Introduction

Remember:

1-  Linux  is a  multi-user  system.  It  means that more  than one user can be operating the computer at the same time. For example, if your computer is attached to a network, or the Internet, remote users can log via ssh (secure shell) and operate the computer. In fact, remote users can even execute graphical applications  have the graphical output displayed on a remote computer.

2-  In a multi-user system, users should not be not allowed to interfere with the files belonging to another users or the main system files and directories (configuration files, boot programs, home directory, and so on).  In  order to protect the users from each other and the system for any user, Linux comes wtih a file control mechanism to determine who can access a particular file or directories and what actions they can do to it.

3- There are two parts to the file control mechanism: 
Permissions  and  Ownership.

4- Permissions  determine the ways in which a user or group of users can use a file, in other word, what a user or group of users can do to a file.

5- Ownership determine the set of permissions obtained depending on who is the user or the group of users working with a file or directory.

6- Linux supports two methods of controlling who can access a file or folder and how they can acces it:
      a) The traditional Linux access permissions. This  practical exercise discusses the first method.
      b) ACL (Access Control Lists), which provide finer-grained control of access permissions. This method is discussed in the following practical exercise.

2- Traditional Linux access permission

You should always remember the following ideas:

1-  Each file and directory has its own set of permissions. These permissions or access rights are assigned to users and groups. Permissions control the ability of users and groups to view or make changes to the contents of a file or directory.

2- From the point of view of each particular file or directory,  there are  three types or classes of users  with  different kinds of ownership :
        a) A user called the owner.  The file or directory  owner  is usually the creator of the file or directory.  In Linux, files or directories that you created in your personal directory are  usually  owned  by you, unless you specifically change
        the ownership. The owner of a file or directory is the one who can assign permissions for the file or directory.
        b) A set of users called the group. Users who are members of this group share the same permissions and privileges on a file or directory due to their belonging to that  group .
        c) A set of users called the others : Everyone else  who is not member of group  or is not the  owner. Members of others share the same permissions and privileges on a file or directory.
        NOTE:   root  user is a special user. Permissions and ownership do not have a practical effect on root  user. 

3- Linux permissions dictate  3  things  a user can do with a file or directory. A user can attempt to:
         a) read  from a file or directory, in other words, a user can attempt to to view the contents of a file or directory.
         b) write  to a file or directory, in other words,   a user can attempt to change the contents of a file or directory.
         c) execute  it, in other words,   a user can attempt to to execute or run a file if it is a program or script.
         NOTE: If the  execute permission of a directory is set for a user then, the user is allowed to enter in the directory and access files and directories inside.


4- Permissions can be denied or allowed.


5-
For every file and directory on your system is mandatory to specify:
        a) an owner and group
        b) permissions denied and allowed for
the owner
        c)
permissions denied and allowed for the group
        d)
permissions denied and allowed for others

6- When you combine ownership and permissions, you will be able to control who can access files and folders and what actions  they are able to do with it. Three kind of permissions  and three kind of users means that for every file in your
system, 9 parameters have to be set.

7- For every file  or folder on the system, the effective permissions are assigned to users in this order:
     a) If the user is the file/folder owner then the user gets the permissions given to the owner. Permissions assigned for the group and others are not taken into consideration.
     b) If the user is not the file/folder owner but
is member of the group then the user gets the permissions given to the group. Permissions assigned for others are not taken into consideration.
     c)
If the user is not the file/folder owner and is not member of the group  then the user gets the permissions given to others.

8- You can use a set of command-line utilities to display, create and change  permissions and ownership for any file or folder on your system:
      a)  ls    -l     -- >   Display access permissions and ownership
      b)  chmod  -- >   Change access permissions
      c)  chown   -- >   Change file owner and group
      d)  chgrp    -- >   Change group ownership


2.1- ls -l command: Displaying file/folder access permissions and ownership
When you call ls with -l option and the name of a file/folder, the command ls displays a line of information about the file. For instance:
student00@computer01:~>ls  -ls  tasks.txt
-rwxr-xr-- 1 student00 students 465 22 may  2011 README

From left to right, the line contains the following information:
Type
Permissions
Number of Links or directories inside
Owner
Group
Additional Information
-
rwxr-xr--
1
student00
students
465 22 may 2011 README.txt
for  a file
d for a folder
l for a link
indicates read permission
w indicates write permission
x indicates execute permission
- The user does not have the permission in that position
1 for a file
1 or more for a folder
Name of the owner
Name of the group
Size in bytes
The date and time the file/folder was created or modified
The name of the file or folder

The nine characters of Permissions are divided in three groups:
a) First group (characters from 1st to 3rd): The first three characters specify the access permission for the owner of the file/folder
b)
Second group (characters from 4th to 6th): The next three characters specify the access permission for the special group.
c) Third group (characters from 7h to 9th): The last  three characters specify the access permission for the other group.

2.2- chmod command: Changing access permissions
a) Description: The chmod command-line utility changes the access permissions of a file or folder
b) Synopsis:  chmod  <permissions>  file_or_folder_name
c)
Permissions in numeric mode: A three digit number in octal format (0 to 7):
0 octal => 000 binary => ---
1 octal => 001 binary => --x
2 octal => 010 binary => -w-
3 octal => 011 binary => -wx
4 octal => 100 binary => r---
5 octal => 101 binary => r-x
6 octal => 110 binary => rw--
7 octal => 111 binary => rwx
d) Permissions in symbolic mode:  ugoa (user/group/other/all), +/- (add/remove),  rwx (read,write,execute)
e) Examples:
    chmod  754 prova.sh  => a) owner permissions: read, write and excute, b) group permissions: read and execute, c) other permissions: read.
    chmod  640 prova.sh  => a) owner permissions: read, write b) group permissions: read c) other permissions: no.
    chmod  314 prova.sh  => a) owner permissions: write and execute b) group permissions: execute) other permissions: read.
    chmod  u+r prova.sh => Adding read permissions to owner user.
    chmod g-x  prova.sh => Removing execute permissions to group.
    chmod a+x prova.sh => Adding execute permissions to all (everyone).
    chmod ug+rw prova.sh => Adding read and write permissions to owner user and group.
    chmod ugo-wx prova.sh => Removing write and execute permissions to owner user, group and others (a=ugo).
f) Recursive option -R for folders --> chmod -R  <permissions>  folder_name. Example: chmod -R  755  /home/student00 ==> Permissions of all files and folders in /home/student00 will be changed to rwxr-xr-x using this single command.

2.3- chown command: Changing user and group ownership
a) Description: The chown command-line utility changes the owner and group of a file/folder.
b) Synopsis 1:  chown  <new_owner:new_group>  file_or_folder_name

c) Synopsis 2:  chown  <new_owner>  file_or_folder_name
d)
Examples:
     chown  etpclot:users  prova.sh  => Changes to user etpclot and group users the ownership of file prova.sh.
   
chown  etpclot  prova.sh  => Changes to user etpclot  the ownership of file prova.sh.
e) Recursive option -R for folders --> chown -R  <new_owner:new_group>  folder_name. Example: chown -R  etpclot:users  /home/student00 ==>Ownership of all files and folders in /home/student00 will be changed to etpclot:users using this single command.

2.4- chgrp command: Changing group ownership
a) Description: The chgrp command-line utility changes the group of a file/folder.
b) Synopsis:  chgrp  <new_group>  file_or_folder_name
d) Examples:
     chgrp users  prova.sh  => Changes
to users the group of file prova.sh.
   
chown users  /home  => Changes to users the group of folders /home.
e) Recursive option -R for folders --> chgrp -R  <new_group>  folder_name. Example: chown -R  users  /home. Group of all files and folders in /home will be changed to users using this single command.

2.5.- id command: Displaying
list of groups of which a user is member
a) Description: The id command-line utility print an effective list of groups of which a user is a member.
b) Synopsis:  id

2.6- umask commad: Displaying default set of permission for newly created files and folders
a) User file-creation mode mask: When a user creates a file or directory under Linux, he/she creates it with a default set of permissions. The user file-creation mode mask is used to determine the set of permissions for newly created files or directories.
b) Description of the command: umask shows the files mode creation mask for newly created files and folders using the one's-complement, in other words, swapping 0s for 1s and vice versa.
c) Easy method for calculating the default permissions for files:  666 - mask. Do no take into consideration the first 0 of the file mask. For instance, if the mask  is 0022 then, the default permissions for files are 666-022 => 644 or rw-r--r--.
d) Easy method for calculating the default permissions for directories:  777 - mask. Do no take into consideration the first 0 of the file mask. For instance, if the mask  is 0022 then, the default permissions for directories are 777-022 => 755 or rwxr-xr-x.

PRACTICAL EXERCISE

FIRST PART - Working with permissions in numeric mode
0.- Install  caja-open-terminal. Log out your current session. Log in again. Open your personal folder. Change to the Documents folder. Create a new folder called test. Change to newly created folder. With the right button of your mouse click on any free spot of in the folder and select  the option "open in a terminal" when your system shows you a menu. Check that your terminal has been opened directly in ~/Documents/test, not in your personal folder (the default behaviour). From now, whenever you need to run a terminal opened directly in your present folder, just click  the right button of your mouse  on any free spot of the folder and select "open in a terminal". It's fantastic, isn't it?. You don't need to write any comment or answer about this exercise.
1.-
Copy and paste the next script:
#Script to print local date, time and listing current folder
#Author:
clear
DATE=$(date +%Y%m%d)
TIME=$(date +%H%M%S)
PWD=$(pwd)
echo "Hello $USER"
echo "Current Folder: $PWD"
echo "Local Date: $DATE"
echo "Local Time: $TIME"
exit 0

Add your surname and name after "Author".  Save the script in a file with the following name: scr07.sh. Show scr07.sh and its contents.
2- Display the permissions and ownership of scr07.sh. Check whether or not this script is an executable file. Check whether or not you are able to execute this script.
3- Using the numeric mode, change permissions of scr07.sh to: a) owner: read, write, execute, b) group: read, execute and c) other: execute.Check whether or not you are able to execute this script.
4- Using the numeric mode, change permissions of scr07.sh to: a) owner: write, execute, b) group: execute and c) other: none.Check whether or not you are able to read this script using nano. or cat. What's happening?
5- Are you able to execute scr07.sh. Why?
6- Using the numeric mode, change permissions of scr07.sh to: a) owner: read, execute, b) group: read and c)other: none. Are you able to display the contents of scr07.sh file?. Why?.
7- Are you able to modify the contents of scr07.sh file?. Why?
8- Print the list of groups from which your users  is a member.
9- Show the files mode creation mask for files and folders on your system. From the mask value, find out the set of permissions for newly created files and folders.
10- Create a folder called dir07 in your personal folder. Display the permissions and ownership of dir07. Try to change to dir07. Is it possible?. Why?.
11- Using the numeric mode, change permissions of  dir07 to: a) owner: read b) group: read  and c) other: read. Try to change to dir07. Is it possible?. Why?.
12- Using the numeric mode, change permissions of  dir07 to: a) owner: read,execute b) group: read,execute  and c) other: read,execute. Try to change to dir07. Is it possible?. Why? Try to create a new folder called dir071 inside the dir07.Is it possible?. Why?
13- Using the numeric mode, change permissions of  dir07 to: a) owner: write,execute b) group: write,execute  and c) other: write,execute. Try to change to dir07. Is it possible?. Why? Try to list the contents of dir07.Is it possible?. Why?


SECOND PART - Working with permissions in symbolic mode
1- Using the symbolic mode, add the read permission for the owner to folder dir07.
2- Using the symbolic mode, and running a single command, add the read permission for the group and others  to folder dir07.
3- Using the symbolic mode, and running a single command, remove the write permission for the group and others  from folder dir07.
4- Using the symbolic mode, and running a single command, remove the execute permission for the owner, group and others  from folder dir07.
5-Using the symbolic mode, remove the write permission for the owner to folder dir07.
6-
Using the symbolic mode, and running a single command, add the write and execute permissions for the owner, group and others  to folder dir07.
7- Using the symbolic mode, and running a single command, remove any kind of permission for any user from folder dir07.
8- Using the symbolic mode, and running a single command, give  read, write and execute  permissions for any user to folder dir07.
9- What doest it happen if you run the following command: chmod -x dir07?. Find another command which can perfom identical changes in the folder permissions.

THIRD PART - Ownership of files and folders
1-
Set the special user sys as the owner of dir07.
2- Set users as the group of dir07.
3- Running a single command set mail as the owner and adm as the group of dir07


FOURTH PART - Recursion
1-
Create the following directory tree in your personal folder:


Running a single command and using the recursive option, check the default permissions of any file or folder in games.
2- Running a single command and  using the recursive option, set the following permissions to any file or folder   in games:
a) owner: read and execute
b) group: read
c) other: none
Check the default permissions of any files or folder in games.
3- Running a single command, using the recursive option, set sys as the owner and adm as the group of games. Check the owner and group of any file or folder in games.
4- Remove recursively folders dir07 and games.