Linux Demo: Managing Permissions

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this demonstration we're going to spend some time learning about how you manage permissions that are assigned to files in the Linux file system now these permissions need to be managed very carefully to ensure that you grant the appropriate level of access to your users basically a user should have just enough access do his or her job and no more so let's begin by using the LS command to view the contents of my users home directory the AR Tracy user and within this directory you see that I have a folder created called R and D this is used to store research and development files for our purposes today we're going to assume that my AR Tracy user account is a member of the rnd team and will be storing files in this folder in fact other users will also collaborate with me on this AR d project whom also need access to the files in this folder so let's begin by creating a file a new document file within Rd but let's do it as the root user which is my root user account I'll use the VI command to create a new document add some text to it slash home slash our Tracy Rd and let's name the file widget underscored design underscore specs dot ODT this will be an OpenOffice word processing file and we'll just insert some regular text in here for now save our changes exit editor and now we've created this file in the R&D folder and now let's use the LS dash L command to view the contents of the home art tracy R&D folder because we use the dash l option right here we're able to view the ownership of the files that we created as well as the mode that's been assigned to that file now two things should stand out to right away first of all look at the ownership of this file because I was logged in as root when I created that file the owning user is root and the owning group is the root group not the are Tracy user now this file ownership will have a dramatic impact on the level of access that my are Tracy user has because of the mode that's been automatically assigned to this file the first three characters in the mode describe the permissions that are assigned to the owning user in this case the root user so root has read and write access to this file the next three characters in the mode specify the permissions that are assigned to the group that owns this file in this case the root group so members of the group have read access to this file the permissions that are assigned to all other authenticated users are specified by the last three characters in the mode so any user who is not root and is not a member of the root group will have these permissions assigned which is just basically read access again so with that in mind what level of access will my are Tracy user have to this file let's find out so I'm going to enter exit to switch back to my our Tracy user account and let's run a word processing application here I am currently logged into my graphical environment as my art Tracy user let's see what level of access I have to that file in this word processor as our Tracy open we want to go into R and D and let's open up the file which is created ok so I am able to open the file so I have read level access I can see the contents but notice up here something's different in the title bar of the document it says read only because my are Tracy user is not the root user and because they are Tracy user is not a member of the root group I received the permissions that are assigned to other authenticated users which was just read so I have read-only access to the file I can't come in here and make changes to the file and save them go ahead and exit out editor so the first thing we probably should do is change ownership of this file in order to do that I do need to be logged in as my root user remember that the root user is the only one who can change the user that owns a file and let's go ahead and switch into the slash home slash our Tracy slash our indie directory if we do an LS dash L again we can see the mode of the file that we're working with now in this scenario we want to change both the user that owns the file and the group if I use the tail command here to view the slash etc' slash root file you can see that I have a group down here named the R & D group and both my are Tracy user and my case Sanders user are both members of the R&D group essentially we have an RD team going in the organization and my user and this other user are both members of that team and hence are members of the Rd group and both of these users are going to need readwrite access to this file as we collaborate on this new project so what we want to do is change the owner of this file to our Tracy and change the owning group to the R&D group we can do that with the CH own command we'll specify our Tracy as the owner and R and D as the group and the name of the file is widget spec so DT now let's use the LS dash L command again you can see ownership has now changed our Tracy is the user that owns the file the and the Rd group is the owning group and these permissions are the ones that are assigned to the owning group so users who are member of the Rd group will receive read permissions and all other authenticated users on the system will also receive read permissions let's test this out go back into my editor my word processing application as my are Tracy user and I will open the file again and notice that the read only text that was up here in the title bar before is now gone I can make changes to this file without any problems I can save and it does warn me that this file was created using a text editor essentially and so it just contains text we want to convert it over to actual OpenOffice format yeah we want to do that and we'll hit save to override it yes so now we've converted this file essentially from a text file into a real word processing file and I was able to do that because the are Tracy user has read and write permissions to that file however we still have a problem remember we said that the case Sanders user and the are Tracy user are both members of the team that will be working on this project and both users will need read/write access to these files well we've got a problem because Kay Sanders doesn't have read/write access remember Kay Sanders as a member of the R&D group and R&D as the owning group only has read access to the file now we can't make Kay Sanders an owner of the file - because you can only have one user that owns a file so if we were to sign Kay Sanders is the owner of the file then our Tracy would no longer be the owner of the file and would lose access so that option won't work what we can do however is modify the mode to grant the write permission to the RD group that way any user who's a member of Rd will receive the write permission we can do that with the Samad command we'll enter to mod and then we'll specify G for group plus the add and then the permission that we want to add right and then you specify the name whose mode we want to modify we should see in the mode that the permissions assigned to the owning group have changed now members of the owning group have write permissions as well as read permissions essentially any user who's a member of the R&D group has the exact same permissions as the user that owns the file which is our Tracy now we've effectively granted case Sanders the appropriate level of access to this file remember that we said over here that any other user who logs into the system who is not our Tracy and who is not a member of the R&D group will be assigned these permissions so if I were to log into this system as a user named Fred or something like that I would still be able to see this file because I have read permissions to that file well what if this is a confidential document what if this is a secret project that we're working on that we don't necessarily want getting out we don't want our competitors to find out about our new widget design therefore we want to constrain who can actually see this file in this case we probably want to lock things down because basically anyone on the system can see this file we probably don't want that so we need to remove this read permission that's assigned to other authenticated users let's do that with the Chu mod command again but this time we're going to use a different syntax with Jamaa now previously we just assigned group the write permission using G plus W and we could do the same thing here to specify the others lose the read permission we would use the minus sign instead of the plus sign to be that however you can also represent permissions numerically remember read is assigned a value of four right is assigned a value of two and execute is a signed a value of one therefore we want to preserve the read/write permissions assigned a user so read is four right is two so we would first specify a six remember the first number in the Chu mod command refers to the permissions assigned to the user so we specify six here to ensure the art Tracey has read right likewise we want the group the owning group to have read and write so we specify another six that's four plus two but now or others which is the third digit in the Chu mod command we need to change things if we don't want others to have any permissions at all we specify zero because by specifying zero we specify no permissions and all be assigned to other authenticated users and then we specify the name of the file to modify now let's use the LS command to view the mode now things are looking better user has read/write group still has readwrite but notice what happened to other authenticated users no permissions at all they will not be able to open this file they'll not be able to view it and therefore the security of this file has increased significantly basically we've locked it down to just the our trace a user and any user who's a member of the Rd group that's it for this demonstration in this demo we learned about using the Chu mod command at the Linux shell prompt to manage the permissions that are assigned to files
Info
Channel: The Linux Man
Views: 604
Rating: 5 out of 5
Keywords: Linux
Id: YbPOg2s3Hhc
Channel Id: undefined
Length: 10min 50sec (650 seconds)
Published: Thu Nov 24 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.