Posted: 11/15/2010 6:57:26 PM EDT
|
I've read 3 or 4 help pages trying to explain linux permissions, and I don't get it... at all.
Can someone explain how the crud files/owners/groups are related and work? I feel like I have to be a programmer just to understand it. |
|
crud? http://www.zzee.com/solutions/unix-permissions.shtml You basically have three operations: r=read w=write x=execute And three groups owner group others As an owner, you are part of a group. Say 'REALM' is part of the group 'arfcom'. If you see drwxr-xr-x: It's a directory, and you have read, write, and execute permissions. Members of your group have read and execute. Others have read and execute. That help? m |
|
Quoted:
crud? http://www.zzee.com/solutions/unix-permissions.shtml You basically have three operations: r=read w=write x=execute And three groups owner group others As an owner, you are part of a group. Say 'REALM' is part of the group 'arfcom'. If you see drwxr-xr-x: It's a directory, and you have read, write, and execute permissions. Members of your group have read and execute. Others have read and execute. That help? m great job. drwxrw-r- 1 user group 0 2010-10-09 16:22 directory that means "directory" is readable writable and executable by the owner(user) readable and writable by the group and readable by others (everyone that isn't you or in that group. so if your not the owner but in that group you can read and write it. if you are the owner it doesn't matter what group you're in, you'll be able to do anything in there. for CHMOD permissions it's pretty easy.. Starting with a blank slate (nobody or anything has any permissions would be CHMOD 000 The owner (you) starts on the left. 7 denotes rwx group is 6 which denotes rw- other is 4 which denotes read only so to reflect the permissions i used in the above example on "directory" you would use chmod 764 and that would give you rwxrw-r–– If you wanted to elevate the permissions for the group you would use chmod 774 /ETA moar stuff |
|
Quoted: Quoted: crud? http://www.zzee.com/solutions/unix-permissions.shtml You basically have three operations: r=read w=write x=execute And three groups owner group others As an owner, you are part of a group. Say 'REALM' is part of the group 'arfcom'. If you see drwxr-xr-x: It's a directory, and you have read, write, and execute permissions. Members of your group have read and execute. Others have read and execute. That help? m great job. drwxrw-r- 1 user group 0 2010-10-09 16:22 directory that means "directory" is readable writable and executable by the owner(user) readable and writable by the group and readable by others (everyone that isn't you or in that group. so if your not the owner but in that group you can read and write it. if you are the owner it doesn't matter what group you're in, you'll be able to do anything in there. Too add a bit: directory in Unix is equivalent to a 'folder' in windows, but with less ghey. m |
|
You have a file, <yourfile>, and you look at the permissions and you see -r-xr-x––-
As explained earlier, it is not a directory, the owner has permissions to read and execute and so does the group. Others are hosed. Now, we have the "chmod" command. This works as follows: "chmod <permissions that you want yourfile to be> <yourfile>" with some options that you can throw in, e.g. changing every file in a directory to those permissions. Don't worry about that now. Start with simple commands like "chmod ug=rw <yourfile>" This would change the permissions of <yourfile> to -rw-rw––––, or owner can read and write and the group can read and write. Then, after running that first command, run the command "chmod o=r" and the permissions will look like -rw-rw-r–– so that others can read the file as well. When you see something saying "chmod <somenumber> <yourfile>" you have to be able to think in binary. 0 = 000 1 = 001 2 = 010 3 = 011 4 = 100 5 = 101 6 = 110 7 = 111 Now, we have our file, <yourfile> with permissions -r-xr-x––- We can change the permissions using numbers instead of stuff like "ug=rw" The way to think about this is that a 1 in a corresponding slot means that the user/group/others can do it, a zero means that they cannot. The 0-7 numbers correspond to this now: 0 = ––- 1 = ––x 2 = -w- 3 = -wx 4 = r–– 5 = r-x 6 = rw- 7 = rwx So, lets say that we want to change the permissions of <yourfile> to -rwxr-xr–– We use this command: "chmod 754 <yourfile>" |
|
Thank you... so given that (if I understand it)... say I logon as root...
I need to create an account for a user, but don't want them messing with stuff. Say I create a user in passwd and give them a home directory under users/home/billybob or whatever it is and they logon to the system as billybob What can they do? Can they only do things on the system according to what the "others" permissions are set to? Except in their home directory where they can do anything if I gave them rwx to their home directory? So I guess I'm asking what they get by default. I'm confused as to when I create a user, how is it specified if they're an administrator to the system or not? And if I create a group called arfcom, what does that get by default? Thanks guys, I'm a linux ra-tard. |
|
Quoted:
Thank you... so given that (if I understand it)... say I logon as root... I need to create an account for a user, but don't want them messing with stuff. Say I create a user in passwd and give them a home directory under users/home/billybob or whatever it is and they logon to the system as billybob What can they do? Can they only do things on the system according to what the "others" permissions are set to? Except in their home directory where they can do anything if I gave them rwx to their home directory? So I guess I'm asking what they get by default. I'm confused as to when I create a user, how is it specified if they're an administrator to the system or not? And if I create a group called arfcom, what does that get by default? Thanks guys, I'm a linux ra-tard. billybob would be the owner of the folder /home/billybob and presumably everything in the folder. That's the user part of the permissions. There might also be an audio device plugged into your computer that is listed in the /dev folder (it would show up as a file if you typed "ls /dev") that you either have to be the owner of, or part of the "audio" group to read the stream from it. Since billybob won't be the owner, the sysadmin can make him part of the "audio" group so that he can now read the stream. Such a device might give an entry from "ls -l /dev" that looked like " -r––r––––- root audio <someaudiodevice>" That simply means that the user and the group can read the stream (like it's a file) and that the user is root and the group is the audio group. Now, lets say that bonnieray is also a user on the same computer. Her folder is set to where others have no permissions to do anything. This simply means that billybob cannot even see what is in her folder, much less read files. If she decides that she doesn't mind people just listing the contents of her home directory, she can change the permissions of her home folder using something like "chmod go=r /home/bonnieray" or "chmod 744 /home/bonnieray." If she wants to let people read the contents of the files in the home directory, she needs to change the permissions of those files as well. Note, this command will change the permissions of every file in every subdirectory of a user's home directory, which may not always be a good idea: "chmod -R 744 /home/bonnieray." Also, to be an admin, you need to be part of the "wheel" group. There are other groups that you should be part of too, but I'd have to go digging to pick which ones and why. Basically, being a member of the wheel group allows you to use the "su" command to become root in a terminal. From there, you can do anything. If you are using a system that is set up to not have a root password and use "sudo" instead, you need to be included in the /etc/sudoers file, or be a member of the wheel group and have the wheel group be part of the /etc/sudoers file. P.S. I picked bonnieray because billybob was close enough to jimbob for government purposes. My friends neighbors are jimbob and bonnieray. She's a microbiologist and he's a career national guard guy. And they lived in their fucking horse trailer for about a year, sitting in the weeds in their lawn chairs grilling shit on their grill before they built a metal building that they were going to build their actual house inside of. I did not know what to say about that. |
|
Quoted:
Thank you... so given that (if I understand it)... say I logon as root... I need to create an account for a user, but don't want them messing with stuff. Say I create a user in passwd and give them a home directory under users/home/billybob or whatever it is and they logon to the system as billybob What can they do? Can they only do things on the system according to what the "others" permissions are set to? Except in their home directory where they can do anything if I gave them rwx to their home directory? So I guess I'm asking what they get by default. I'm confused as to when I create a user, how is it specified if they're an administrator to the system or not? And if I create a group called arfcom, what does that get by default? Thanks guys, I'm a linux ra-tard. that user "billybob" wouldn't be an "other" for any files created (or owned) while logged in as him. (typically restrained in his home directory) He would be an other to anything that he has nothing to do with... though... if you logged in as billybob and ran over to /home/debbiejean more than likely all the files in that home directory would be owned by debbiejean. so if the owner of a file is root the group is let's say arfcom billybob isn't root nor is he in the group arfcom. he wouldn't be able to do dick. Now if you added billybob to arfcom he would inherit those permissions given to that group for that particular file and/or directory. While logged on as root you could give ownership of a file to a different user. A newly created group doesn't really give much of anything from the get go. You typically have to give that group explicit permissions. /ETA not reading replies making me late to the party. |
Thank you!!
|
Quoted:
/ETA not reading replies making me late to the party. Aaaaaand you covered a few details covered by no one else. Going from something like Windows to Linux and actually trying to understand going on is like getting firehosed because Linux is all open and really allows you to dig. This helps a ton guys, why can't internet tutorials be as helpful as arfcomers. Thank you!!
The guys on the Ubuntu forums are normally pretty helpful. The guys on the Gentoo forums typically know their shit, but some of it may be Gentoo specific and/or far more in depth than you really need. Which distro are you using? If it's not Ubuntu, there are probably some helpful folks on whatever distro you're using's forums. |