Welcome to Securing Linux Systems. This is the third course in the Linux Foundation Specialization. In this first module, I want to think about ownership and permissions. Mainly, what I'm thinking about is ownership and permissions on files and directories. I want you to be able to start to apply these permissions to individual files and to directories. By the time we're done with this module, you should be able to do many things. This includes applying ownership and permissions to files, you should be able to describe access control lists, you should be able to apply context-based permissions, and lastly, describe the different Linux account types. In this first lesson, let's think about file and directory permissions. Linux uses a three-tiered approach to protecting files and directories. The owner, so within the Linux system, each file and directory is assigned to a single owner. The group, the Linux system also assigns each file and directory to a single group of users, and lastly, others. This category of permissions is assigned to any user account that is not the owner, nor is it in the assigned user group. You can just basically say, what rights does the owner of the file have? What rights do members of the group that owns the file have? What rights do others have? The chown command allows us to set these permissions. The root user account can change the owner assigned to a file or directory by using this chown command. Some example uses. I can say chown to aspeno on file1.txt. So file1.text after this will be owned by the user account aspeno. The dash uppercase R is recursively change the owner of all files under the specified directory. What I mean by recursive is if our directory is in that directory, it will traverse down those directories and change all those files also. The example here is chown -R aspeno /home/john. All the files and directories within home.john will be owned by aspeno. The chgrp command allows the root user to change the group assigned to a file or directory. An example here is chgrp to staff for file1.txt. Again, -R recursively changes the group of all files under the specified directory. If I do a chgrp -R to staff of home/john, all files in home/john and all directories under that directory will have the group of staff. Linux uses three types of permission controls: read, write, and execute. I have a little visual here in front of you, so you can see this. But essentially, read is the ability to access the data stored within the file or directory, and you'll see there's three columns that represent the read; the owners ability to read, the groups ability to read, and others ability to read. The write ability is the ability to modify the data stored within the file or directory. Again, there's three of these: the owner, the group and others. Lastly, execute. This is the ability to run the file on the system or the ability to list the files contained in the directory. Again, there's three of these: the owner, a group, and others. The chmod command is going to allow you to change those permissions. An example here is chmod 666 on file1.txt. So 666 is the numeric value for read and write for the owner, read and write for the group, and read and write for other. You can also specify this with a letter. So ug is a second example, so chmod ug equals read, write, execute. So a user in the group will have read, write, and execute on file1.txt. Again, we have the -R, which will recursively change the permissions of all the files under the specified directory. Let's look at that in a little more depth. The octal numbers. Remember I did 666, and I said that represented read, write. You have the octal value from 0-7 is called an octal, because unlike a decimal number system where we have 0-9, we only have value 0-7, and we carry the one. Zero represents no permissions, 1 represents execute, 2 represents write, 3 represents write and execute, 4 represents read only, 5 represents read and execute, 6 represents read and write, and 7 represents all three. You can specify the octal for the owner, for the group, and for other. That's what I did. I did 666 which meant the owner of the group and other all had read, write. There's also special permissions. The Set User ID, SUID bit is used with executable files. It tells the Linux kernel to run the program with the permissions of the file owner and not the user account running the file. When a directory has the GUID bit set, any files the user creates in that directory are assigned the group of the directory and not that of the user. Lastly, the sticky bit is used to protect a file from being deleted by those who don't own it, even if they belong to the group that has write permission to the file. The sticky bit is denoted by a t in the executable bit position for others. We have an example there. Here we see the rwx means the user has read, write, execute, rw- means a group has read, write, r-t means the other has read and the sticky bit is set. A little review here. One user can own a file, one group is assigned to every file, and the octal can be used. For example, 777 represents read, write, and execute for the permissions for all three user group and other. See you next lesson.
