Permissions

Unix-based operating systems diverge from MS-DOS-based ones by being both multitasking and multi-user systems.

What does this signify? It implies that multiple individuals can operate the computer simultaneously. Despite typically having just one keyboard and monitor, multiple users can access it. For instance, if a computer is connected to a network or the Internet, remote users can log in through SSH (secure shell) and use the computer. Moreover, remote users can run graphical applications and view the graphical output on a remote display. The X Window System accommodates this within its fundamental structure.

Linux's ability to support multiple users isn't a recent novelty; it's intricately woven into the operating system's design. This design choice aligns with the era when Unix emerged. Back then, computers weren't "personal"; they were sizable, costly, and centralized. University computer systems, for instance, had a main central computer in one building and terminals scattered across the campus, all linked to this central unit. Consequently, these computers accommodated numerous users concurrently.

To ensure practicality, a system had to be created to safeguard users from each other. It was crucial to prevent one user's actions from crashing the computer or meddling with the files of another user.

In this chapter, our focus will be on examining this fundamental aspect of system security and presenting the subsequent commands:

• id – Display user identity

• chmod – Change a file's mode

• umask – Set the default file permissions

• su – Run a shell as another user

• sudo – Execute a command as another user

• chown – Change a file's owner

• chgrp – Change a file's group ownership

• passwd – Change a user's password

Owners, Group Members, And Everybody Else

During our exploration of the system in Chapter 3, we might have faced an issue while attempting to inspect a file like /etc/shadow:

This error occurs because, as regular users, we lack the permission to read this file.

Within the Unix security framework, users possess ownership of files and directories, thereby controlling their accessibility. Users can also be part of a group, enabling multiple users access as permitted by the owners. Furthermore, an owner can grant specific access rights to everyone, known in Unix as the "world". To retrieve details about your identity, utilize the id command:

Consider the output: When user accounts are generated, users receive a numerical designation referred to as a user ID or uid, which is then translated into a username for human readability. Additionally, users are allocated a primary group ID or gid and can be part of supplementary groups. The provided example is from a Fedora system; however, on alternate systems like Ubuntu, the output might appear slightly distinct.

The disparity in uid and gid numbers arises because Fedora initiates its numbering for regular user accounts at 500, whereas Ubuntu commences at 1000. Moreover, the Ubuntu user is affiliated with a greater number of groups, influenced by Ubuntu's method of administering privileges for system devices and services.

This information stems from a couple of text files, as is often the case in Linux. User accounts find definition in the /etc/passwd file, while groups are outlined in the /etc/group file. As user accounts and groups are established, these files undergo modifications, alongside the /etc/shadow file that stores password-related details. Within the /etc/passwd file, each user account specifies the login name, uid, gid, the account's actual name, home directory, and login shell. Examining the contents of /etc/passwd and /etc/group reveals not only regular user accounts but also entries for the superuser (UID 0) and various other system users.

In the upcoming chapter on processes, you'll discover that some of these additional "users" are notably active.

While numerous Unix-like systems allocate regular users to a shared group like "users," contemporary Linux methodology involves establishing an exclusive, solitary-member group bearing the user's name. This simplifies certain permission allocation procedures.

Reading, Writing, And Executing

File and directory access privileges are delineated through read, write, and execute permissions. Examining the output of the ls command provides insight into how this is executed.

The initial ten characters within the listing denote the file attributes, with the first character representing the file type. These are the common file types you'll typically encounter (although there are rarer types as well):

The subsequent nine characters within the file attributes, known as the file mode, signify the read, write, and execute authorizations for the file's owner, the group owner, and all other users:

When set, the r, w, and x mode attributes have the following effect on files and directories:

Here are some examples of file attribute settings:

chmod – Change File Mode

To modify the mode (permissions) of a file or directory, the chmod command is utilized. It's important to note that only the file’s owner or the superuser can alter the mode of a file or directory. chmod provides two methods for specifying mode changes: octal number representation and symbolic representation. Let's begin by exploring octal number representation.

Using octal notation involves employing octal numbers to establish the desired permission pattern. Given that each digit in an octal number denotes three binary digits, this aligns neatly with the file mode storage scheme. The following table illustrates this concept:

Using three octal digits allows us to configure the file mode for the owner, group owner, and everyone else.

With the argument "600," we adjusted the permissions for the owner to read and write, excluding all permissions for the group owner and others. While recalling the octal-to-binary mapping might appear cumbersome, you'll typically work with a few common ones: 7 (rwx), 6 (rw-), 5 (r-x), 4 (r--), and 0 (---).

chmod also incorporates a symbolic representation for defining file modes. Symbolic notation consists of three segments: identifying the target, indicating the operation, and specifying the permission to be set. To denote who is impacted, a blend of characters such as u, g, o, and a is utilized in the following manner:

When no character is specified, it defaults to all. The operation can be represented by a + to add a permission, a - to remove a permission, or a = to apply only the specified permissions while removing all others.

Permissions are indicated using the r, w, and x characters. Below are a few instances of symbolic notation:

While some individuals favor octal notation, others strongly prefer symbolic notation. Symbolic notation holds the advantage of enabling you to adjust a single attribute without affecting the others.

Refer to the chmod manual page for comprehensive information and a rundown of available options. Regarding the --recursive option, a note of caution: it applies changes to both files and directories, which might not always be ideal as files and directories often require different permissions.

Setting File Mode With The GUI

Now that we've observed the process of setting permissions for files and directories, we can gain a clearer comprehension of the permission dialogs within the graphical user interface (GUI). In Nautilus (GNOME) or Konqueror (KDE), accessing the properties dialog by right-clicking on a file or directory icon provides insight. Below is an example from KDE 3.5:

In this view, the configurations for the owner, group, and world are displayed. In KDE, accessing the "Advanced Permissions" button opens a secondary dialog, enabling individual adjustments for each mode attribute. Another triumph for comprehension facilitated through the command line!

umask – Set Default Permissions

Initially, we eliminated any existing copy of foo.txt to ensure a clean start. Subsequently, running the umask command without an argument displayed the current value, indicating 0002 (alternatively, 0022 is another commonly used default value), representing the octal representation of our mask. Following this, we generated a fresh instance of the file foo.txt and examined its permissions.

The owner and group possess both read and write permissions, whereas everyone else is granted only read permission. The absence of write permission for others is due to the mask value. Let's redo our demonstration, this time configuring the mask manually:

When we disable the mask by setting it to 0000, effectively turning it off, the file becomes world-writable. Exploring this process requires revisiting octal numbers. By converting the mask into binary and comparing it with the attributes, we gain insight into the changes occurring.

For now, disregard the leading zeros (we'll address those shortly) and notice that where the 1 appears in our mask, it removes an attribute—in this instance, the world's write permission. That's the function of the mask. Whenever a 1 appears in the binary representation of the mask, it unsets an attribute. If we examine a mask value of 0022, we can discern its impact:

Once more, wherever a 1 is present in the binary representation, it cancels out the respective attribute. Experiment with different values (consider using some sevens) to become familiar with this process. Once finished, ensure to tidy up:

Usually, you won't need to alter the mask; the default provided by your distribution will suffice. Yet, in certain high-security scenarios, you may need to manage it yourself.

Changing Identities

Occasionally, we might need to assume the identity of another user. This is commonly sought to acquire superuser privileges for administrative tasks. However, it's also feasible to "become" another regular user, useful for tasks like account testing. There are three methods to adopt an alternate identity:

1. Log out and log back in as the alternate user.

2. Use the su command.

3. Use the sudo command.

We'll pass over the initial method as it's less convenient compared to the other two options. Within our current shell session, the su command facilitates assuming another user's identity. It allows the launch of a new shell session using that user's IDs or executing a single command as that user. On the other hand, the sudo command enables an administrator to configure a file /etc/sudoers defining specific commands that certain users can execute under an assumed identity. The selection between these commands typically depends on the Linux distribution. Although your distribution may incorporate both commands, its setup will likely favor one over the other. Let's begin with su.

su – Run A Shell With Substitute User And Group IDs

The su command initiates a shell as a different user. The command's syntax appears as follows:

When the -l option is added, the resulting shell session becomes a login shell for the designated user. This action involves loading the user's environment and switching the working directory to the user's home directory, which is typically the desired behavior. If no user is specified, it defaults to the superuser. Interestingly, the -l option can be abbreviated as -, which is the more common usage. To launch a shell for the superuser, the command would appear as:

Upon executing the command, a prompt for the superuser's password appears. Upon successful authentication, a new shell prompt emerges, denoting superuser privileges (indicated by # instead of $), and the current working directory shifts to the superuser's home directory (usually /root). Inside this new shell, commands can be executed with superuser privileges. To revert to the previous shell, simply input exit.

You can execute a single command without initializing a new interactive session by using su in this manner:

In this format, a solitary command line is transferred to the new shell for execution. It's crucial to encase the command within quotes to prevent expansion in our current shell and ensure it happens within the new shell:

sudo – Execute A Command As Another User

The sudo command, akin to su in many aspects, offers significant additional functionalities. An administrator can set up sudo to enable an ordinary user to execute commands as a distinct user, often the superuser, in a highly controlled manner. Specifically, a user might be limited to one or more specific commands while being restricted from executing others. Another notable distinction is that sudo usage doesn't necessitate the superuser's password; instead, the user employs their own password for authentication.

For instance, suppose sudo is configured to permit the execution of a hypothetical backup program named backup_script, which demands superuser privileges. Using sudo, it can be accomplished as follows:

Upon entering the command, we're prompted for our password (not the superuser's). Once the authentication is successful, the specified command is executed. An important contrast between su and sudo lies in sudo's operation—it doesn't initiate a new shell or load another user's environment. Consequently, commands do not require any different quoting compared to when sudo is not in use. However, this behavior can be altered by specifying different options. Refer to the sudo man page for comprehensive details.

To see what privileges are granted by sudo, use the -l option to list them:

chown – Change File Owner And Group

The chown command facilitates altering the owner and group owner of a file or directory. Using this command necessitates superuser privileges. The syntax for chown appears as follows:

chown has the capability to modify either the file owner, the file group owner, or both based on the initial argument provided in the command. Below are a few examples:

Consider a scenario involving two users: janet, who possesses superuser privileges, and tony, who does not. Janet aims to replicate a file from her home directory into tony's home directory. To grant tony the ability to edit the file, Janet modifies the ownership of the copied file, transitioning it from janet to tony:

In this instance, user janet duplicates the file from her directory to user tony's home directory. Subsequently, janet alters the ownership of the file from root (which occurred due to the use of sudo) to tony. Employing the trailing colon within the initial argument, janet also adjusts the group ownership of the file to tony's login group, identified as the tony group:

After the initial use of sudo, janet wasn't prompted for her password. This behavior occurs because sudo, in most configurations, maintains a level of "trust" for several minutes until its timer expires.

chgrp – Change Group Ownership

In earlier Unix versions, the chown command exclusively modified file ownership and not group ownership. To manage group ownership, a distinct command named chgrp was employed. Its functionality resembled chown but was more restricted in scope.

Exercising Our Privileges

Now that we've grasped the mechanics of permissions, let's put this knowledge into action. We'll illustrate the resolution to a frequent dilemma—establishing a shared directory. Picture two users named bill and karen. Both possess music CD collections and aim to create a shared directory. This space will serve as a repository for their music files in Ogg Vorbis or MP3 format. User bill holds superuser privileges accessible via sudo.

Initially, a group must be formed that includes both bill and karen as participants. Utilizing the graphical user management tool, bill establishes a group named music and includes users bill and karen as its members:

Next, bill creates the directory for the music files:

As bill is managing files outside his home directory, he needs superuser privileges. Upon creating the directory, it assumes the following ownerships and permissions:

From the observation, the directory is owned by root and holds 755 permissions. To enable sharing of this directory, bill must modify the group ownership and the group permissions to permit writing:

This setup signifies that we've established a directory, /usr/local/share/Music, possessed by root and permitting read and write access for the group music. Group music comprises bill and karen as members, granting them the capability to create files within the /usr/local/share/Music directory. While other users can view the directory's contents, they lack the permission to generate files within it.

However, there remains an issue. Under the existing permissions, any files or directories generated within the Music directory will inherit the standard permissions of users bill and karen:

There are actually two concerns here. Initially, the default umask on this system is 0022, hindering group members from writing files attributed to other group members. While this wouldn't be an issue if the shared directory solely housed files, it's problematic since this directory will contain music, typically arranged in artist and album hierarchies. Group members require the capability to create files and directories within directories established by fellow members. To address this, we need to modify the umask employed by bill and karen to 0002 instead.

Another issue arises where each file and directory generated by a user defaults to their primary group rather than the group music. To resolve this, setting the setgid bit on the directory can rectify the matter:

Let's verify if the updated permissions resolve the issue. bill adjusts his umask to 0002, eliminates the earlier test file, and generates a new test file and directory:

Now, both files and directories are produced with the appropriate permissions, enabling all group music members to generate files and directories within the Music directory.

The persisting concern lies with the umask, as the required setting remains effective only until the session concludes and necessitates a reset. In Chapter 11, we'll explore methods to establish a lasting adjustment to the umask.

Changing Your Password

We'll conclude this chapter by addressing the procedure for setting passwords for yourself (or other users, if you possess superuser privileges). To establish or modify a password, the passwd command is employed. The command's syntax appears as follows:

To alter your password, simply execute the passwd command. You'll receive prompts for both your old password and the new password:

The passwd command aims to implement the use of "strong" passwords. As a result, it will reject passwords that are too brief, closely resemble prior passwords, consist of dictionary words, or are easily predictable:

With superuser privileges, you can designate a username as an argument to the passwd command, allowing the alteration of passwords for other users. Additional options are accessible to the superuser, facilitating account locking, password expiration, and more. For detailed information, refer to the passwd man page.

Summary

Throughout this chapter, we've explored how Unix-like systems, like Linux, oversee user permissions, permitting read, write, and execution access to files and directories. The fundamental concepts of this permission structure trace back to the inception of Unix and have endured quite effectively over time. However, the innate permissions system in Unix-like systems lacks the intricate granularity found in more contemporary systems.