Differences

This shows you the differences between two versions of the page.

--- os_cp:users_permissions [2024/03/11 18:25]
jkonczak [Permissions]
+++ os_cp:users_permissions [2026/03/18 21:56] (current)
jkonczak [Changing permissions, group and owner of a file]
@@ Line 4: / Line 4: @@
 A user is identified by a numerical __u__ser __id__entifier – **uid**. Uids are mapped to usernames.
 \\
-A group is identified by a numerical __g__roup __id__entifier – **uid**, that are likewise mapped to group names.
+A group is identified by a numerical __g__roup __id__entifier – **gid**, that are likewise mapped to group names.
 A user must be in one primary group and can be in multiple supplementary groups.
@@ Line 30: / Line 30: @@
 <html></small></html>
-The user whose uid equals **0** is referred to as **superuser**. Traditional username of the superuser is **[[https://pl.wikipedia.org/wiki/Root|root]]**.
+The user whose uid equals **0** is referred to as **superuser**. Traditional username of the superuser is **[[https://en.wikipedia.org/wiki/Superuser|root]]**.
 To check who you are, you can run the ''**whoami**'' command. \\
@@ Line 65: / Line 65: @@
 <html><small></html>
+++++ Examples: | {{section>so:users_chmod:examples-en#id&inline&noheader}} ++++
 ==== [extra] Logged on users, logon history, messaging others ====
@@ Line 79: / Line 81: @@
 <html><small></html>
-~~Exercise.#~~ Find out who was logged on polluks at ''2023-03-03 13:30''
+~~Exercise.#~~ Find out who was logged on polluks at ''2026-03-16 10:04:10''
 <html></small></html>
@@ Line 98: / Line 100: @@
 <html></small></html>
+++++ Examples: | {{section>so:users_chmod:examples-en#who&inline&noheader}} ++++
 ==== Switching to another user ====
@@ Line 103: / Line 107: @@
 One can run commands (including a shell) as another user, provided one has sufficient privileges and/or knows the right password (depending on system configuration).
-The ''**su** [-] [//user//]'' command (su stands for substitute user), once authorized, starts as the target user (or root, if no user is specified) the users default shell.
+The ''**su** [-] [//user//]'' command (su stands for substitute user), once
+authenticated, starts as the target user (or root, if no user is specified)
+the users default shell.
 \\
-<small>The ''su -c //command// [-] [//user//]'' command, once authorized, runs as the target user the provided command inside the users default shell.</small> \\
+<small>The ''su -c //command// [-] [//user//]'' command, once authenticated,
+runs as the target user the provided command inside the users default shell.</small> \\
 ''su'' is present in any Unix-like system.
 In most Linux systems the ''su'' command by default demands target users password (and in some distros the user invoking ''su'' must belong to a specific group, usually called ''wheel'').
@@ Line 112: / Line 119: @@
 Some distributions abuse ''sudo'' to replace ''su''.
-~~Exercise.#~~ Log on via ssh to a server (you'll be given a target address during classes; most likely it's going to be ''ssh user//N//@fe80::1%br0''). Switch user to ''root''. Switch user to another ''user//N//''.
+~~Exercise.#~~ Log on via ssh to a server (you'll be given a target address
+during classes; most likely it's going to be ''ssh user//N//@fe80::1%br0'',
+where //N// needs to be substituted with your computer number).
+Switch user to ''root''. Switch user to another ''user//N//''.
 <html><small></html>
@@ Line 119: / Line 129: @@
 <html></small></html>
+++++ Examples: | {{section>so:users_chmod:examples-en#su&inline&noheader}} ++++
 ===== File permissions =====
@@ Line 175: / Line 187: @@
 \\
 and ''rwx--x--x'' means that the user can read, write and execute, and the group and others can only execute (''711'').
+++++ Illustration on which chunk of permissions to look at |
+<html>
+<style>.wU{font-weight:bold;color:#00ff00}.wH{color:#cdcd00}.wD{color:#0000ee}
+.wP{margin:-2px; border: 2px solid red}
+.wS{border-radius: 8px; margin:-2px; border: 2px solid red}
+.wN{border-radius: 8px; margin:-2px; border: 2px solid #aaa; background:
+linear-gradient(to left top, transparent 47%, #aaa 47%, #aaa 53%, transparent 53%)}
+.wG{border-radius: 8px; margin:-2px; border: 2px solid #aaa; background:
+linear-gradient(to right top, transparent 47%, #aaa 47%, #aaa 53%, transparent 53%)}
+p{margin-top:0}pre{margin-bottom:0}
+</style>
+</html>
+Keep in mind that programs such as ''ls'' or ''stat'' display the permissions
+exactly the same regardless if the user that ran them is the owner or not,
+belongs to the group whose the file is or not. One has to tell apart manually
+which chunk of permissions to look at.
+<html>
+<pre>
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wS">roo</span>
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+bipedal jumping
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+d<span class="wP">rwx</span>r-x--x 5 <span class="wS">roo</span> jumping 160 Mar 16 20:04 myDir
+-<span class="wP">rw-</span>---r-- 1 <span class="wS">roo</span> jumping 249 Mar 16 20:03 someFile
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (0<span class="wP">7</span>51/d<span class="wP">rwx</span>r-x--x)  Uid: (1234/  <span class="wS">roo</span>)  Gid: (123/ jumping)
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (0<span class="wP">6</span>04/-<span class="wP">rw-</span>---r--)  Uid: (1234/  <span class="wS">roo</span>)  Gid: (123/ jumping)
+</pre>
+</html>
+The user ''roo'' is the owner of the file, so for the user **only** the first chunk matters.
+<html>
+<pre>
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wN">tigger</span>
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+<span class="wS">jumping</span> happy
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+drwx<span class="wP">r-x</span>--x 5 <span class="wN">roo</span> <span class="wS">jumping</span> 160 Mar 16 20:04 myDir
+-rw-<span class="wP">---</span>r-- 1 <span class="wN">roo</span> <span class="wS">jumping</span> 249 Mar 16 20:03 someFile
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (07<span class="wP">5</span>1/drwx<span class="wP">r-x</span>--x)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wS">jumping</span>)
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (06<span class="wP">0</span>4/-rw-<span class="wP">---</span>r--)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wS">jumping</span>)
+</pre>
+</html>
+The user ''tigger'' is **not** the owner of the file,
+but is in group ''jumping'' whose the file is,
+so for the user **only** the middle chunk matters.
+<html>
+<pre>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wN">eeyore</span>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+<span class="wG">quadruped</span> <span class="wG">glum</span>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+drwxr-x<span class="wP">--x</span> 5 <span class="wN">roo</span> <span class="wG">jumping</span> 160 Mar 16 20:04 myDir
+-rw----<span class="wP">r--</span> 1 <span class="wN">roo</span> <span class="wG">jumping</span> 249 Mar 16 20:03 someFile
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (075<span class="wP">1</span>/drwxr-x<span class="wP">--x</span>)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wG">jumping</span>)
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (060<span class="wP">4</span>/-rw----<span class="wP">r--</span>)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wG">jumping</span>)
+</pre>
+</html>
+The user ''eeyore'' is **not** the owner of the file,
+**neither** he is in group ''jumping'' whose the file is,
+so for the user **only** the last chunk matters.
+++++
 To see detailed information about a file (this includes permissions), one can run the ''**stat** //file//'' command.
 \\
-Permissions are also presented in the results of ''ls -l'' and ''tree -p'' commands.
+Permissions are also presented in the results of ''ls -l'' and ''tree -p'' commands
+(or, the ''tree -pug'' command, which displays also the user and group owning the file).
 \\
 All these commands precede file permissions with a character indicating the file type.
@@ Line 227: / Line 334: @@
 The ''chmod'', <small> ''chgrp'' and ''chown'' </small> commands accept switches ''-R'' (''--recursive'') and ''--reference=//file//'' (to clone the permission/<small>group/owner</small> from the referenced file).
-//Do the exercises on the SSH server indicated during classes. \\ To create files, you may use e.g., the // ''fortune > //file//'' //command.//
+//Do the exercises on the SSH server indicated during classes (''ssh user//N//@fe80::1%br0'').
+\\ To create files, you may use e.g., the // ''fortune > //file//'' //command.//
+<small>
+++++ Instructions for using your own Linux box to do the exercises |
+To do the exercises on your own computer, you may either:
+  - Use the following commands to add sample groups and users to your system:<code bash>
+groupadd even
+groupadd odd
+groupadd low
+groupadd high
+useradd -g odd  -G low  -m user1
+useradd -g even -G low  -m user2
+useradd -g odd  -G high -m user3
+useradd -g even -G high -m user4
+passwd -d user1
+passwd -d user2
+passwd -d user3
+passwd -d user4</code>
+  - Build & use {{so:users_chmod:container-for-file-permission-labs.tar.xz|a docker image}} (provided you're familiar with docker), e.g., using the commands:<code bash>
+curl -s https://www.cs.put.poznan.pl/jkonczak/_media/so:users_chmod:container-for-file-permission-labs.tar.xz | tar xJ
+docker build --tag container-for-file-permission-labs container-for-file-permission-labs
+docker run --network=none --rm -ti container-for-file-permission-labs</code>
+++++
+</small>
 ~~Exercise.#~~ Create a file. Set the file permissions so that only the user can read the file.
@@ Line 244: / Line 375: @@
 ~~Exercise.#~~ Create a file. Set the file permissions so that only the user and others can read the file. Verify whether one being in the same group as the file can read it.
-~~Exercise.#~~ Create a directory with a file inside. Revoke the permission to execute the directory. Try to list the directory, enter the directory, and display the file contents (without entering the directory).
+~~Exercise.#~~ Create a directory D containing a file F and an empty subdirectory. Revoke the permission to execute the directory D. Try to list (with details) the directory D, enter the directory D, and display the contents of the file F (without entering the directory D).
 ~~Exercise.#~~ Change permissions of a directory to ''u=rwx,go=rx''. Create in the directory a file. Print its contents as another user. List the directory as another user. \\ Then change the permissions of the directory to ''u=rwx,go=x''. Try, as the other user, to print the file and list the directory again.
@@ Line 261: / Line 392: @@
 </small>
+<html><style>.wrap_nomargin{margin:0} .wrap_nomargin p{margin:0}</style></html>
+<WRAP nomargin>
+Examples:
+++++ umask | {{section>so:users_chmod:examples-en#umask&inline&noheader}} ++++
+++++ manipulating mode bits | {{section>so:users_chmod:examples-en#chmod&inline&noheader}} ++++
+++++ user, group or others | {{section>so:users_chmod:examples-en#ugo&inline&noheader}} ++++
+++++ write-only and read-only files | {{section>so:users_chmod:examples-en#write_only&inline&noheader}} ++++
+++++ creating/removing directory entries | {{section>so:users_chmod:examples-en#dir_create_remove&inline&noheader}} ++++
+</WRAP>
+++++ suid and sgid | {{section>so:users_chmod:examples-en#suid_sgid&inline&noheader}} ++++
 ===== Change, modify and access date =====
@@ Line 285: / Line 428: @@
 <html></small></html>
+++++ Examples: | {{section>so:users_chmod:examples-en#touch&inline&noheader}} ++++

Jan Kończak

User Tools

Site Tools

Differences

Page Tools