Differences

This shows you the differences between two versions of the page.

--- os_cp:users_permissions [2025/03/31 14:30]
jkonczak
+++ os_cp:users_permissions [2026/03/18 21:56] (current)
jkonczak [Changing permissions, group and owner of a file]
@@ Line 81: / Line 81: @@
 <html><small></html>
-~~Exercise.#~~ Find out who was logged on polluks at ''2023-03-03 13:30''
+~~Exercise.#~~ Find out who was logged on polluks at ''2026-03-16 10:04:10''
 <html></small></html>
@@ Line 107: / Line 107: @@
 One can run commands (including a shell) as another user, provided one has sufficient privileges and/or knows the right password (depending on system configuration).
-The ''**su** [-] [//user//]'' command (su stands for substitute user), once authorized, starts as the target user (or root, if no user is specified) the users default shell.
+The ''**su** [-] [//user//]'' command (su stands for substitute user), once
+authenticated, starts as the target user (or root, if no user is specified)
+the users default shell.
 \\
-<small>The ''su -c //command// [-] [//user//]'' command, once authorized, runs as the target user the provided command inside the users default shell.</small> \\
+<small>The ''su -c //command// [-] [//user//]'' command, once authenticated,
+runs as the target user the provided command inside the users default shell.</small> \\
 ''su'' is present in any Unix-like system.
 In most Linux systems the ''su'' command by default demands target users password (and in some distros the user invoking ''su'' must belong to a specific group, usually called ''wheel'').
@@ Line 116: / Line 119: @@
 Some distributions abuse ''sudo'' to replace ''su''.
-~~Exercise.#~~ Log on via ssh to a server (you'll be given a target address during classes; most likely it's going to be ''ssh user//N//@fe80::1%br0''). Switch user to ''root''. Switch user to another ''user//N//''.
+~~Exercise.#~~ Log on via ssh to a server (you'll be given a target address
+during classes; most likely it's going to be ''ssh user//N//@fe80::1%br0'',
+where //N// needs to be substituted with your computer number).
+Switch user to ''root''. Switch user to another ''user//N//''.
 <html><small></html>
@@ Line 181: / Line 187: @@
 \\
 and ''rwx--x--x'' means that the user can read, write and execute, and the group and others can only execute (''711'').
+++++ Illustration on which chunk of permissions to look at |
+<html>
+<style>.wU{font-weight:bold;color:#00ff00}.wH{color:#cdcd00}.wD{color:#0000ee}
+.wP{margin:-2px; border: 2px solid red}
+.wS{border-radius: 8px; margin:-2px; border: 2px solid red}
+.wN{border-radius: 8px; margin:-2px; border: 2px solid #aaa; background:
+linear-gradient(to left top, transparent 47%, #aaa 47%, #aaa 53%, transparent 53%)}
+.wG{border-radius: 8px; margin:-2px; border: 2px solid #aaa; background:
+linear-gradient(to right top, transparent 47%, #aaa 47%, #aaa 53%, transparent 53%)}
+p{margin-top:0}pre{margin-bottom:0}
+</style>
+</html>
+Keep in mind that programs such as ''ls'' or ''stat'' display the permissions
+exactly the same regardless if the user that ran them is the owner or not,
+belongs to the group whose the file is or not. One has to tell apart manually
+which chunk of permissions to look at.
+<html>
+<pre>
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wS">roo</span>
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+bipedal jumping
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+d<span class="wP">rwx</span>r-x--x 5 <span class="wS">roo</span> jumping 160 Mar 16 20:04 myDir
+-<span class="wP">rw-</span>---r-- 1 <span class="wS">roo</span> jumping 249 Mar 16 20:03 someFile
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (0<span class="wP">7</span>51/d<span class="wP">rwx</span>r-x--x)  Uid: (1234/  <span class="wS">roo</span>)  Gid: (123/ jumping)
+<span class="wU">roo</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (0<span class="wP">6</span>04/-<span class="wP">rw-</span>---r--)  Uid: (1234/  <span class="wS">roo</span>)  Gid: (123/ jumping)
+</pre>
+</html>
+The user ''roo'' is the owner of the file, so for the user **only** the first chunk matters.
+<html>
+<pre>
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wN">tigger</span>
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+<span class="wS">jumping</span> happy
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+drwx<span class="wP">r-x</span>--x 5 <span class="wN">roo</span> <span class="wS">jumping</span> 160 Mar 16 20:04 myDir
+-rw-<span class="wP">---</span>r-- 1 <span class="wN">roo</span> <span class="wS">jumping</span> 249 Mar 16 20:03 someFile
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (07<span class="wP">5</span>1/drwx<span class="wP">r-x</span>--x)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wS">jumping</span>)
+<span class="wU">tigger</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (06<span class="wP">0</span>4/-rw-<span class="wP">---</span>r--)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wS">jumping</span>)
+</pre>
+</html>
+The user ''tigger'' is **not** the owner of the file,
+but is in group ''jumping'' whose the file is,
+so for the user **only** the middle chunk matters.
+<html>
+<pre>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> whoami
+<span class="wN">eeyore</span>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> groups
+<span class="wG">quadruped</span> <span class="wG">glum</span>
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> ls -l
+total 4
+drwxr-x<span class="wP">--x</span> 5 <span class="wN">roo</span> <span class="wG">jumping</span> 160 Mar 16 20:04 myDir
+-rw----<span class="wP">r--</span> 1 <span class="wN">roo</span> <span class="wG">jumping</span> 249 Mar 16 20:03 someFile
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat myDir
+  File: myDir
+  Size: 160     Blocks: 0         IO Block: 4096   directory
+Device: 0,30    Inode: 90         Links: 5
+Access: (075<span class="wP">1</span>/drwxr-x<span class="wP">--x</span>)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wG">jumping</span>)
+<span class="wU">eeyore</span>@<span class="wH">host</span><span class="wD"> /tmp $</span> stat someFile
+  File: someFile
+  Size: 249     Blocks: 8         IO Block: 4096   regular file
+Device: 0,30    Inode: 91         Links: 1
+Access: (060<span class="wP">4</span>/-rw----<span class="wP">r--</span>)  Uid: (1234/  <span class="wN">roo</span>)  Gid: (123/ <span class="wG">jumping</span>)
+</pre>
+</html>
+The user ''eeyore'' is **not** the owner of the file,
+**neither** he is in group ''jumping'' whose the file is,
+so for the user **only** the last chunk matters.
+++++
 To see detailed information about a file (this includes permissions), one can run the ''**stat** //file//'' command.
 \\
-Permissions are also presented in the results of ''ls -l'' and ''tree -p'' commands.
+Permissions are also presented in the results of ''ls -l'' and ''tree -p'' commands
+(or, the ''tree -pug'' command, which displays also the user and group owning the file).
 \\
 All these commands precede file permissions with a character indicating the file type.
@@ Line 233: / Line 334: @@
 The ''chmod'', <small> ''chgrp'' and ''chown'' </small> commands accept switches ''-R'' (''--recursive'') and ''--reference=//file//'' (to clone the permission/<small>group/owner</small> from the referenced file).
-//Do the exercises on the SSH server indicated during classes. \\ To create files, you may use e.g., the // ''fortune > //file//'' //command.//
+//Do the exercises on the SSH server indicated during classes (''ssh user//N//@fe80::1%br0'').
+\\ To create files, you may use e.g., the // ''fortune > //file//'' //command.//
+<small>
+++++ Instructions for using your own Linux box to do the exercises |
+To do the exercises on your own computer, you may either:
+  - Use the following commands to add sample groups and users to your system:<code bash>
+groupadd even
+groupadd odd
+groupadd low
+groupadd high
+useradd -g odd  -G low  -m user1
+useradd -g even -G low  -m user2
+useradd -g odd  -G high -m user3
+useradd -g even -G high -m user4
+passwd -d user1
+passwd -d user2
+passwd -d user3
+passwd -d user4</code>
+  - Build & use {{so:users_chmod:container-for-file-permission-labs.tar.xz|a docker image}} (provided you're familiar with docker), e.g., using the commands:<code bash>
+curl -s https://www.cs.put.poznan.pl/jkonczak/_media/so:users_chmod:container-for-file-permission-labs.tar.xz | tar xJ
+docker build --tag container-for-file-permission-labs container-for-file-permission-labs
+docker run --network=none --rm -ti container-for-file-permission-labs</code>
+++++
+</small>
 ~~Exercise.#~~ Create a file. Set the file permissions so that only the user can read the file.
@@ Line 250: / Line 375: @@
 ~~Exercise.#~~ Create a file. Set the file permissions so that only the user and others can read the file. Verify whether one being in the same group as the file can read it.
-~~Exercise.#~~ Create a directory with a file inside. Revoke the permission to execute the directory. Try to list the directory, enter the directory, and display the file contents (without entering the directory).
+~~Exercise.#~~ Create a directory D containing a file F and an empty subdirectory. Revoke the permission to execute the directory D. Try to list (with details) the directory D, enter the directory D, and display the contents of the file F (without entering the directory D).
 ~~Exercise.#~~ Change permissions of a directory to ''u=rwx,go=rx''. Create in the directory a file. Print its contents as another user. List the directory as another user. \\ Then change the permissions of the directory to ''u=rwx,go=x''. Try, as the other user, to print the file and list the directory again.

Jan Kończak

User Tools

Site Tools

Differences

Page Tools