1 00:00:06,690 --> 00:00:08,250 - In order to manage permissions, 2 00:00:08,250 --> 00:00:10,530 there are two things that you need to do. 3 00:00:10,530 --> 00:00:13,560 First, you need to take care of ownership. 4 00:00:13,560 --> 00:00:15,900 And after taking care of ownership, 5 00:00:15,900 --> 00:00:19,050 you can set the permissions for these owners. 6 00:00:19,050 --> 00:00:22,590 In order to manage ownership, you need to understand 7 00:00:22,590 --> 00:00:26,220 that the user who creates a file becomes user-owner, 8 00:00:26,220 --> 00:00:29,250 and the primary group of that user becomes group-owner, 9 00:00:29,250 --> 00:00:32,370 and everybody else is the others owner. 10 00:00:32,370 --> 00:00:36,180 We also call that ugo, and standard Linux permissions allow 11 00:00:36,180 --> 00:00:39,780 for one user-owner and one group-owner for each file. 12 00:00:39,780 --> 00:00:42,000 If you don't like the default owner assignments, 13 00:00:42,000 --> 00:00:46,830 you can use chown for change owner to change user ownership, 14 00:00:46,830 --> 00:00:51,830 as in chown anna myfile, or chown anna:sales /data/sales. 15 00:00:52,650 --> 00:00:54,540 Now the second line is an interesting one, 16 00:00:54,540 --> 00:00:58,800 because here we are making user anna as well as group sales 17 00:00:58,800 --> 00:01:00,963 owner of the directory sales. 18 00:01:02,100 --> 00:01:05,160 There's also chgrp, which you can use 19 00:01:05,160 --> 00:01:08,193 to change group ownership individually. 20 00:01:09,510 --> 00:01:12,150 Now after setting ownership, you are going to work 21 00:01:12,150 --> 00:01:13,904 with file permissions. 22 00:01:13,904 --> 00:01:17,190 Chmod is the command that you are going to work with. 23 00:01:17,190 --> 00:01:21,480 Chmod can be used in absolute mode, and in absolute mode 24 00:01:21,480 --> 00:01:25,560 it sets permissions to ugo, which is user group and others, 25 00:01:25,560 --> 00:01:28,064 as in chmod 750. 26 00:01:28,064 --> 00:01:30,180 What is chmod 750? 27 00:01:30,180 --> 00:01:34,230 Well, a 7 for u, a 5 for g, and a 0 for o. 28 00:01:34,230 --> 00:01:38,760 7 is 4 plus 2 plus 1, that equals read, write, and execute. 29 00:01:38,760 --> 00:01:40,710 5 is read and execute. 30 00:01:40,710 --> 00:01:43,350 And 0 obviously is nothing. 31 00:01:43,350 --> 00:01:46,050 Alternatively, you can use relative mode. 32 00:01:46,050 --> 00:01:51,050 I like using relative mode to make script files executable, 33 00:01:51,570 --> 00:01:54,180 as in chmod +x myscript. 34 00:01:54,180 --> 00:01:57,240 Don't make it any more complex than that. 35 00:01:57,240 --> 00:02:00,360 And here is the best practice for both of these. 36 00:02:00,360 --> 00:02:02,970 Use absolute mode if you want full control. 37 00:02:02,970 --> 00:02:06,063 Use relative mode for quick permission changes. 38 00:02:09,810 --> 00:02:12,570 So let me show you how to work with these permissions. 39 00:02:12,570 --> 00:02:16,530 And in order to do so, I am starting by creating a directory 40 00:02:16,530 --> 00:02:19,023 with the name /data/sales. 41 00:02:20,670 --> 00:02:25,670 So let's check out the permissions, sudo ls -l on /data. 42 00:02:26,760 --> 00:02:29,610 And there we can see that the sales directory is owned 43 00:02:29,610 --> 00:02:31,050 by root root. 44 00:02:31,050 --> 00:02:36,050 So first thing to do is sudo chgrp sales on /data/sales. 45 00:02:39,210 --> 00:02:41,760 And now we can see that the sales group is owner 46 00:02:41,760 --> 00:02:43,200 of this directory. 47 00:02:43,200 --> 00:02:44,970 Now we need to fix the permissions. 48 00:02:44,970 --> 00:02:46,290 Now what makes sense? 49 00:02:46,290 --> 00:02:50,160 It makes sense to set the permission mode to 770. 50 00:02:50,160 --> 00:02:53,190 Linux has this other thing, and this other thing 51 00:02:53,190 --> 00:02:55,860 makes it too many users have read permissions 52 00:02:55,860 --> 00:02:58,380 in specific directories, and I don't like that. 53 00:02:58,380 --> 00:03:03,380 So sudo chmod 770 on /data/sales. 54 00:03:04,833 --> 00:03:08,460 And now if I use my sudo ls -l again, 55 00:03:08,460 --> 00:03:12,750 we can see that the /data/sales directory is set correctly. 56 00:03:12,750 --> 00:03:14,400 Now we need to test, of course. 57 00:03:14,400 --> 00:03:17,130 So grep sales in /etc/group. 58 00:03:17,130 --> 00:03:18,240 Why do I do that? 59 00:03:18,240 --> 00:03:22,860 Because I need to find out members of this specific group. 60 00:03:22,860 --> 00:03:25,710 And there we can see bill, laura, and linda. 61 00:03:25,710 --> 00:03:30,710 So let me open a shell, sudo su -, as user linda. 62 00:03:31,770 --> 00:03:36,770 And as user linda, I am going to the /data/sales directory, 63 00:03:37,080 --> 00:03:40,560 and I'm creating a file with the name lindafile. 64 00:03:40,560 --> 00:03:42,990 Ls -l, well, we can see 65 00:03:42,990 --> 00:03:46,230 that lindafile has been created successfully. 66 00:03:46,230 --> 00:03:47,760 And that is how you do it. 67 00:03:47,760 --> 00:03:49,290 Now one more thing 68 00:03:49,290 --> 00:03:51,840 to make sure you understand how all of this works. 69 00:03:51,840 --> 00:03:53,223 One additional demo. 70 00:03:54,450 --> 00:03:58,140 With root permissions, I am going to create a file 71 00:03:58,140 --> 00:04:02,933 with the name /home/linda/rootfile. 72 00:04:02,933 --> 00:04:06,270 There we go, the rootfile has been created. 73 00:04:06,270 --> 00:04:10,440 I'm going back to my linda shell, and in the linda shell, 74 00:04:10,440 --> 00:04:12,180 I'm using ls -l. 75 00:04:12,180 --> 00:04:13,230 And what do we see? 76 00:04:13,230 --> 00:04:16,530 We see that linda has this rootfile. 77 00:04:16,530 --> 00:04:18,450 Now I need you to think about the following. 78 00:04:18,450 --> 00:04:20,400 I am user linda, 79 00:04:20,400 --> 00:04:25,260 and I'm going to use rm -f on rootfile. 80 00:04:25,260 --> 00:04:26,280 What do you think? 81 00:04:26,280 --> 00:04:27,600 Is that going to work? 82 00:04:27,600 --> 00:04:28,743 Yes or no? 83 00:04:30,210 --> 00:04:31,740 Well, let's try it. 84 00:04:31,740 --> 00:04:33,900 And there you can see it works. 85 00:04:33,900 --> 00:04:35,160 Is that surprising? 86 00:04:35,160 --> 00:04:36,540 No, it's not. 87 00:04:36,540 --> 00:04:38,910 If we use ls -ld on dot, 88 00:04:38,910 --> 00:04:42,210 then we can see this is the linda home directory. 89 00:04:42,210 --> 00:04:44,100 Linda is owner of her home directory. 90 00:04:44,100 --> 00:04:46,620 She has read, write, and execute in the home directory. 91 00:04:46,620 --> 00:04:49,620 So of course she's allowed to delete files 92 00:04:49,620 --> 00:04:51,390 from her own home directory. 93 00:04:51,390 --> 00:04:53,190 And that is what we are seeing here.