Home Home > 2014 > 08 > 05 > Command Line Tuesdays – Part Seven
Sign up | Login

Command Line Tuesdays – Part Seven

August 5th, 2014 by

Heya geekos. I’ve checked the ‘curriculum’, and we’re at part 7 of 8 as of today. Which means there will be one more – and sadly final – CLT next tuesday. So for today, let’s deal with some permissions!

As we all know, we can have many users using one machine. To protect the users from each other, permissions have been devised. And we have already discussed file permissions, so let’s refresh our memories with a single click.

chmod

The chmod command is used for changing permissions on a directory or a file. To use it, you first type the chmod command, after that you type the permissions specification, and after that the file or directory you’d like to change the permissions of. It can be done in more way, but mr Shotts focuses on the octal notation method.

Imagine permissions as a series of bits. For every permission slot that’s not empty, there’s a 1, and for every empty one there’s a 0. For example:

rwx = 111

rw- = 110

etc.

And to see how it looks in binary:

rwx = 111 —> in binary = 7

rw- = 110 —> in binary = 6

r-x = 101 —> in binary = 5

r– = 100 —> in binary = 4

Now, if we would like to have a file with read, write and executing permissions for the file owner and for the group owner of the file, but make it unavailable to all other users, we do:

chmod 770 example_file

…where example_file is any file you’d like to try this command on. So, you always have to enter three separate digits, for three separate groups known already from our second lesson. The same can be done for directories.

su and sudo

It is sometimes needed for a user to become a super user, so he can accomplish a task (usually something like installing software, for example). For temporary accessing to the super user mode, there’s a program called su, or substitute user. You just have to type in

su

and type your superuser password, and you’re in. However, a word of warning: don’t remember to log out and use it for a short period of time.

Also there’s an option probably more used in openSUSE and Ubuntu, and it’s called sudo. Sudo is only different in the aspect, that it’s a special command that’s allocated to one specific user. So unlike su, with sudo you can use your user password instead of the superuser’s password. Example:

sudo zypper in goodiegoodie

Changing file and group ownership

To change the owner of the file, you have to run chown as a superuser. For example, if I’d want to change ownership from ‘nenad’ to ‘suse’, I do it this way:

su

[enter password]

chown suse example_file

I can also accomplish the same with changing group ownership, but with a slightly different command chgrp. Easy peasy:

chgrp suse_group example_file

…and that’s it.

Next time

As I already stated, next time we’ll have a photo-finish of sorts. And after that, you’ll be on your own (along with me, wandering through the terminal’s darkness, with only a blinking green cursor as a lighthouse  :) ). Until then geekos, remember to…

…have a lot of fun!

 

 

Both comments and pings are currently closed.

9 Responses to “Command Line Tuesdays – Part Seven”

  1. Not sure if its already planned but addig SUID, SGID and sticky bits would be worth covering.

  2. Trying to figure out binary chmod values is terrible. It’s an old and counterintuitive method. These days we have much better! At least if you’re using GNU coreutils (which you probably are).

    chmod accepts permissions in this form: `chmod x±xxx,x±xxx,x±xxx file`, where the first “x” is a letter indicating which permission set you want to change (u – user, g – group, o – others), followed by either a plus (if you want to allow access) or a minus (if you want to restrict access), and then followed by any of the three letters rwx (read write and execute, as we see in `ls -l`).

    So taking your example, if we would like to have a file with read, write and executing permissions for the file owner and for the group owner of the file, but make it unavailable to all other users, we do:

    chmod u+rwx,g+rwx,o-rwx example_file

    Or, if we look at ls -l and see that the file is -rwxr–r–, then we can simply do:

    chmod g+wx,o-r example_file

    Much easier to understand and remember!

    Then about `su`, technically you don’t ever want to use it, because sudo is much safer. If you use su and leave the terminal open, anyone will be able to have full control over your PC while you’re not looking. Plus, with sudo asking for the password every once in a while, it gives you a bit of time to think if you really want to run whatever you want to run with root permissions. And lastly, in su mode you can get confused as to what user you’re doing changes as. For instance, in you do `touch test.txt` in su mode, it will be owned by root:root. You can get in quite a pickle later on, trying to figure out why the file you created back then isn’t writeable for you any more. Meanwhile you would never do `sudo touch test.txt` in your home directory, because that doesn’t make any sense to use over a simple `touch test.txt`.

    Oh, and worth mentioning are kdesu and gksudo (I guess? I’m not a GNOME user…) for running GUI programs with root permissions (albeit that’s also discouraged, GUI applications should use polkit instead).

  3. hcvv

    Please donot use plain
    su
    but
    su –
    (which is short for su -l). Read the man page why. And think about the security issues you will have when using as root the wrong environment (special the PATH variable).

  4. manitu

    Using the su – is also important if you want to start anything with a GUI, otherwise you will get “Session bus not found”.

    You can use chown also like, its much faster if you want to change both: chown user:group file

  5. manitu

    Sorry for double-post, but could you explain the user-handling in another CLT?

    Its really a pain for many users to understand how to give their permissions group-wise.

    It would be also cool to know what a systemuser (-r) actually is, if someone is going to install a service without yast and rpm.

  6. TAbdenour

    One weakness of linux over windows is not taking care of native ACL as the fact that NTFS offers souble and transparent method for administering access rights since NT4 (20 years).

    • @TAbdenour

      Whan I right click in dolphin and go to access privileges tab and then to a extended it gives me the option to set detailed access privileges for any or multiple users on the system – isn´t this an ACL?

    • Anonymous

      Tabdenour NT 4.0 was released to manufacturing on 31 July 1996 so not precisely 20 years, and with xattr and acl generally available on new installation you have what is needed.
      Even if posix acl doesn’t work exactly the same as ntfs …

  7. Shane

    Great tutorials When the series is complete, please publish all in some form of document example pdf.