* In Linux enter: unzip nlm.zip
Pinky & Brains to the Rescue!
There's a lot to learn before you can fully understand setting access rights to files and directories for users and groups, so bare with me, whilst I explain. Because this topic is quite detailed and technical, I've tried to lighten it up by asking Pinky & Brains to join us. :)
Just take this section slowly and read over it a few times until it sinks in. Believe me, I've read access rights tutorials far duller, vaguer, and more technical than this one. ;)
|
| Note:
I'm no System Administrator, so to those who know better, my instructions may appear incomplete, incorrect or present security risks. If this is the case (which it probably is) then please mail me at rightsintro@thebits.co.uk.
|
| To Begin With...
| - 1 -
Log-on as root.
- 2 -
Enter:
cd /home
- 3 -
Enter:
mkdir plans -m 770
| Note:
Whenever a directory is created, it is allocated the default rights: 775. For this tutorial however, we need the rights for the directory to be 770. Don't panic about these figures appearing cryptic, all will be explained.
- 4 -
Enter:
ls -l
... and examine the line that reads:
drwxr-xr-x 2 root root 1024 Jun 7 22:37 plans
rights owner group
|
| Access Rights Theory Tutorial #1
| Whenever a directory is created, it is allocated an owner and a group that it belongs to.
By default a directory is allocated the rights shown above (drwxr-xr-w), the owner is obviously the person that created the directory, and the group the directory is allocated to, is the owner's default group.
|
| But What Does drwxr-xr-x Mean?
Examine the diagram shown below:
Type Owner Group Other
+-----+-----+-----+-----+
| * |* * *|* * *|* * *|
+-----+-----+-----+-----+
d r w x r w x r w x
- - - - - - - - - -
Here you can see that the rights for a file or directory indicates the following:
- Type (d = directory; - = file)
Owner's rights (r = read permission given; w = write permission given; x = execute permission given; - = right not given)
- Group's rights
- Other's rights (i.e. everyone that is not a member of the group)
Now just to complicate matters, here's what each of the rights allows a user to do (or not do), dependant on whether it is a file or a directory in question:
File Directory
+----------------+---------------------------------------------+
Read | Look at a file | ls (list directory's contents) |
+----------------+---------------------------------------------+
Write | Modify a file | Create, move and delete files in directory. |
+----------------+---------------------------------------------+
Execute | Run a file | To cd into i.e. move into. |
+----------------+---------------------------------------------+
| Time To Bring Pinky & Brains Onto The Scene!
| - 1 -
Enter:
groupadd conquest
- 2 -
Enter:
useradd pinky -g conquest
...to add the new user pinky (with the default group that he belongs, being the newly created conquest group).
- 3 -
Enter:
useradd brains -g conquest
- 4 -
Enter:
useradd enemy
| Note:
Because the new user enemy was not allocated to a group when created, a new group called enemy is created and the user enemy is allocated to that group.
- 5 -
Enter:
passwd pinky
...then enter:
defcon
...as the password (ignore the 'BAD PASSWORD' message), and re-enter the password.
- 6 -
Do the same for brains and enemy, giving them the same password for convenience.
|
| Note:
The table below, shows who owns a file/directory when it is created e.g if pinky created a file, the owner would be pinky and the group owners would be conquest.
User Owner Group
+--------+--------+----------+
| pinky | pinky | conquest |
+--------+--------+----------+
| brains | brains | conquest |
+--------+--------+----------+
| enemy | enemy | enemy |
+--------+--------+----------+
| Now It's Time To Create Brains' Top Secret Plans
| - 1 -
Press Alt+F2 to switch to the second virtual terminal.
|
| Note:
There are a default of 6 virtual terminals for you to pick from (although a maximum of 12 can be setup). Virtual terminal allow multiple users to be logged into the one computer, making them a superb feature. (And definately a feature, DOS is sorely lacking.)
- 2 -
Enter:
cd ..
...and then:
ls
- 3 -
Enter:
cd plans
...Which will display the message 'bash: plans: Permission denied' since brains does not have access to the plans directory.
- 4 -
Press Alt+F1 to switch back to the first virtual terminal, where root is logged onto, and enter:
chgrp conquest plans
...to change the group that owns the directory plans, from group root to group conquest.
- 5 -
Now press Alt+F2 to switch back to brains and once again enter:
cd plans
As if by magic, brains now has access to the directory plans because he belongs to the group that own the directory!
- 6 -
Enter:
pico topsecret.txt
- 7 -
Enter the following:
Pinky this is for your eyes only!
Tell nobody, that tonight we take over the world!
...and press Ctrl+O, then Enter to save the file, then press Ctrl+X to exit Pico.
|
| Time For Pinky To Read The Top Secret Plans!
| - 1 -
Press Alt+F3 to switch to the third virtual terminal, and log-in as pinky.
- 2 -
Enter:
cd /home/plans
- 3 -
Enter:
pico topsecret.txt
...and add the line in bold to the text file:
Pinky this is for your eyes only!
Tell nobody, that tonight we take over the world!
Ok Brains!
- 4 -
Press Ctrl+O, then Enter to save the file... So why did Pico display the message:
[ Cannot open file for writing: Permission denied ]
| Access Rights Theory Tutorial #2
| Press Alt+F2 to switch back to the second virtual terminal, where brains is logged into and enter:
ls -l
...to display the following line:
Before
-rw-r--r-- 1 brains conquest 85 Jun 8 12:09 topsecret.txt
2 things are wrong with the above access rights. Firstly pinky needs write access so that he can modify topsecret.txt, and secondly should anyone else be allowed access to the plans directory in the future, brains still doesn't want anyone looking at topsecret.txt (it is top secret after all ;) ). To fix these problems, simply issue the following command:
chmod 660 topsecret.txt
After
-rw-rw---- 1 brains conquest 85 Jun 8 12:09 topsecret.txt
Rather than spend ages explaining what that cryptic 660 represents, I thought it best to whip up a simple diagram. Those who are unable to understand this picture need to try and push their IQ into double figures! ;)
Now press Alt+F3 to switch back to pinky. This time when you attempt to save the file, all goes as planned! Now that Pinky's work is finished you can exit Pico.
|
| Let's Make Sure The Enemy Can't Read The Plans!
| - 1 -
Press Alt+F4 to switch to the fourth virtual terminal, and log-in as enemy.
- 2 -
Enter:
cd /home/plans
...to display the message:
bash: /home/plans: Permission denied
...and have Pinky & Brains breathe a sigh of relief. ;)
|
| Now Let's Return Everything To The Way It Was
| Enter the following in the sequence displayed to return everything to the way it was before starting this section (the first sequence block being key combos):
Ctrl+D
Alt+F3
Ctrl+D
Alt+F2
Ctrl+D
Alt+F1
userdel pinky
userdel brains
userdel enemy
groupdel conquest
cd /home
rm -rf pinky
rm -rf brains
rm -rf enemy
rm -rf plans
|
| [ Home ] [ Contents ] [ Download*] [ Previous ] [ Next ]
| * In Linux enter: unzip nlm.zip
| Homepage | The Last 5 Days | The Daily Linux News | The Linux Bits | Newbie's Linux Manual The Best Linux Sites | Linux Book Reviews | A Windows Vendetta? Diary of a Linux Newbie | Diary of an Open Source Newbie The Linux Forum | Just For Fun
| 4.7 million books, CDs, videos, and DVDs available to buy!
| © MM Linuxdot.org | Webmaster | Manual's Copyright Terms
| | | | | | | | | | | | | | | | | | | |