Unix & Linux Professional

Unix & Linux Professional Unix & Linux is most strongest Secured Operating System in world

08/12/2012

u — the user who owns the file (that is, the owner)

g — the group to which the user belongs

o — others (not the owner or the owner's group)

a — everyone or all (u, g, and o)
Permissions

r — read access

w — write access

x — execute access
Actions

+ — adds the permission

- — removes the permission

= — makes it the only permission

Want to test your permissions skills? Remove all permissions from foo.txt — for everyo

08/12/2012

Ownership and Permissions

Earlier in this chapter, when you tried to cd to root's login directory, you received the following message:

[newuser@localhost newuser]$ cd /root
bash: /root: Permission denied
[newuser@localhost newuser]$

That was one demonstration of Linux's security features. Linux, like UNIX, is a multi-user system, and file permissions are one way the system protects against any type of damage.

One way to gain entry when you are denied permission is to su to root, as you learned earlier. That is because whoever knows the root password has complete access.

[newuser@localhost newuser]$ su
Password: your root password
[root@localhost newuser] # cd /root
[root@localhost /root] #

But switching to superuser is not always convenient, or wise, since it is easy to make mistakes and alter important configuration files.

All files and directories are "owned" by the person who created them. You created the file sneakers.txt (see the section called Using Redirection in your login directory, so sneakers.txt "belongs" to you.

That means you can specify who is allowed to read the file, write to the file or, if it is an application instead of a text file, who can execute the file.

Reading, writing, and executing are the three main settings in permissions.

Since users are placed into a group when their accounts are created, then you can also specify whether certain groups can read, write to, or execute a file.

Take a closer look at sneakers.txt with the ls command using the -l (long) option (see Figure 10-12).

[newuser@localhost newuser]$ ls -l sneakers.txt
-rw-rw-r-- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt

There is a lot of detail provided here. You can see who can read (r) and write to (w) the file, as well as who created the file (newuser) and to which group the owner belongs (newuser).

Tip Your default group


Remember that, by default, your group is the same as your login name.

Figure 10-12. Permissions for sneakers.txt

Other information to the right of the group includes file size, date and time of file creation, and file name.

-rw-rw-r--

The first column (shown above) shows current permissions; it has ten slots. The first slot represents the type of file. The remaining nine slots are actually three sets of permissions for three different categories of users.

Those three sets are: the owner of the file, the group in which the file belongs, and "others," meaning users and groups other than the owner of the file (newuser), and those in newuser's group (which is also newuser).

- (rw-) (rw-) (r--) 1 newuser newuser
| | | |
type owner group others

The first item, which specifies the file type, can show one of the following:

d — a directory

-(dash) — a regular file (rather than directory or link)

l — a symbolic link to another program or file elsewhere on the system

Beyond the first item, in the following three sets, you will see one of the following:

r — file can be read

w — file can be written to

x — file can be executed (if it is a program)

When you see a dash in owner, group, or others, it means that particular permission has not been granted.

Look again at first column of sneakers.txt and identify its permissions. (See Figure 10-13)

[newuser@localhost newuser]$ ls -l sneakers.txt
-rw-rw-r-- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt
[newuser@localhost newuser]$

Figure 10-13. A Closer View of Permissions

The file's owner (in this case, newuser) has permission to read and write to the file. It is not a program, so newuser does not have permission to execute it. The group, newuser, has permission to read and write to sneakers.txt, as well. Similar to the program notation for owner newuser, there is no execute permission for group newuser.

In the last set, you can see that those who are not either the user newuser or in the group called newuser can read the file, but can not write to it or execute it.

Change the permissions on sneakers.txt with the chmod command.

The original file looks like this, with its initial permissions settings:

-rw-rw-r-- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt

If you are the owner of the file or are logged into the root account you can change any permissions for the owner, group, and others.

Right now, the owner and group can read and write to the file. Anyone outside of the group can only read the file (r--).

Caution Permissions Are Necessary


Remember that file permissions are a security feature. Whenever you allow everyone to read, write to, and execute files, you are increasing the risk of files being tampered with, altered, or deleted. As a rule, then, you should only grant read and write permissions to those who truly need them.

In the following example, you want to allow everyone to write to the file, so they can read it, write notes in it, and save it. That means you will have to change the "others" section of the file permissions.

Since you are the owner of the file, you do not have to su to root to do it. Take a look at the file first. At the shell prompt, type:

ls -l sneakers.txt

The previous command displays this file information:

-rw-rw-r-- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt

Now, type the following:

chmod o+w sneakers.txt

To check the results, list the file's details again. Now, the file looks like this:

-rw-rw-rw- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt

Now, everyone can read and write to the file (Figure 10-14).

Figure 10-14. Changing Permissions for sneakers.txt

The o+w command tells the system you want to give others write permission to the file sneakers.txt.

To remove read and write permissions from sneakers.txt use the chmod command to take away both the read and write permissions like so:

chmod go-rw sneakers.txt

and the result will look like this:

-rw------- 1 newuser newuser 150 Mar 19 08:08 sneakers.txt

By typing go-rw, you are telling the system to remove read and write permissions for the group and for others from the file sneakers.txt.

You might think of these settings as a kind of shorthand when you want to change permissions with chmod, because all you really have to do is remember a few symbols and letters with the chmod command.

Here a list of what the shorthand represents:

Identities

u — the user who owns the file (that is, the owner)

g — the group to which the user belongs

o — others (not the owner or the owner's group)

a — everyone or all (u, g, and o)
Permissions

r — read access

w — write access

x — execute access
Actions

+ — adds the permission

- — removes the permission

=—makes it the only permission

Note An Additional Permission


Another permission symbol is t, for the sticky bit. If a sticky bit is assigned to a file, a user who wants to remove or rename that file must own the file, own the directory, have write permission, or be root (see the section called File Properties in Chapter 11).

Want to test your permissions skills? Remove all permissions from sneakers.txt — for everyone.

chmod a-rwx sneakers.txt

Now, see if you can read the file:

[newuser@localhost newuser]$ cat sneakers.txt
cat: sneakers.txt: Permission denied
[newuser@localhost newuser]$

It worked. But since the file belongs to you, you can always change its permissions back (see Figure 10-15).

[newuser@localhost newuser]$ chmod u+rw sneakers.txt
[newuser@localhost newuser]$ cat sneakers.txt
buy some sneakers
then go to the coffee shop
then buy some coffee
bring the coffee home
take off shoes
put on sneakers
make some coffee
relax!
[newuser@localhost newuser]$

Figure 10-15. Removing and Restoring Permissions

Here are some common examples of settings that can be used with chmod:

g+w — adds write access for the group

o-rwx — removes all permissions for others

u+x — allows the file owner to execute the file

a+rw — allows everyone to read and write to the file

ug+r — allows the owner and group to read the file

g=rx — lets the group only read and execute (not write)

By adding the -R option, you can change permissions for entire directory trees.

Because you can not really "execute" a directory as you would an application, when you add or remove execute permission for a directory, you are really allowing (or denying) permission to search through that directory.

To allow everyone read and write access to every file in the tigger directory in your login directory, type:

chmod -R a+rw tigger

But… if you do not allow others to have execute permission to tigger, it does not matter who has read or write access, because no one will be able to get into the directory — unless they know the exact filename they want.

For example, type:

chmod a-x tigger

to remove everyone's execute permissions.

Here is what happens now when you try to cd to into tigger:

[newuser@localhost newuser]$ cd tigger
bash: tigger: Permission denied
[newuser@localhost newuser]$

Restore your own and your group's access.

chmod ug+x tigger

Now, if you check your work with ls -dl you will see that only others will be denied access to the tigger directory.

04/12/2012

In this video I install CentOS 6, talk about its primary use, and look at the bundled applications.

04/12/2012

Creating a user account

When you installed Red Hat Linux you were given the opportunity to create user accounts. If you did not create at least one (not including the root account) you should do so now. Working in root when you do not absolutely have to is a bad idea.

There are two ways to create new and/or additional user accounts: from a GUI, using the user configuration tool; and from a shell prompt.

Figure 1-5. The User Configuration Tool

To create a user account from a GUI:

Log in. If you only have a root account, you must log in as root. If you are already logged in to a user account and want to create more accounts, you do not have to change to root; you will be prompted for the root password later.

In GNOME, click on the Start Here button on the panel at the bottom of your desktop. In the new window that opens, click on the System Settings icon and then on the icon for the user configuration tool (if you are not logged in as root, you will be prompted to enter the root password). In KDE, go to Main Menu => System => User Manager.

When the configuration tool opens (Figure 1-5), click on New User.

Fill in the user name (this can be an abbreviation or some sort of nickname), the full name of the user for whom this account is being created, and a password (which you will enter a second time for verification). The name of this user's home directory and the name of the login shell should appear by default.

Click on OK. The user account creation is complete.

To create a user account from a shell prompt:

Open a terminal and log in as root.

Type useradd followed by a space and the username for the new account you are creating at the command line (for example, useradd beth. Press [Enter].

Now type passwd followed by a space and the username again (passwd beth).

The shell prompt should display New UNIX password. This is asking you to enter a password for the new account. Type the password you want to apply to this account and press [Enter].

You will be asked to enter the password again for confirmation. Then you will see the following message, indicating that the new account has been created:

passwd: all authentication tokens updated successfully
Choosing Account Names

Often, user accounts are just variations on the user's name, such as jsmith for John Smith. User account names can be anything from your name, initials, or birthday to something more creative.

What is a Secure Password?

You can be fancy or plain when you pick a user account name, but take precautions when you choose a password. The password is the key to your account, so it should be both unique and easy for you to remember. Your password should be at least six characters (actually, it can be 256 characters long if you enabled MD5 passwords during the installation, though you probably do not need that many). You can mix upper- and lowercase letters, as well as numbers and characters. Avoid easy selections, such as "qwerty" or "password." If you want to pick an easy-to-remember but somewhat unique password, consider a variation of a word, such as "a!rPl8nE" for "airplane."

You can exit from a terminal window by clicking the X button on the upper right corner of the window, or by typing exit at the prompt.

Forgot Your Password?

See (the section called Forgotten Password in Chapter 13) for information on what to do if you forget your root or user account password.

04/12/2012

Chapter 1. Getting Started

Time to get started. The first thing you have to do is log in. When you log in, you are basically introducing yourself to the system.

Linux is Case Sensitive

Like UNIX, Linux is case sensitive. That means that typing "root" refers to a different account than "Root". As far as Linux is concerned, the lowercase "root" refers to the root login, or system administrator.

When you installed Red Hat Linux, you had the opportunity to install the X Window System (also simply called X), which provides the display of graphical information. You were also asked whether you wanted to use a graphical screen, rather than a console (or shell prompt) to log in. A graphical screen has icons, lots of menus, and is generally more approachable for a new user. A console, or shell prompt, resembles an MS-DOS screen and requires the use of specific phrases or commands, which the user types at the command line. Although our emphasis throughout this book will be on navigation and productivity using X, we will cover both the graphical and console methods of logging in and starting the X Window System.

Logging In

Unlike some other operating systems, your Red Hat Linux system uses accounts to manage privileges, maintain security, and more. Not all accounts are created equal: some accounts have fewer rights to access files or services than others.

If you have already created a user account, you can skip ahead to Chapter 2. If you created only the root account, read on to learn how to set up a user account.

Be Careful Working as Root

Because your Red Hat Linux system creates the root account during installation, some new users are tempted to use only this account for all their activities. This is a bad idea. Since the root account is allowed to do anything on the system, you can easily damage your system by accidentally deleting or modifying sensitive system files. You may be tempted to forego creating and using a user account during or after installation, but this is risky.

Logging In As Root

If you did not create a user account during installation, you must log in as root. Regardless of whether you have chosen a graphical or console login screen, you will have to supply a login account name and the password associated with that account.

From a shell prompt, for example, you will see something like:


Red Hat Linux release 7.0
Kernel 2.xx on an i686
localhost login:root
Password:yourrootpassword
Unless you have chosen to give your machine its own hostname, which is primarily used in a network setting, your machine will probably be called localhost.

To log in to the root account, type root at the login prompt and press [Enter]. Then type the root password you chose during installation at the password prompt and press [Enter].

Figure 1-1. The Graphical Login Screen

If you see a shell prompt (instead of the graphical desktop as shown in Figure 1-1) you can start the X Window System by typing startx as follows:


[root@localhost /root] # startx
Changing Your Login Screen

To find out how you can change from a console to a graphical login screen see the section called Changing Login from Console to X at Startup in Chapter 13.

Once you start the X Window System, you will find a desktop similar to Figure 1-2 in GNOME or Figure 1-3 in KDE.

Figure 1-2. A GNOME Desktop

Figure 1-3. A KDE Desktop

Opening a Terminal Window

Both GNOME and KDE offer quick launch buttons on their panels to open a terminal window, also referred to as a shell prompt.

Figure 1-4. The GNOME Panel

On the GNOME panel, the button that launches a shell prompt looks like:

Similar to GNOME, the KDE panel prominently features a quick launch button for a shell prompt. The launcher looks like:

You can also find the launcher from the KDE main menu under System=> Terminal.

04/12/2012

Address

Nashik
422102

Website

Alerts

Be the first to know and let us send you an email when Unix & Linux Professional posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category