SM1: Open-source Operating Systems ASIX/DAW/DAM-1 Task A6: Permissions and ownership
 6-11-23

TASK A6: Permissions and ownership

GENERAL CONDITIONS
 1- Deadline: 17-11-2024.
 2- Send your report and voice recording attached to an e-mail with the following specifications:
     a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
     b) Report file Name:
         b.1) ASIX1: asix1_surname_name_sm1act06.odt and asix1_surname_name_sm1act06.pdf
         b.2) DAW1: daw1_surname_name_sm1act06.odt and daw1_surname_name_sm1act06.pdf
     c) Voice recording:
         c.1) ASIX1:  asix1_surname_name_sm1act06p2q1.mp3, asix1_surname_name_sm1act06p2q2.mp3, asix1_surname_name_sm1act06p2q3.mp3 and asix1_surname_name_sm1act06p2q4.mp3
          c.2) DAW1:  daw1_surname_name_sm1act06p2q1.mp3, daw1_surname_name_sm1act06p2q2.mp3, daw1_surname_name_sm1act06p2q3.mp3 and daw1_surname_name_sm1act06p2q4.mp3            
     d) Subject:
         c.1) ASIX1: asix1_surname_name_sm1act06
         c.2) DAW1: daw1_surname_name_sm1act06
3- Make this report individually.
 4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular


PERMISSIONS AND OWNERSHIP: DOCUMENTATION

1- Introduction

Remember:

1-  Linux  is a  multi-user  system.  It  means that more  than one user can be operating the computer at the same time.

2-  In a multi-user system, users should not be not allowed to:
    * Interfere with the files belonging to another users
    * Interfere with system files and directories (configuration files, boot programs, home directory, and so on)

3-  In order to restrict what the users ara allowed to do, Linux comes wtih a control mechanism to determine who can access a particular file or directories and what actions they can do to it.

4- There are two parts to the file control mechanism:  Permissions  and  Ownership.

5- Permissions  determine  what a user or group of users can do to a:
    * File --> Read the contents, remove  contents, add new contents,  changes contents, execute (for binaries).
    * Directory -->  Add files, remove files, change files, list the contents, gain access to the directory.

6- Ownership determine the set of permissions obtained depending on who is the user or the group of users working with a file or directory.

7- Linux supports two methods of controlling who can access a file or folder and how they can acces it:
      a) The traditional Linux access permissions. This  practical exercise discusses the first method.
      b) ACL (Access Control Lists), which provide finer-grained control of access permissions. This method is beyond the scope of this academic year

2- Basic Linux file and folder permission

You should always remember the following ideas:

a) In Linux, file and directory permissions and ownership control the access level that programs and users have to files. This ensures that only authorized users and programs can access specific files and directories.

b) Each file and directory has its own set of permissions. These permissions or access rights are assigned to users and groups. Permissions control the ability of users and groups to view or make changes to the contents of a file or directory.

c) In Linux, programs are bound to users and group and therefore, permissions granted to those users control the the ability of programs  to view or make changes to the contents of a file or directory.
 
d)  From the point of view of each particular file or directory,  there are  three classes  of users  with  different kinds of ownership :
 e)  From the point of view of each particular file or directory, three types of permissions can be applied to each class of user :
 f)  Permissions can be denied or allowed.

g) For every file and directory on your system is mandatory to specify:
            a) an owner and group
            b) permissions denied and allowed for the owner
            c) permissions denied and allowed for the group
            d) permissions denied and allowed for others

h) When you combine ownership and permissions, you will be able to control who can access files and folders and what actions  they are able to do with it. Three kind of permissions  and three kind of users means that for every file in your system, 9 parameters have to be set.

i) For every file  or folder on the system, permissions are assigned to users  by following these steps:
         1st step --> If the user is the file/folder owner then the user gets the permissions given to the owner. Permissions assigned for the group and others are not taken into consideration.
         2nd step -->  If the user is not the file/folder owner but is member of the group then the user gets the permissions given to the group. Permissions assigned for others are not taken into consideration.
         3rd step -->  If the user is not the file/folder owner and is not member of the group  then the user gets the permissions given to others.

j) The following commands can display/create/change  permissions and ownership for any file or folder on your system:
 k) Additional (not mandatory) readings:

3- Interesting facts

a) You can see the contents of a folder using the graphical user interface and therefore you could believe that you have gained access to the directory but that's not true. You can see the contents but you are not in the directory. That happens because the GUI run 2 operations: it changes to the directory and it shows the list of its contents. The first operation does not works but the second operation works.

b) You can run a compiled program (for exemple a c program) even if you remove the execution permission. That happens because the program responsible for running a compiled program is the operating system and like the user root, the operating system is not affected by permissions over files and directories. But an interpreted program like (for example a python or bash script program) requires the help of an external program called interpreter to be run and this external program is subjected to the permissions and ownership rules.

4-  ls -l  command: Displaying file/folder access permissions and ownership

a) When you run ls with -ls option and the name of a file, the command ls displays a line of localrmation about the file. For instance:
dacomo@inf1-dacomo:~$ ls  -ls  zpack.atr.gz
376 -rwxr-xr-- 1 dacomo teachers 382911 Nov 23 zpack.tar.gz

From left to right, the line contains the following localrmation:
Size (blocks)
 		Type
 		Permissions
 		Number of Links or directories inside
 		Owner
 		Group
 		Additional localrmation
376
 		-
 		rwxr-xr--
 		1
 		dacomo
 		teachers
 		382911 Nov 23 zpack.tar.gz
Blocks of 1024 bytes
 		for  a file
 d for a folder
 l for a link
 		indicates read permission
 w indicates write permission
 x indicates execute permission
 - The user does not have the permission in that position
 		1 for a file
 1 or more for a folder
 		Name of the owner
 		Name of the group
Size in bytes
The date when the file/folder was created or modified
The name of the file or folder

b)  The nine characters of Permissions are divided in three groups:
        * First group (characters from 1st to 3rd): The first three characters specify the access permission for the owner of the file/folder
        * Second group (characters from 4th to 6th): The next three characters specify the access permission for the special group.
        * Third group (characters from 7h to 9th): The last  three characters specify the access permission for the other group.

c) When you run ls with -lsd option and the name of a directory, the command ls displays a line of localrmation about the directory. For instance:
dacomo@inf1-dacomo:~$ ls  -lsd  Desktop
-rwxr-xr-- 1 student00 students 465 22 may  2011 README

d) Recursive option -R for folders --> ls -ls -R folder_name. Example: ls -ls -R /boot


5-  tree -pug  command: Displaying folder access permissions and ownership in a tree-like format

a) Description: The tree -pug command displays the access permissions, owner and grup of a folder, recursively in a tree-like format.

b) Synopsis: tree -pug /home/dacomo


 6-  chmod  command: Changing access permissions

a) Description: The chmod command-line utility changes the access permissions of a file or folder

b) Synopsis:  chmod  <permissions>  file_or_folder_name

c) Permissions in numeric mode: A three digit number in octal format (0 to 7):
        0 octal => 000 binary => ---
        1 octal => 001 binary => --x
        2 octal => 010 binary => -w-
        3 octal => 011 binary => -wx
        4 octal => 100 binary => r---
        5 octal => 101 binary => r-x
        6 octal => 110 binary => rw--
        7 octal => 111 binary => rwx

d) Permissions in symbolic mode:  ugoa (user/group/other/all), +/- (add/remove),  rwx (read,write,execute)

e) Examples:
    chmod  754 prova.sh  => a) owner permissions: read, write and excute, b) group permissions: read and execute, c) other permissions: read.
    chmod  640 prova.sh  => a) owner permissions: read, write b) group permissions: read c) other permissions: no.
    chmod  314 prova.sh  => a) owner permissions: write and execute b) group permissions: execute) other permissions: read.
    chmod  u+r prova.sh => Adding read permissions to owner user.
    chmod g-x  prova.sh => Removing execute permissions to group.
    chmod a+x prova.sh => Adding execute permissions to all (everyone).
    chmod ug+rw prova.sh => Adding read and write permissions to owner user and group.
    chmod ugo-wx prova.sh => Removing write and execute permissions to owner user, group and others (a=ugo).

f) Recursive option -R for folders --> chmod -R  <permissions>  folder_name. Example: chmod -R  755  /home/student00 ==> Permissions of all files and folders in /home/student00 will be changed to rwxr-xr-x using this single command.


7-  chown  command: Changing user and group ownership

a) Description: The chown command-line utility changes the owner and group of a file/folder.

b) Synopsis 1:  chown  <new_owner:new_group>  file_or_folder_name
c) Synopsis 2:  chown  <new_owner>  file_or_folder_name

d) Examples:
     chown  etpclot:users  prova.sh  => Changes to user etpclot and group users the ownership of file prova.sh.
     chown  etpclot  prova.sh  => Changes to user etpclot  the ownership of file prova.sh.

e) Recursive option -R for folders --> chown -R  <new_owner:new_group>  folder_name.
     Example: chown -R  etpclot:users  /home/student00 ==>Ownership of all files and folders in /home/student00 will be changed to etpclot:users using this single command.


8-  chgrp  command: Changing group ownership

a) Description: The chgrp command-line utility changes the group of a file/folder.

b) Synopsis:  chgrp  <new_group>  file_or_folder_name

d) Examples:
     chgrp users  prova.sh  => Changes to users the group of file prova.sh.
    chown users  /home  => Changes to users the group of folders /home.

e) Recursive option -R for folders --> chgrp -R  <new_group>  folder_name.
    Example: chown -R  users  /home. Group of all files and folders in /home will be changed to users using this single command.


9-  id  command: Displaying list of groups of which a user is member

The id command-line utility print a list of groups of which a user is a member.  For instance:

dacomo@inf1-dacomo:~$ id
uid=1000(dacomo) gid=1000(dacomo) grups=1000(dacomo),24(cdrom),25(floppy),27(sudo),
29(audio),30(dip),44(video),46(plugdev),109(netdev),113(bluetooth),120(scanner),998(vboxsf)

In this example, dacomo is member of the following groups: dacomo, cdrom, floppy,sudo,audio,dip,video,plugdev,netdev,bluetooth,scannerand vboxsf


10-  Writing proper sentences about permissions

Read (mandatory) the following document: About Permissions


PRACTICAL EXERCISE

FIRST PART - Working with permissions in numeric mode
0- (Do no take screenshots) Install  caja-open-terminal. Log out your current session. Log in again. Check that you can launch a terminal from a folder  by right-clicking  anywhere in the folder and selecting "open in a terminal".

1- Print the list of groups from which your users  is a member.

2- Copy and paste the next script:
    #Script to print username, current folder, local date and time
  #Author:
  clear
  DATE=$(date +%Y%m%d)
  TIME=$(date +%H%M%S)
  PWD=$(pwd)
  echo "Hello $USER"
  echo "Current Folder: $PWD"
  echo "Local Date: $DATE"
  echo "Local Time: $TIME"
  exit 0
Add your surname and name after "Author".  Save the script in a file with the following name: sysinfo.sh. Show sysinfo.sh and its contents.

4- Display the permissions and ownership of sysinfo.sh. Check whether or not this script is an executable file. Check whether or not you are able to execute this script.

5- Using the numeric mode, change permissions of sysinfo.sh to: a) owner: read, write, execute, b) group: read, execute and c) other: execute. Check whether or not you are able to execute this script.

6- Using the numeric mode, change permissions of sysinfo.sh to: a) owner: write, execute, b) group: execute and c) other: none.Check whether or not you are able to read this script using nano. or cat. What's happening? (Write the appropiate sentence according to the question asked)

7- Are you able to execute sysinfo.sh. Why?  (Write the appropiate sentence according to the question asked)

8- Using the numeric mode, change permissions of sysinfo.sh to: a) owner: read, execute, b) group: read and c)other: none. Are you able to display the contents of sysinfo.sh file?. Why?.  (Write the appropiate sentence according to the question asked)

9- Are you able to modify the contents of sysinfo.sh file?. Why? (Write the appropiate sentence according to the question asked)

10- Create a folder called sm1act06 in your personal folder. Display the permissions and ownership of sm1act06. Try to change to sm1act06. Is it possible?. Why?. (Write the appropiate sentence according to the question asked).

11- Using the numeric mode, change permissions of  sm1act06 to: a) owner: read b) group: read  and c) other: read. Try to change to sm1act06. Is it possible?. Why?. (Write the appropiate sentence according to the question asked)

12- Using the numeric mode, change permissions of  sm1act06 to: a) owner: read,execute b) group: read,execute  and c) other: read,execute. Try to change to sm1act06. Is it possible?. Why? Try to create a new folder called sm1act061 inside the sm1act06. Is it possible?. Why?. (Write the appropiate sentence according to the question asked)

13- Using the numeric mode, change permissions of  sm1act06 to: a) owner: write,execute b) group: write,execute  and c) other: write,execute. Try to change to sm1act06. Is it possible?. Why? Try to list the contents of sm1act06.Is it possible?. Why?.(Write the appropiate sentence according to the question asked)


SECOND PART

1- Create  a file recording (with your own voice) the answer to question 6 of previous part with the following filename: xxxx_surname_name_sm1act06p2q1.mp3 where xxxx means asix1 or daw1.
2- Create  a file recording (with your own voice) the answer to question 7 of previous part with the following filename: xxxx_surname_name_sm1act06p2q2.mp3 where xxxx means asix1 or daw1.
3- Create  a file recording (with your own voice) the answer to question 10 of previous part with the following filename: xxxx_surname_name_sm1act06p2q3.mp3 where xxxx means asix1 or daw1.
4- Create  a file recording (with your own voice) the answer to question 11 of previous part with the following filename: xxxx_surname_name_sm1act06p2q4.mp3 where xxxx means asix1 or daw1.


THIRD PART - Working with permissions in symbolic mode

1- Using the symbolic mode, add the read permission to folder sm1act06 for the owner.

2- Using the symbolic mode, and running a single command, add the read permission to folder sm1act06 for the group and others.

3- Using the symbolic mode, and running a single command, remove the write permission from folder sm1act06 for the group and others.

4- Using the symbolic mode, and running a single command, remove the execute permission from folder sm1act06 for the owner, group and others.

5- Using the symbolic mode, remove the write permission from folder sm1act06 for the owner.

6- Using the symbolic mode, and running a single command, add the write and execute permissions to folder sm1act06 for the owner, group and others.

7- Using the symbolic mode, and running a single command, remove any kind of permission from folder sm1act06 for any user.

8- Using the symbolic mode, and running a single command, give  the read, write and execute  permissions to folder sm1act06 for any user.

9- What doest it happen if you run the following command: chmod -x sm1act06?. Find another command which can perfom identical changes in the folder permissions.

10- Using the symbolic mode, and running a single command, give  the execute  permissions to folder sm1act06 for the  owner.


FOURTH PART - Ownership of files and folders

1- Add the excute permission to folder sm1act06 for the owner. Remove the excute permission to folder sm1act06 for the group and others. Set the system user sync as the owner of sm1act06. Check permissions and ownership of sm1act06.

2- As normal user: Try to gain access to sm1act06. Is it possible?. Why? (Write the appropiate sentence according to the question asked)

3- Set disk as the group of sm1act06Check permissions and ownership of sm1act06.

4- Running a single command: set www-data as the owner and daemon as the group of sm1act06. Check permissions and ownership of sm1act06.


FIFTH PART - Recursion

1- Create the following directory tree in your personal folder:

With the help of command tree and running a single command:  Check permissions and ownership of any file or folder in webapp.

2- Running a single command and  using the recursive option, set the following permissions to any file or folder  in webapp ->  owner: read and execute, group: read and  other: none. With the help of tree, check permissions and ownership of any file or folder in webapp.

3- Running a single command and using the recursive option, set sys as the owner and adm as the group of any file and folder in webapp. With the help of tree, check permissions and ownership of any file or folder in webapp.