1. Home
  2. Training Library
  3. DevOps
  4. Courses
  5. Red Hat Enterprise Linux Technical Overview

File Permissions

Developed with
Red Hat
play-arrow
Start course
Overview
DifficultyBeginner
Duration1h 43m
Students185
Ratings
5/5
starstarstarstarstar

Description

Red Hat Enterprise Linux (RHEL) is a rock solid commercial grade Linux operating system. If you're interested in learning RHEL from a system admins perspective then this course is for you!

The "Red Hat Enterprise Linux Technical Overview" course walks you through many of the basic system admin tasks and concepts required to administer RHEL effectively.

This course will provide you with insights to:

  • Working with the Terminal
  • Understanding the Kernel and User Spaces
  • Graphical User Interface
  • File management and the File System Hierarchy
  • Editing Files using Vim
  • Organizing Users and Groups
  • File Permissions
  • Managing Software
  • Configuring Networking
  • Controlling System Startup Processes
  • Introduction to Containers
  • Overview of Cockpit

Transcript

Hey guys, right now we are going to talk about Linux File System Permissions and it's easy it's easy because we only have three permissions those permissions are read, write and execute. Every file has got 10bits that are associated with it, the value of the first bit, kind of determines the kind of file, so if it's a d it's a directory, if it's just a - it's a normal file, if it's a link it would have an l for a symbolic link, if it's a a block-based file as you saw early on, it would have a B, and the value of the first bit determines the kind of file the remaining 9 would be the permissions. 

Now, you're looking at that and then saying what you said nine, didn't you just tell me that there are three permissions, yeah they are indeed three permissions however those permissions can be applied to three different entities. The three different entities would be the user we have the group for the next three and then the final three would be for other and I'll explain that more in a moment. When you create a file you're the owner of that file and that is who the U refers to. The user that is associated with the file. So more explicitly this would refer to the owning user.

Now when you create a file you are logged in as a user and that user has got a group. This would be the primary group. Now the group that is associated by default with a newly created file would be the users primary group and that is what would be the g or the owning group. Everyone who is not the logged in user or the user that is associated with that file or a member of the owning group that is associated with that file, would be qualified by other.

So, we could have read, write, and execute associated with the owning user read, write, and execute associated with members of the owning group, as well as read write and execute associated with other. So let's go and get our hands dirty right now.

So, we are going to create a directory called /common. So let's go and take care of that and the directories just been created. So let's go and do a listing right now of the directory.

Now if you want to see the permissions associated with the directory, you would use ls -ld. Now the d is really important over here, because otherwise what's going to happen is that the ls command is going to show you the contents of the directory common and it's not going to show you the properties associated with a common directory.

So you can see again over you guys that we have a 10 bits.

Feel free to count them and you can see that the value of the first bit is a d this tells us that it's a directory. And then we have nine more bits over here, and here we have the permissions. So R W and X would be associated with that components over there, that is the owning user or the user that is associated with the file.

We also have the owning group over here. Right next door and that is route and the next three bits would be the permissions for the owning group and then the final three would be the permissions for other. Again other means everyone who is not the owning user and everyone who is not a member of the owning group.

So let's go and try and give the student user access to this directory right now.

So, do we just want the student user to be able to change into the directory.

If so, well the student user already can do that and here's why?

We always evaluate permissions in the order that we've defined them UGO.

So is the student user the owning user of that directory.

The answer is no, root is the owning user.

So these permissions are not going to be applicable.

So guys we stopped at the first match we process no further we don't have a match, so we're allowed to continue processing is the student user a member of the group that is associated with that file. So we don't know let's go find out we're going to say groups students and we could see that student is a member of the group students, as well as the group wheel and that is not what the owning group is. So now we allowed to process further and you can see over here that we have the permissions for other. Now because the user student is not the owning user and not a member the owning group the user student is qualified by other and therefore the student user has got read and execute permissions, which are perfectly sufficient to change into a directory and to do a directory listing.

So, let's go put that to the test right now.

We're going to change into the directory common and we're going to do a directory listing.

That's it, nice and simple, but let's find out right now if we can create a file.

So we're going to create a file called student.file1 and you can see that permission denied and that again is it's resigningly clear to us why. 

We don't have the w Permission or the write permission. So let's go find out how we could go about giving the user students the write permission.

Now to change permissions we use a command called chmod, which is used to change the permissions mode. So what I could do over here is that I could say I'm going to give other the w permission.

Now be very careful over here that other doesn't mean everyone, other means everyone who is not the owning user, everyone, who is not a member of the owning group. So we're going to give other permissions to /common we're going to give them the write permission.

So +w means that we are adding something and we are adding the write permission.

So now if you have a look at the output of the ls -lb command against the common directory. You can see right now that rwx has been given to other. So let's go find out if the users of students can log in and create a file called student.file1. success. I can do that. And if you have to go and explore who the owning user is of the file, you'll see it would be the creator and the owning group would be the primary group of that user.

So what I'm going to do right now is that I'm going to go and create a user called Paul.

So let's go and use useradd and we're going to type in paul over here and I'm going to do something very interesting right now. I'm going to set the owning group of that directory to be the group of paul. So let's get influence that. To do that, we use the command chown or change ownership, and there are two aspects ownership. You could be the owning user, you could also be the owning group.

So what I'm going to do right now is that I'm only going to change the owning group.

Now we use the colon as a separator between the owning user and the owning group.

So if I wanted to make the user students the owning user and if I wanted to make the group paul the owning group that is associated with common I would use this command over here. So chown student:paul for common and you can see that the transaction was successful no error message however we want to validate our work.

So let's go and run the ls -ld command against common and you can see that the user student is indeed the owning user and members of the group paul have read and execute permissions. So allow me now to go and log in as the user paul.

So me going to switch user we're going to switch user to paul and we're going to try and get into the comment directory and you can see that, that transaction was successful because if you wanted to change into a directory.

You would need the execute permission. If you wanted to do a directory listing.

You would need the read permission and we have that. So let's can see what happens right now.

When I create a file called paul.file1 and you can see over here that it says permission denied. Now you may be drawn into thinking that well, everyone has got the write permission. No, that's not the way it works, remember you process your permissions in order.

Owning user, then owning group, and then other.

And you stop at the first match. So what a paul's permissions is paul the owning user associated with common? The answer is No. The student user is.

Great. Let's go to the next one. Is paul a member of the owning group that is associated with common? Yes, paul is a member we can see over here that paul of the group that is associated with common is the paul group, the paul group is the primary group associated with the user paul. So we have a match guys you stop right there.

You process no further. So the permissions that would be effective for the user paul would be read and execute. So allow me to logout as the user paul right now, and we can add one more user. So we're going to do a useradd and we're going to add the user george. And what we now want to do is determine what george's permissions are to that common directory. So nice and simple.

Is george the owning user? No, student is. Is george a member of the group that is associated with that directory. Which is paul no george is not, we just created george we didn't influence george's groups yet.

So george is not a member of the owning group. So therefore george is qualified by other and george should have read, write, and execute. So let's go and put that to the test right now.

So we're going to switch user to george and I'm going to change into the common directory, and I'm going to try and create a brand new file called george.file1 and you can see that that transaction is successful showing how the permissions flow works. So one more thing that I'm going to do right now guys, is that I'm going to show you how as the user root and let's just go and get clear the output. I want to show you how I could go and influence the permissions for the users student. So I'm going to say chmod and we are going to affect the owning user or the user and we are going to be taking away permissions right now.

So, the permissions that we are going to be taking away would be how about we do -rwx and we're going to do that for the directory common.

So, if you have a look at the permissions that are set right now.

You'll see that we have d for directory and then we have ---.

So in the absence of a permission you just use dashes. So no permissions for the owning user. Now let's go and see how that affects the student user for the common directory. I can't do a directory listing. Let's change out of the directory.

Let's go and change back in again permission denied. Let's go and see if I can create a file. So we're going to say common and we're going to say student.file2 and again transaction is unsuccessful and once again guys just as a reminder we always evaluate permissions in order these are the permissions for the owning user and the user student is the owning user. So we have a match we stop right there we are not allowed to process any further.

Now while I told you that there are only three permissions in the Linux File System that was a little bit of a lie because we do have three other permissions.

However they are well beyond the scope of this technical overview and with that guys. I'm going to bring this chapter to an end. I will see you in the next video.

About the Author
Students36684
Labs33
Courses93
Learning paths23

Jeremy is the DevOps Content Lead at Cloud Academy where he specializes in developing technical training documentation for DevOps.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 20+ years. In recent times, Jeremy has been focused on DevOps, Cloud, Security, and Machine Learning.

Jeremy holds professional certifications for both the AWS and GCP cloud platforms.
 

Covered Topics