Linux : Users and permissions

[Inigo]

Suppose a Linux system already installed and ready for use. We do not enter in the installation procedures, as differ from system to system and can be complicated. However the latest versions of major Linux distributions such as RedHat 4.1 or Debian 1.1 are very easy to install and have a completely graphic procedure, so it is not impossible for a user unfamiliar with Linux will be able to install it. The problems may come later ... So, if our Linux has already been installed and configured, we are ready to get to work. We turn on the monitor and you will see login: password and then:. Yes, because Linux is multiuser, each user must "log" or identify themselves and provide their password. Then there is a prompt that reminds us of the C: \> DOS. Usually ends up with $ prompt for normal users and # for root, the super user. The root is the most sought after login, because it can do everything, including reading the mail of other users or modify their files without permission denied. Often beginners sysadm always work as root, not because it serves to something, but for the sense of omnipotence that gives them, and the absolute certainty of irreparable damage to the entire system if you give a wrong command.

From a command prompt first of all we can do the usual things that are basic with the DOS prompt: ls for a listing of files (DOS DIR), CD (CD is the equivalent of DOS) to change directories, mv (REN) to rename and rm files (DEL) to remove it. I recall that under Linux there is no undelete a deleted file is then erased forever. And to make matters worse, Linux generally do not prompt the cancellation. Clear and just, right away. Maybe now you'll understand better why it is better to work as root only when absolutely necessary.

[Inigo]

In DOS Linux as there is a concept of current directory. If you are the user foo, after logging in your current directory is (usually) / home / foo (or / usr / foo), known as the home directory (the private seasonal "home", where you keep your files). Add some other useful command: mkdir to create a directory and rmdir to remove it: now we take a small sample of comments (written in italics are comments, written in bold are commands you need to type you. Of course you need to press Enter after typing each command):

$ Ls
[Usually, there is nothing]
$> Test
[Trick to create a file]
$ Ls
test
Mkdir $ dir, ls
test dir
[More commands concatenated with;]
$ Mv test dir, ls
dir
[Moves to test dir]
Cd $ dir; ls
test
[Here it is]
$ Rm test ls
[Nothing, now the dir is empty]
$ Cd .. ; Rmdir dir, ls
[No, we have deleted all]

Linux uses a file system directory hierarchy. To refer to a file should be given the full name, using the '/' (and not '\') as a separator. Examples of file names / etc / passwd or / usr / local / bin / perl. Unlike DOS, where there are the "volumes" ( A:, C:, F: ), on Linux we do not have anything like that. So, you say, how do I access a floppy or a CD ROM? Linux allows you to "mount" a volume in its directory hierarchy. For example, to access files on a CD ROM you must issue a command like this (be careful, to use it normally need to be root):

mount / dev / hdb / mnt / cdrom

One feature of Linux is that the devices are seen as files, and then an entire CD ROM file that is represented in "special" hdb. The special files are usually harvested in the directory / dev. Do not consider the matter with a special file which is a long complex, and it is not useful for beginners. The effect of the mount command is to turn the device files in a hierarchy of files and directories related to the main hierarchy. Using ls / mnt / cdrom can see the files in the root directory of the CD ROM. In fact sometimes the mount command requires a few extra parameter, such as the type of file you want to use if you want to mount read only and so on. Linux is often smart enough to be able to recognize only these details (but not always) in other systems may be necessary to explicitly specify some parameters. The reverse mount command to "remove" a file system, umount it (and unmount). Be aware that before withdrawing from a CD-ROM drive must be removed. If you are using a recent version of Linux and a CD-ROM IDE will not be able even to remove the CD before they dismantled it.

[Inigo]

One thing that surprised leaves those accustomed to using the DOS is the fact that certain operations on files can not be done if you do not have appropriate permissions. In DOS there are no permits (except the attribute of READ ONLY), and then you will be astonished when, trying various file operations, you get a message permission denied. So let's see how the mechanism permits Linux. First, we have users, each identified by the login. But there are groups of users. Each file belongs both to a user, who is its owner, to a group. You can separately set the permissions for the owner, group and "everyone else". We see the flexibility of this mechanism. Can I make a file readable and writable to owner, readable but not writable to all users of my team, and neither readable nor writable to others. That said, we can say that each file has three possible actions you can turn on or off: read, write (and delete) and run it. Each of these permissions can be set separately for the owner, group and everyone else. No constraints still apply to root, which can do everything. The ls command has the "switch" that allow you to examine the particular status of a file in order to determine why you can not read a given file. Sometimes it is better to understand why you can not do a particular transaction (and even try to understand why it is inhibited, perhaps there is a good reason) rather than to root for not "boring" bonds (which are usually vital security system).

We talked about the switch. The switches are optional arguments that allow a command to change its behavior. All commands have switches. If you remember the dir / p the DOS, the / p switch is just one. Only in the Linux switch conventionally do not start with the slash '/' (which is in the path of the file), but with the hyphen. Try using the ls command with the-l switch, which means "long", or detail:

Code:

$ Ls-l
 -Rw-r - r - 1 root root \
       Dec 29 3299 05:00 article
 -Rwxr-xr-x 1 msciab msciab \
    28 November 1766 05:05 pipesock
 drwxr-x --- 5 msciab users \
        Dec 27 1024 05:29 document

What's in this directory? First, a file, article. This file is owned by root and group root (which are two different things although they are usually the same name for each user you create a group foo foo foo that contains the same first user, but which can be added others). The article is 3299-byte file was last modified on December 19, and is readable and writable by the owner (root), and only readable by root group and from others. In fact we consider the ten-character string indicating the permissions (the first of each line):-rw-r - r - The first character is in a directory if it is - for regular files (can also be the for links, c for character special file, b for block special files, etc.). The remaining nine characters are broken into three groups of three that define the permissions, in order for the owner, group, and "world", said each group in order read (r), write (w) and execute (x). So:-rw for owner, r - for the group and all the others. The second file instead pipesock, is a readable and executable by all, while it is writable only by the owner. Finally, document is a directory. Permission for the directory x stands for the right to "enter".

[Inigo]

Note that Linux can also be made in plain text files, not necessarily binary. Usually this is similar to DOS batch, these scripts. In DOS text files are the executable. BAT, while the binaries are. Exe and. COM. Linux instead automatically distinguishes the executable binary for the first 4 bytes of each file represents a magic number that specifies the type. If a file is not recognized in another way, it is considered a shell script (the shell is the equivalent of COMMAND.COM DOS) and is run from / bin / sh. Linux also has an interesting mechanism to specify which interpreter has to actually run a script. In fact, if the file starts with #!, Then the rest of the line identifies the interpreter. A shell script often starts with # / bin / sh, if it is a script that works only with the extensions of the bash (Bourne Again Shell, the shell of the GNU standard Linux), you specify # / bin / bash, Perl scripts often begin with # / usr / bin / perl, but the mechanism works with various languages such as tcl, python and even the makefiles.

It remains to consider how to change the permissions and file ownership. We begin by permission. the command chmod <permission> file .... For <permission> is defined as a string whose syntax is (in part) [ugoa ][+-][ rwx]. Or u ser (owner), g roup, or there (others) or a ll (all), + add, - remove permission to read / write / execute. Examples:

Code:

chmod a + x file
 [Make the file executable by all]
 chmod og-rwx file
 [Remove permissions to the group and others]

However, the most convenient way to set permissions is to "total" by using an octal code. Consider a string rwxr-xr-x. If we turn into zeros and the dashes in each other's characters, we get 111 101 101, which is octal 755. A command chmod 755 file sets in one fell swoop file permissions. It may seem complicated, but basically there are few practical cases: 4 read (r -), 6 read / write (rw-), 5 read and execute (rx) and 7 all (rwx). Usually the file permissions are not complicated. In 90% of cases, the file must be readable and executable by everyone and writable by the owner. You can set this permission with a single command to an entire directory tree with:

chmod-R 755 directory

where R-command recursively apply the entire directory tree. Finally we have a command to change ownership of a file chown that can be run only by root. If we want to ensure that all files in the directory belong to the owner and group root here's how:

chown-R root.root directory

Of course, the switch-R is not mandatory, and has the same function eponymous switch chmod, owner and group are separated by dots.