Welcome - 10/07/17 [] WORKING IN TEAMS ALE - Atlanta Linux Enthusiasts - http://ale.org/ - sign up for our email lists - General email list - ale - ALE Study Group list - ale-study - Meetup.com Group (google "_ale linux_") https://www.meetup.com/ALE-Atlanta-Linux-Enthusiasts/ THANKS FOR COMING OUT! We are volunteers. Just some guys trying to spread Linux knowledge. Hands-On Today GET YOUR LINUX COMPUTERS UP OPEN A TERMINAL Building Blocks to Help Teams Work Together - Shared Groups - Shared File / Directory Permissions - That's it. - Never share a userid/password with anyone. - Even the helpdesk, network admin or system admin - They don't need it. Beginning Users & Groups LINUX IS MULTI-USER - It is handy to have multiple userids on a system - Test with a fresh set of configs if any program misbehaves - Try out different GUIs - Defeat some web tracking / cookies / _local objects_ - many others Adding Users & Groups For simple environments, with local userids, these tools just modify: - /etc/passwd - /etc/shadow - /etc/groups - /etc/gshadow There are multiple commands for adding and managing users. - adduser / useradd / users-admin - addgroup / groupadd - gpasswd - Add a userid to a new groupid - deluser / userdel / etc ... - To have users work together, put them in the same group from that point, they can manage where and how to work together. - There are GUIs for this in most desktop distros. Examples - Adding users $ sudo adduser pete # add a userid pete to the local system $ id pete $ sudo deluser pete # delete the userid - don't do this yet - What group was pete added into? - The default group is distro-specific - Local overrides are possible. - _id_ - use this to see information about a userid - After deleting the userid, what was left behind? Examples - Putting a Userid into a Group $ sudo gpasswd -M pete {group} $ id pete - What group was pete added into? Break! Break - 5 minutes Permission Modes Number Ref Octal Permission Representation === === ================================== 0 --- None 1 --x Execute 2 -w- Write 3 -wx Execute and write : 1 (execute) + 2 (write) = 3 4 r-- Read 5 r-x Read and execute : 4 (read) + 1 (execute) = 5 6 rw- Read and write : 4 (read) + 2 (write) = 6 7 rwx All : 4 (read) + 2 (write) + 1 (execute) = 7 Beginning File and Directory Permissions (chmod) [] drwxrwxrwx - ls -l Basic File Permissions - Octal values - 4 Sets of Octal groups, 3 are mandatory - 32-bits - 1st Octal - symlink or directory or adv stuff - not usually used - 2nd Octal - Owner permissions - 3rd Octal - Group permissions - 4th Octal - Other permissions Example: Basic File Permissions $ cd /tmp $ touch foo $ chmod 0400 foo $ chmod 0600 foo $ chmod 664 foo $ chmod 644 foo $ chmod 752 foo $ chmod 750 foo $ chmod 777 foo # only for lazy people who don't understand security - Check the file permission changes after each command. - What permission is the default in your environment? - What permissions are given to the Owner, Group and Others? - Why should 777 permissions NEVER EVER be used? Example: Basic File Permissions Symbols $ cd /tmp $ chmod g=rwx foo $ chmod g+s foo $ chmod o-a foo $ chmod o+r foo $ chmod u=rwx,g=rw,o=r foo $ chmod ugo+r,u+wx,g+w foo - Check the file permission changes after each command. Example: Basic Directory Permissions $ cd /tmp $ mkdir boo $ chmod 740 boo $ cd boo ; cd .. $ chmod 644 boo $ cd boo ; cd .. $ chmod 711 boo $ chmod 775 boo $ chmod 550 boo - Check the directory permission changes after each command. - A directory without eXecute isn't very useful - A directory without eXecute isn't very useful - A directory without eXecute isn't very useful - A directory without eXecute isn't very useful Working Together 1. Put everyone into the same group. 2. Create a directory where they can share files. 3. Make the group on that empty directory have rws permissions $ sudo gpasswd -M user1,user2,user3 ourgroup $ mkdir -p /tmp/Workspace $ chmod g=rwxs Workspace $ ls -l Workspace drwxrws--- owner group Workspace/ $ chgrp ourgroup Workspace $ ls -l Workspace drwxrws--- owner ourgroup Workspace/ More Working Together drwxrws--- owner ourgroup Workspace/ - Which userids can setup something like this? Any limitations? - Tell the group members that the directory exists and wants their files. - What happens when any group member creates a new file in that directory? Not the Whole Story on Permissions - There ARE other permissions that we didn't touch on. - Other ways to set permissions - chattr - sorta like MS-DOS attribs - ACLs - Requires extra file system support - Generally not used. - Normal Unix permissions are extremely flexible Calendar September October November Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 7 1 2 3 4 3 4 5 6 7 8 9 8 9 10 11 12 13 -- 5 6 7 8 9 10 -- 10 11 12 13 14 15 16 15 16 17 18 19 20 21 12 13 14 15 16 17 -- 17 18 19 20 21 22 23 22 23 24 25 26 27 28 19 20 21 22 23 24 -- 24 25 26 27 28 29 30 29 30 31 26 27 28 29 30 - -- means no meeting Thanks / Feedback - Thanks for coming. - Please let us know how we are doing. - Slides are here: lpi.jdpfu.com/2017-Fall/17-10-07-Unix_Permissions.html - Email - DJPfulio - at - jdpfu.com blog.jdpfu.com