Hello guys welcome back to HackerHeaven,today we will learn about the system security of the linux distros...very preciesly..so..we are going to look at this essential part of system security and introduce the following commands:
● id – Display user identity
● chmod – Change a file's mode
● umask – Set the default file permissions
● su – Run a shell as another user
● sudo – Execute a command as another user
● chown – Change a file's owner
● chgrp – Change a file's group ownership
● passwd – Change a user's password
i hope you enjoyed my previous articles too...
here are some things straight forward but instead you have too know it..
command : id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
So where does this information come from? Like so many things in Linux, from a couple
of text files. User accounts are defined in the /etc/passwd file and groups are defined
in the /etc/group file. When user accounts and groups are created, these files are
modified along with /etc/shadow which holds information about the user's password.
For each user account, the /etc/passwd file defines the user (login) name, uid, gid,
the account's real name, home directory, and login shell. If you examine the contents of
/etc/passwd and /etc/group, you will notice that besides the regular user accounts,
there are accounts for the superuser (uid 0) and various other system users.
over all ..if you really wanna to dive into the linux directories...for this you have to executes some commands..these are listed below...
1.this command will list all the owners..
ubuntu@ubuntu:~$ less /etc/passwd >FileName.txt
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
here FileName.txt is an txt file where you can print the output of the commands executed by the command.. less /etc/passwd ..you can easily read out the content inside the /etc file
for samle you can see above.
2.this command will list out all the groups exits in the ubuntu..
ubuntu@ubuntu:~$ less /etc/group >GroupNames.txt
here again GroupNames.txt is the file which will store the ouput of the command less /etc/group ,actually above output is for sample out only..
Reading, Writing, And Executing:
now lets talk about more deeper about our main topic..
Access rights to files and directories are defined in terms of read access, write access, and
these are represented in terminal output by charecter 'r' ,'w' and 'x' respectively.
If we look at the output of the ls command, we can get some clue as to
how this is implemented:
ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
The first ten characters(- rw-rw-r--) of the listing are the file attributes. The first of these characters('-' or 'd' or 'l') is the file type. Here are the file types you are most likely to see (there are other, less common types too):
Attribute File Type
- A regular file.
d A directory.
l A symbolic link. Notice that with symbolic links, the remaining file
attributes are always “rwxrwxrwx” and are dummy values. The real
file attributes are those of the file the symbolic link points to.
c A character special file. This file type refers to a device that
handles data as a stream of bytes, such as a terminal or modem.
b A block special file. This file type refers to a device that handles
data in blocks, such as a hard drive or CD-ROM drive.
ok these are the some of the attribute which are used to represent the 'file type'
like in this '-rw-rw-r--' by seeing the first charector we can recognised the this file conatain regular type of file....here are some detail description about the owners,groups and world...have a close look on it...that will more effective..to understand the outputs..
all these nine 'file mode' charecter actully reprent the three types of owners...by the group of three charecters..
Owner Group World
rwx rwx rwx
now we actually have to now more about the attributes of the output more clearly...so by this way it very easy to understand the output meaning..
Allows a file to be opened and
Allows a directory's contents to
be listed if the execute attribute
is also set.
Allows a file to be written to or
truncated, however this attribute
does not allow files to be
renamed or deleted. The ability
to delete or rename files is
determined by directory
Allows files within a directory
to be created, deleted, and
renamed if the execute attribute
is also set.
Allows a file to be treated as a
program and executed. Program
files written in scripting
languages must also be set as
readable to be executed.
Allows a directory to be
entered, e.g., cd directory
Here are some examples of file attribute settings read it and try to understand it..
File Attributes Meaning
-rwx------ A regular file that is readable, writable, and executable by the
file's owner. No one else has any access.
-rw------- A regular file that is readable and writable by the file's owner.
No one else has any access.
-rw-r--r-- A regular file that is readable and writable by the file's owner.
Members of the file's owner group may read the file. The file is
-rwxr-xr-x A regular file that is readable, writable, and executable by the
file's owner. The file may be read and executed by everybody
-rw-rw---- A regular file that is readable and writable by the file's owner
and members of the file's group owner only.
lrwxrwxrwx A symbolic link. All symbolic links have “dummy”
permissions. The real permissions are kept with the actual file
pointed to by the symbolic link.
drwxrwx--- A directory. The owner and the members of the owner group
may enter the directory and, create, rename and remove files
within the directory.
drwxr-x--- A directory. The owner may enter the directory and create,
rename and delete files within the directory. Members of the
owner group may enter the directory but cannot create, delete
or rename files.
i hope these are the pretty much stuff to understand the my point...
now it time to maniulate these things using terminal...these things mean file mode..offcourse their is an GUI mode to change all this stuff easily but in state when you have to change an multiple of file with different file mode to an different mode then it will become more complicate too do it through GUI mode...i hope you get the point...
lets introduce a new commands to you..
chmod – Change File Mode
To change the mode (permissions) of a file or directory, the chmod command is used. Be
aware that only the file’s owner or the superuser can change the mode of a file or directory.
ubuntu@ubuntu:~$ chmod --help
Usage: chmod [OPTION]... MODE[,MODE]... FILE...
or: chmod [OPTION]... OCTAL-MODE FILE...
or: chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's mode instead of MODE values
-R, --recursive change files and directories recursively
--help display this help and exit
--version output version information and exit
chmod supports two distinct ways of specifying mode changes: octal number representation,
or symbolic representation. We gonna introduce you first with octal number..
With octal notation we use octal numbers to set the pattern of desired permissions. Since
each digit in an octal number represents three binary digits, this maps nicely to the
scheme used to store the file mode. This table shows what we mean:
and you know the things about binary that
'0' represent low,off condition
'1' reprent high ,on etc. conditions
and more thing that..all the file mode charecters are represent in a way...
'rwx' or 'read,write,execute' way only
so the binary '101' reprent this file mode as 'r-x'...where 'w' or 'write' mode in null mean their is no permission..
these are the representation to represent these file mode..
lets have a look in the table this will make my point very clearly..
Octal Binary File Mode
0 000 ---
1 001 --x
2 010 -w-
3 011 -wx
4 100 r--
5 101 r-x
6 110 rw-
7 111 rwx
so,By using three octal digits, we can set the file mode for the owner, group owner, and
world ..i hope you get it very well ..lets impliment our concept to change the file modes...
ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
ubuntu@ubuntu:~$ chmod 600 zerocool.txt|ls -l zerocool.txt
-rw------- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
so you can see how permission can be easily change by using only one line of command.
actully what we do here..By passing the argument “600”, we were able to set the permissions of the owner to read and write while removing all permissions from the group owner and world. Though remembering
the octal to binary mapping may seem inconvenient, you will usually only
have to use a few common ones: 7 (rwx), 6 (rw-), 5 (r-x), 4 (r--), and 0 (---).
chmod also supports a symbolic notation for specifying file modes. Symbolic notation is
divided into three parts: who the change will affect, which operation will be performed,
and what permission will be set. To specify who is affected, a combination of the characters
“u”, “g”, “o”, and “a” is used as follows:
u/user the file or directory owner.
g/group Group owner.
a /all The combination of “u”, “g”, and “o”.
If no character is specified, “all” will be assumed.
The operation may be a
that a permission is to be added,
that a permission is to be taken away,
a “=” indicating
that only the specified permissions are to be applied and that all others
are to be removed.
Permissions are specified with the “r”, “w”, and “x” characters. Here are some examples
of symbolic notation:
u+x Add execute permission for the owner.
u-x Remove execute permission from the owner.
+x or Equivalent to a+x. Add execute permission for the owner, group, and world.
o-rw Remove the read and write permission from anyone besides the
owner and group owner.
go=rw Set the group owner and anyone besides the owner to have read and
write permission. If either the group owner or world previously had
execute permissions, they are removed.
u+x,go=rx Add execute permission for the owner and set the permissions for
the group and others to read and execute. Multiple specifications
may be separated by commas.
Symbolic notation does offer the advantage of allowing you to set a single attribute without disturbing any of the others.
but some folk use the octal notation rather than symbolic...but guy you have freedom use any of them which one suitable for you.
but for futher reading about chmod command you can read its manual page in your system but here i add an text for its manual read it here ..or just write command in your terminal as...
ubuntu@ubuntu:~$ man chmod
or you can redirect your output into an folder..
ubuntu@ubuntu:~$ man chmod >CHMODManual.txt
that's it for today we will see all other commands in the later article section .
comment below in below box for any query or you can join my command community box in facebook.
see you their..
until next article this is ..