diff --git a/5_users_and_rights.md b/5_users_and_rights.md new file mode 100644 index 0000000000000000000000000000000000000000..aebedea39bedadcc90f6a267f2e925d377f1f11d --- /dev/null +++ b/5_users_and_rights.md @@ -0,0 +1,184 @@ +--- +title: Users and rights + +--- + +# Users and rights + +[](http://creativecommons.org/licenses/by-sa/4.0/) + +Objective: Understand how rights works in GNU/Linux + +GNU/Linux and other Unix-like OS are multiuser, this means that they are designed to work with multiple users connected simultaneously to the same computer. + +There is always at least one user: the **root** user + +- It’s the super user +- he has every right (we can say that he ignores the right system) +- this account should only be used to administer the system. + +There can also be other users who + +- have rights +- belong to groups +- the groups also have rights + +## File rights + +Each file is associated with a set of rights: + +- `-` nothing +- `r` **r**eading right +- `w` **w**riting right +- `x` e**x**ecution right + +Check your set of rights on your `.bashrc` file + +```sh +ls -l ~/.bashrc +``` + +The first column of the `ls -l` output show the status of the rights on the file + + + +``` + rwxr-xr-- + \ /\ /\ / + v v v + | | others (o) + | | + | group (g) + | + user (u) +``` + +- the 1st character is the type of the file (we already know this one) +- he 3 following characters (2 to 4) are the **user** rights on the file +- the characters 5 to 7 are the **group** rights on the file +- the characters 8 to 10 are the **others’** rights on the file (anyone not the **user** nor in the **group**) + +To change the file rights you can use the command `chmod` + +Use the command `ls -l` to check the effect of the following options for `chmod` + +```sh +chmod u+x .bashrc +``` + +```sh +chmod g=rw .bashrc +``` + +```sh +chmod o+r .bashrc +``` + +```sh +chmod u-x,g-w,o= .bashrc +``` + +What can you conclude on the symbols `+` , `=`, `-` and `,` with the `chmod` command ? + +The default group of your user is the first in the list of the groups you belong to. You can use the command `groups` to display this list. What is your default group ? + +When you create an empty file, system default rights and your default groups are used. You can use the command `touch` to create a file. + +```sh +touch my_first_file.txt +``` + +What are the default rights when you crate a file ? + +You can create folders with the command `mkdir` (**m**a**k**e **dir**ectories). + +```sh +mkdir my_first_dir +``` + +What are the default rights when you create a directory ? Try to remove the execution rights, what appends then ? + +You can see the **/root** home directory. Can you see it’s content ? Why ? + +Create a symbolic link (`ln -s`) to your **.bashrc** file, what are the default rights to symbolic links ? + +Can you remove the writing right of this link ? What happened ? + +## Users and Groups + +We have seen how to change the right associated with the group, but what about changing the group itself ? The command `chgrp` allows you to do just that: + +```sh +chgrp audio .bashrc +``` + +The command `id` show the same information, but with some differences what are they ? + +Can you cross this additional information with the content of the file `/etc/passwd` and `/etc/group` ? + +What is the user *id* of **root** ? + +Now the next step is to change the owner of a file, you can use the command `chown` for that. + +```sh +chown ubuntu my_first_file.txt +``` + +You can change the user and the group with this command: + +```sh +chown ubuntu:audio my_first_file.txt +``` + +What are the rights on the program `mkdir` (the command `which` can help you find where program file are) ? + +Can you remove the execution rights for the others ? + +The command `cp` allows you to **c**o**p**y file from one destination to another. + +```sh +man cp +``` + +Copy the `mkdir` tool to your home directory. Can you remove execution rights for the others on your copy of `mkdir` ? + +You cannot change the owner of a file, but you can always allow another user to copy it and change the rights on its copy. + +## Getting admin access + +Currently you don’t have administrative access to your VM, this means that you don’t have the password to the *root* account. Another way to get administrative access in Linux is to use the `sudo` command. + +You can read the documentation (manual) of the `sudo` command with the command `man` + +```sh +man sudo +``` + +Like for the command, `less` you can close `man` by pressing **Q**. + + + +On Ubuntu, only members of the group **sudo** can use the `sudo` command. Are you in this group ? + +**The root user can do everything in your VM, for example it can delete everything from the `/` directory but it’s not a good idea (see the [Peter Parker principle](https://en.wikipedia.org/wiki/With_great_power_comes_great_responsibility))** + +One advantage of using a command line interface is that you can easily reuse command written by others. Copy and paste the following command in your terminal to add yourself in the **sudo** group. + +```sh +docker run -it --volume /:/root/chroot alpine sh -c "chroot /root/chroot /bin/bash -c 'usermod -a -G sudo etudiant'" +``` + +We will come back to this command later in this course when we talk about virtualisation. + +You have to logout and login to update your list of groups. To logout from a terminal, you can type `exit` or press **ctrl** + **d**. + +Check your user information with the `sudo` command + +```sh +sudo id +``` + +You can try again the `chown` command with the `sudo` command. + +Check the content of the file `/etc/shadow` , what is the utility of this file (you can get help from the `man` command). + diff --git a/Makefile b/Makefile index cc5caa9c80b4fe5523bd650fac591d600618294b..30dc75d57fe8e0f16718881e37c8136acad59048 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -all: index.html 1_understanding_a_computer.html 2_using_the_ifb_cloud.html 3_first_steps_in_a_terminal.html 4_unix_file_system.html +all: index.html 1_understanding_a_computer.html 2_using_the_ifb_cloud.html 3_first_steps_in_a_terminal.html 4_unix_file_system.html 5_users_and_rights.html index.html: index.md github-pandoc.css pandoc -s -c github-pandoc.css index.md -o index.html @@ -15,3 +15,5 @@ index.html: index.md github-pandoc.css 4_unix_file_system.html: 4_unix_file_system.md github-pandoc.css pandoc -s --toc -c github-pandoc.css 4_unix_file_system.md -o 4_unix_file_system.html +5_users_and_rights.html: 5_users_and_rights.md github-pandoc.css + pandoc -s --toc -c github-pandoc.css 5_users_and_rights.md -o 5_users_and_rights.html diff --git a/img/user_right.png b/img/user_right.png new file mode 100644 index 0000000000000000000000000000000000000000..38447517b8c16d642f6ab26269e7286b5db8641b Binary files /dev/null and b/img/user_right.png differ diff --git a/index.md b/index.md index 3f687f32c88e9a090c9729f790d11eeea5936c9a..fe25d37000ac617cc6d8650dec3a34c006537dea 100644 --- a/index.md +++ b/index.md @@ -8,4 +8,6 @@ title: # Unix / command line training course 2. [Using the IFB cloud](http://perso.ens-lyon.fr/laurent.modolo/unix/2_using_the_ifb_cloud.html) 3. [First step in a terminal](http://perso.ens-lyon.fr/laurent.modolo/unix/3_first_steps_in_a_terminal.html) 4. [The Unix file system.](http://perso.ens-lyon.fr/laurent.modolo/unix/4_unix_file_system.html) +5. [Users and rights](http://perso.ens-lyon.fr/laurent.modolo/unix/5_users_and_rights.html) +