Objective: Understand how rights works in GNU/Linux
GNU/Linux and other Unix-like OS are multiuser, this means that they are designed to work with multiple users connected simultaneously to the same computer.
There is always at least one user: the **root** user
- It’s the super user
- he has every right (we can say that he ignores the right system)
- this account should only be used to administer the system.
There can also be other users who
- have rights
- belong to groups
- the groups also have rights
## File rights
Each file is associated with a set of rights:
-`-` nothing
-`r`**r**eading right
-`w`**w**riting right
-`x` e**x**ecution right
Check your set of rights on your `.bashrc` file
```sh
ls-l ~/.bashrc
```
The first column of the `ls -l` output show the status of the rights on the file
```
rwxr-xr--
\ /\ /\ /
v v v
| | others (o)
| |
| group (g)
|
user (u)
```
- the 1st character is the type of the file (we already know this one)
- he 3 following characters (2 to 4) are the **user** rights on the file
- the characters 5 to 7 are the **group** rights on the file
- the characters 8 to 10 are the **others’** rights on the file (anyone not the **user** nor in the **group**)
To change the file rights you can use the command `chmod`
Use the command `ls -l` to check the effect of the following options for `chmod`
```sh
chmod u+x .bashrc
```
```sh
chmod g=rw .bashrc
```
```sh
chmod o+r .bashrc
```
```sh
chmod u-x,g-w,o= .bashrc
```
What can you conclude on the symbols `+` , `=`, `-` and `,` with the `chmod` command ?
The default group of your user is the first in the list of the groups you belong to. You can use the command `groups` to display this list. What is your default group ?
When you create an empty file, system default rights and your default groups are used. You can use the command `touch` to create a file.
```sh
touch my_first_file.txt
```
What are the default rights when you crate a file ?
You can create folders with the command `mkdir` (**m**a**k**e **dir**ectories).
```sh
mkdir my_first_dir
```
What are the default rights when you create a directory ? Try to remove the execution rights, what appends then ?
You can see the **/root** home directory. Can you see it’s content ? Why ?
Create a symbolic link (`ln -s`) to your **.bashrc** file, what are the default rights to symbolic links ?
Can you remove the writing right of this link ? What happened ?
## Users and Groups
We have seen how to change the right associated with the group, but what about changing the group itself ? The command `chgrp` allows you to do just that:
```sh
chgrp audio .bashrc
```
The command `id` show the same information, but with some differences what are they ?
Can you cross this additional information with the content of the file `/etc/passwd` and `/etc/group` ?
What is the user *id* of **root** ?
Now the next step is to change the owner of a file, you can use the command `chown` for that.
```sh
chown ubuntu my_first_file.txt
```
You can change the user and the group with this command:
```sh
chown ubuntu:audio my_first_file.txt
```
What are the rights on the program `mkdir` (the command `which` can help you find where program file are) ?
Can you remove the execution rights for the others ?
The command `cp` allows you to **c**o**p**y file from one destination to another.
```sh
man cp
```
Copy the `mkdir` tool to your home directory. Can you remove execution rights for the others on your copy of `mkdir` ?
You cannot change the owner of a file, but you can always allow another user to copy it and change the rights on its copy.
## Getting admin access
Currently you don’t have administrative access to your VM, this means that you don’t have the password to the *root* account. Another way to get administrative access in Linux is to use the `sudo` command.
You can read the documentation (manual) of the `sudo` command with the command `man`
```sh
man sudo
```
Like for the command, `less` you can close `man` by pressing **Q**.
On Ubuntu, only members of the group **sudo** can use the `sudo` command. Are you in this group ?
**The root user can do everything in your VM, for example it can delete everything from the `/` directory but it’s not a good idea (see the [Peter Parker principle](https://en.wikipedia.org/wiki/With_great_power_comes_great_responsibility))**
One advantage of using a command line interface is that you can easily reuse command written by others. Copy and paste the following command in your terminal to add yourself in the **sudo** group.
```sh
docker run -it--volume /:/root/chroot alpine sh -c"chroot /root/chroot /bin/bash -c 'usermod -a -G sudo etudiant'"
```
We will come back to this command later in this course when we talk about virtualisation.
You have to logout and login to update your list of groups. To logout from a terminal, you can type `exit` or press **ctrl** + **d**.
Check your user information with the `sudo` command
```sh
sudo id
```
You can try again the `chown` command with the `sudo` command.
Check the content of the file `/etc/shadow` , what is the utility of this file (you can get help from the `man` command).
