1 00:00:06,599 --> 00:00:09,529 So this video is about managing of basic Linux permissions. 2 00:00:10,609 --> 00:00:12,750 First thing to understand is file ownership. 3 00:00:13,769 --> 00:00:18,289 Permissions are assigned to user group and others, and these are the file owners. 4 00:00:19,210 --> 00:00:23,640 And by default the user who creates a file becomes a user owner and the 5 00:00:23,640 --> 00:00:28,070 primary group of that user becomes group owner and everybody else belongs to others. 6 00:00:28,910 --> 00:00:32,670 This is also referred to as ugo, which stands for user group and others. 7 00:00:34,090 --> 00:00:40,123 Standard Linux permissions allow for one user owner and one group owner for each file. And you 8 00:00:40,123 --> 00:00:46,156 can use shown to change user ownership like shown Anna Myfal or Chownanna SILS on data sils 9 00:00:46,156 --> 00:00:52,189 which would set the user owner as well as the group owner at the same time. 10 00:00:53,509 --> 00:00:59,549 The chgrp command is used to change group ownership only. So chgrp sils on 11 00:00:59,549 --> 00:01:05,590 data sils would set the group sils as owner of the data sales directory. 12 00:01:06,689 --> 00:01:11,109 So remember, whenever you are working with basic permissions, you first take care of 13 00:01:11,109 --> 00:01:15,530 ownership and then you are going to take care of the file permission mode. 14 00:01:16,689 --> 00:01:20,459 So chmod is what you use to change this file permission mode. 15 00:01:21,219 --> 00:01:25,905 There are two ways to work with chmod. First there is the absolute mode 16 00:01:25,905 --> 00:01:30,590 and in absolute mode you set permissions to yougo using these octal values. 17 00:01:31,659 --> 00:01:32,879 So chmod 750. 18 00:01:33,620 --> 00:01:38,719 What does that mean? 7 is for user, 5 is for group, 0 is for others, 7 19 00:01:38,719 --> 00:01:43,819 is 4:2:1 and that means that this command is giving a read, write and execute to the 20 00:01:43,820 --> 00:01:48,920 user and it's giving a read and execute to the group and obviously nothing to others. 21 00:01:49,530 --> 00:01:52,430 As an alternative, you can also use a relative mode. 22 00:01:53,030 --> 00:01:58,109 In relative mode you use a command like chmod x which is convenient 23 00:01:58,109 --> 00:02:03,189 to make a script executable. For instance chmod U W Regardless of your 24 00:02:03,190 --> 00:02:08,270 current setting, you are adding the write permission to the file. 25 00:02:09,129 --> 00:02:13,019 Now, as a best practice, I recommend you use absolute mode for 26 00:02:13,019 --> 00:02:16,909 full control and relative mode for quick permission changes. Let me demonstrate. 27 00:02:18,789 --> 00:02:23,873 I'm going to use sudo mkdir Data sales Oh boy, what do 28 00:02:23,873 --> 00:02:28,956 I get here? Well, I get an obvious error. I'm trying to 29 00:02:28,956 --> 00:02:34,039 create directory sales within the directory data that does not work. 30 00:02:35,159 --> 00:02:39,599 That's because data does not exist. But that's an easy fix. Use mkdir P. 31 00:02:42,099 --> 00:02:47,747 Let's get in the data directory and let's use LS L to understand what is going 32 00:02:47,747 --> 00:02:53,395 on there. You can see the sales directory, which is currently owned by user root and 33 00:02:53,394 --> 00:02:59,042 and group root. Why is that? Well, that's because user root has created it and the 34 00:02:59,042 --> 00:03:04,689 primary group of user root is the group root which is revealed by the ID command. 35 00:03:05,629 --> 00:03:10,094 Now, what do we need to do to make sure that members of 36 00:03:10,094 --> 00:03:14,560 the group Sales can write? Well, first sudo chgrp sales to sales. 37 00:03:15,379 --> 00:03:19,729 The first sales is the name of the group. The second sales is the name of the directory. 38 00:03:20,490 --> 00:03:25,770 And LS l is showing that the directory ownership has now been set correctly. 39 00:03:26,509 --> 00:03:31,930 Now I'm going to use chmod g w on Sales. 40 00:03:33,050 --> 00:03:39,240 And of course we need sudo in front of that. That's an example of 41 00:03:39,240 --> 00:03:45,430 relative mode. It works, but it's not very clear. You're probably better off using 42 00:03:45,430 --> 00:03:51,620 sudo chmod770 on sales, and that is setting the permissions in absolute mode. 43 00:03:52,659 --> 00:03:56,819 Now, there's one more thing that I need you to understand, and that is the following. 44 00:03:57,560 --> 00:04:04,039 I'm using sudo touch home anna root file. 45 00:04:05,020 --> 00:04:10,360 Now I'm opening a shell as user anna sudo su minus anna. 46 00:04:12,099 --> 00:04:18,009 And now I'm user Anna and user Anna sees this root file. Now I want you to think about the faul. 47 00:04:18,639 --> 00:04:21,660 Can user Anna delete the file? Yes or no? 48 00:04:23,620 --> 00:04:27,949 Let's analyze Sudo LS l showing the permissions on the file. 49 00:04:28,470 --> 00:04:31,199 File wise, the user has read permissions. 50 00:04:32,500 --> 00:04:36,779 LS ld is showing the permissions on the current directory where 51 00:04:36,779 --> 00:04:41,059 we see that it's Anna's home directory and Anna has write. 52 00:04:41,639 --> 00:04:48,310 And when Anna uses RM on root val, she needs to confirm, but she's definitely capable of doing so. 53 00:04:48,810 --> 00:04:54,389 You know why that is? Because deleting a file requires write permission on the directory. 54 00:04:54,930 --> 00:04:59,939 Anna has write permissions on the home directory home anna because that's the 55 00:04:59,939 --> 00:05:04,949 essence of a home directory and that's how you manage these basic permissions.