Commit 70c2114e authored by Jyothis Jagan's avatar Jyothis Jagan
Browse files

Added session 4

parent 97d09afb
# File and User Permissions
## Users and Groups
Refer [Users and Groups Administration in Linux](https://www.debianadmin.com/users-and-groups-administration-in-linux.html)
Basically, there are three types of users - normal users, system users and an administrative user called root. Every user in the system will be identified by a unique number called uid. Similarly gid will be used for identifying groups.
`id` command can be used to find the uid of a user. uid of *root* is 0.
jyothisjagan@jyothisjagan:~$ id root
uid=0(root) gid=0(root) groups=0(root),986(adbusers)
`whoami` gives the username of the current user
jyothisjagan@jyothisjagan:~$ whoami
jyothisjagan
jyothisjagan@jyothisjagan:~$ echo $USER
jyothisjagan
`sudo` or `su` can be used to get root access in a system. **Never use root user if that can be done as a normal user.** A user has to be either in */etc/sudoers* or member in *sudo* group in order to get root access.
jyothisjagan@jyothisjagan:~$ su
Password:
root@jyothisjagan:/home/jyothisjagan#
You can also give sudo access to only specific commands to some users and there are many options to give finer access.
Let us create a user named *testuser* with the command `useradd`. *-d* option can be used to create home directory and *-D* can be used for defaults.
sudo useradd testuser
a group can be created using the command `groupadd`
sudo groupadd testgroup
The *testuser* can be added to *testgroup* using the command `usermod` or `adduser`.
sudo usermod -aG testgroup testuser
or,
sudo adduser testuser testgroup
Now, if we check the groups *testuser* is part of, we can see *testgroup* as well.
jyothisjagan@jyothisjagan:~$ groups testuser
testuser : testuser testgroup
Another commonly used group is `sbuild` when doing debian packaging. Usually sbuild needs root access, but we can add our user to sbuild group and then use sbuild command as normal user.
## File Permissions
Refer [Permissions](https://ryanstutorials.net/linuxtutorial/permissions.php)
ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 157192 ഒക്ടോ 12 19:19 /usr/bin/sudo
What is special about this set of permissions?
passwd command also has similar permissions as sudo which is easier to explain
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 63736 ജൂലൈ 27 2018 /usr/bin/passwd
`passwd` command is used to change password of a user. The password is stored in */etc/shadow*, for which write permission is present only for root. But, we should be able to change the password ourselves.
There lies the purpose of suid permissions. The letter s in the third field of permission bits present for passwd and sudo is SUID bit. passwd command or any command with that s permission will be run as the owner of that file. So passwd command or sudo command will always get executed as root user with root privilleges. so these commands with suid permissions needs to be really without any bugs as any bug can be exploited to get root access.
Refer [Sticky Bit, SUID and SGID in Linux with Examples](https://linoxide.com/how-tos/stickbit-suid-guid/)
Exercise : Create three users and add all of them to a group. Then create a directory common to all the three users where all three users can write.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment