M01: Introduction to Operating Systems
 TU1: Installing, configuring and exploiting a computer system
 ASIX1
 Practical Exercise 6a: Permissions and ownership - I
 25-11-12

Practical Exercise 6a: Permissions and ownership - I

GENERAL CONDITIONS
1- Deadline ASIX1 (Catalan): On 5-12-13
    Deadline DAW1 (English): On 11-12-13
2- Send your report as a PDF file attached to an e-mail with the following specifications:
     a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending on who is your teacher
     b) File Name:
        b.1) ASIX1 (Catalan): asix1_surname_name_m01tu01pr6a.pdf
        b.2) DAW1 (English): daw1_surname_name_m01tu01pr6a.pdf
     c) Subject:
       c.1) ASIX1 (Catalan): asix1_surname_name_m01tu01pr6a
       c.2) DAW1 (English): daw1_surname_name_m01tu01pr6a
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular
6- Page numbering on footer bar

PERMISSIONS AND OWNERSHIP: DOCUMENTATION

1- Introducction
Linux supports two methods of controlling who can access a file or folder and how they can acces it: a) tradional Linux access permissions,  b) ACL (Access Control Lists), which provide finer-grained control of access permissions. This practical exercise discuss the first method.

2- Traditional Linux access permission
You should always remember the following 4 ideas:
1- Files and folders have a set permissions. These permissions or access rights are assigned to users and groups. Permissions control the ability of the users to view or make changes to the contents of a file or folder.
2- Four types of users can access a file or folder: a)  owner: the owner of the file, b)  group: any user member of a particular group (special group) that the file is associated with, c)  other: everyone else, d) root: root user.
3- A user can attempt to access a file or folder in three ways by trying to: a)  read from, b) write to or c)  execute it. 
4- You can use four differents command-line utilities to display and change permissions and ownership  for any file or folder: a) ls  -l, b) chmod, c) chown and d) chgrp.

2.1- ls -l command: Displays access permissions
When you call ls with -l option and the name of a file/folder, the command ls displays a line of information about the file. For instance:
alumnuser1@computer1:~>ls  -ls  tasks.txt
-rwxr-xr-- 1 alumn students 465 22 may  2011 README

From left to right, the line contains the following informartion:
Type
 Persmissions
 Number of Links
 Owner
 Group
 Additional Infomations
-
 rwxr-xr--
 1
 alumn
 students
 465 22 may 2011 README.txt
for  a file
d for a folder
l for a link
 indicates read permission
w indicates write permission
x indicates execute permission
- The user does not haver the permission in that position
 1 for a file
1 or more for a folder
 Name of the owner
 Name of the special group
Size in bytes
The date and time the file/folder was created or modified
The name of the file or folder

The nine characters of Permissions are divided in three groups:
a) First group (characters from 1st to 3rd): The first three characters specify the access permission for the owner of the file/folder
b) Second group (characters from 4th to 6th): The next three characters specify the access permission for the special group.
c) Third group (characters from 7h to 9th): The last  three characters specify the access permission for the other group.


2.2- chmod command: Changes access permissions
a) Description: The chmod command-line utility changes the access permissions of a file or folder
b) Synopsis:  chmod  <permissions>  file_or_folder_name
c) Permissions in numeric mode: A three digit number in octal format (0 to 7):
0 octal => 000 binary => ---
1 octal => 001 binary => --x
2 octal => 010 binary => -w-
3 octal => 011 binary => -wx
4 octal => 100 binary => r---
5 octal => 101 binary => r-x
6 octal => 110 binary => rw--
7 octal => 111 binary => rwx
d) Permissions in symbolic mode:  ugoa (user/group/other/all), +/- (add/remove),  rwx (read,write,execute)
e) Examples:
    chmod  754 prova.sh  => a) owner permissions: read, write and excute, b) group permissions: read and execute, c) other permissions: read.
    chmod  640 prova.sh  => a) owner permissions: read, write b) group permissions: read c) other permissions: no.
    chmod  314 prova.sh  => a) owner permissions: write and execute b) group permissions: execute) other permissions: read.
    chmod  u+r prova.sh => Adding read permissions to owner user.
    chmod g-x  prova.sh => Removing execute permissions to group.
    chmod a+x prova.sh => Adding execute permissions to all (everyone).
    chmod ug+rw prova.sh => Adding read and writr permissions to owner user and group.
    chmod ugo-wx prova.sh => Removing write and execute permissions to owner user, group and others (a=ugo).
f) Recursive option -R for folders --> chmod -R  <permissions>  folder_name. Example: chmod -R  755  /home/alumn1. Permissions of all files and folders in /home/alumn will be changed to rwxr-xr-x using this single command.

2.3- chown command: Changes user and group ownership
a) Description: The chown command-line utility changes the owner and group of a file/folder.
b) Synopsis 1:  chown  <new_owner:new_group>  file_or_folder_name
c) Synopsis 2:  chown  <new_owner>  file_or_folder_name
d) Examples:
     chown  etpclot:users  prova.sh  => Changes to user etpclot and group users the ownership of file prova.sh.
    chown  etpclot  prova.sh  => Changes to user etpclot  the ownership of file prova.sh.
e) Recursive option -R for folders --> chown -R  <new_owner:new_group>  folder_name. Example: chown -R  etpclot:users  /home/alumn1. Ownership of all files and folders in /home/alumn will be changed to etpclot:users using this single command.

2.4- chgrp command: Changes group ownership
a) Description: The chgrp command-line utility changes the group of a file/folder.
b) Synopsis:  chgrp  <new_group>  file_or_folder_name
d) Examples:
     chgrp users  prova.sh  => Changes to users the group of file prova.sh.
    chown users  /home  => Changes to users the group of folders /home.
e) Recursive option -R for folders --> chgrp -R  <new_group>  folder_name. Example: chown -R  users  /home. Group of all files and folders in /home will be changed to users using this single command.
2.5.- id command: Group membership
a) Description: The id command-line utility print an effective list of groups from which it is a member.
b) Synopsis:  id
PRACTICAL EXERCISE
1.- Copy and paste the next script
# Script to print current local date and time
#
#!/bin/bash
clear
DATE=$(date +%x)
TIME=$(date +%X)
PWD=$(pwd)
echo "Hello $USER"
echo "Local Date: $DATE"
echo "Local Time: $TIME"
echo "Current Folder: $PWD"
echo "Listing current folder:"
ls -l 
exit 0
Save the script in a file with the following specifications:a) Folder: home folder. b) File Name: script00.sh.
2- Display the persmission and ownership of script00.sh. Check whether or not this script is an executable file. Check whether or not you are able to execute this script.
3- Using the numeric mode, change permissions of script00.sh to: a) owner: read, write, execute, b) group: read, execute and c) other: execute.Check whether or not you are able to execute this script.
4- Using the numeric mode, change permissions of script00.sh to: a) owner: write, execute, b) group: execute and c) other: none.Check whether or not you are able to open this script using nano. or cat. What's happening?
5- Are you able to execute script00.sh. Why?
6- Using the numeric mode, change permissions of script00.sh to: a) owner: read, execute, b) group: read and c)other: none. Are you able to display the contents of script00.sh file?. Why?.
7- Are you able to modify the contents of script00.sh file?. Why?
8- Print the effective effective list of groups from which your users  is a member.
9- Create a folder called folder00 in your home folder. Display the persmission and ownership of folder00. Try to change to folder00. Is it possible?. Why?.
10- Using the numeric mode, change permissions of  folder00 to: a) owner: read b) group: read  and c) other: read. Try to change to folder00. Is it possible?. Why?.
11- Using the numeric mode, change permissions of  folder00 to: a) owner: read,execute b) group: read,execute  and c) other: read,execute. Try to change to folder00. Is it possible?. Why? Try to create a new folder called folder01 inside the folder00.Is it possible?. Why?
12- Using the numeric mode, change permissions of  folder00 to: a) owner: write,execute b) group: write,execute  and c) other: write,execute. Try to change to folder00. Is it possible?. Why? Try to list the contents of folder00.Is it possible?. Why?