Permissions & chmod

[00:00:00]
>> Next, I want to talk about permissions, because we've done some permission changing, right? Anybody remember the command we use to change permissions?
>> chmod.
>> chmod, yeah, that's right. I was asking you to say like, hey, chmod this file, chmod this file with these numbers, but they don't really make a lot of sense.

[00:00:21]
But they do if you understand the math a little bit. And it's a little bit of math, don't worry. It's very, very simple math. But it makes these weird rwx and dashes, and stars, and all these things make a little bit more sense. So, when we look at our file system, remember that command, ls -la shows the hidden files and their permissions.

[00:00:47]
You see all these rwx, rwx, rwx, rwx dash, what does that mean? Well, the r stands for read. It's saying you're allowed to read the file, right? W is for write, the x for execute, I don't know why it's not e, just the way things are. And then these permissions are broken up into groups.

[00:01:07]
You have the owner group. You have your group group, and we have everyone else. So in my case, my user's name is Jem. So the owner would be Jem, me. The group is actually the pseudo of users because that's the only group I'm a member of right now.

[00:01:23]
Then the everyone else's, this one is not me, not in my group. So now, when we look at these permissions again, For, let's say app.js, I have read write permission, but not execute because I'm not trying to execute it via, I can't execute it directly. I'm gonna use node.

[00:01:44]
Hence, it's a blank. And then my group is allowed to read and write, but not execute. Everyone else is just allowed to read, they're not allowed to write. So hopefully that makes a little bit more sense in terms of these kind of what looks like random characters now, you understand, they actually mean something.

[00:02:04]
Depending on which context you're trying to look at, the owner of the group or everyone else. But you're like, Jem, what about those numbers? Those numbers don't make a lot of sense cuz we weren't directly chmoding and saying read, write, execute, which you can. We're using numbers as shorthand.

[00:02:21]
What do those mean? So read has a value of 4 in octal numbers. Remember octal is base?
>> Eight.
>> Base eight, that's right. So read has value of 4, write has value of 2, execute has value of 1. And using these combinations of numbers, you can do things with numbers and the math that make perfect sense now.

[00:02:46]
So anybody who's ever like, my files is not working. And someone's like, why don't you just chmod 777? Anybody use that one? Yeah, that's the anybody can do anything anytime, anywhere, command. I've used it personally cuz I don't understand the permissions, so I'm just gonna open them to everybody.

[00:03:04]
You generally don't wanna do that, but we see if you read, write, execute, that's 4 + 2 + 1, that's 7. 4 + 2 + 1, that's 7. And that's why it's 777. Now, earlier in the exercise when we were doing the git permissions for your GitHub key.

[00:03:20]
And it had to be locked down because ssh is very, very particular about the permissions for a good reason, we were doing chmod 600. And what does that mean? By using the math, we say that means only I am allowed to read and write, and no one else is allowed to do anything else.

[00:03:40]
So, now we look at these, again, these kind of the gibberish of numbers, and you understand, they actually amount to numbers and the numbers make sense. You don't have to use numbers, but they're definitely much easier shorthand than trying to do it read write execute, read write execute.

[00:04:03]
And here's a nice cheat sheet I like to use. Again, it calls the 777. You really don't wanna do that. You generally want the concept of the least permissions as possible. You want it to be as locked down to yourself or whoever actually needs to do something. Cuz again, if someone gets into your server or there's another user on server who's like, I don't know, fumbling around, they can delete stuff that you're like, why did you touch that?

[00:04:34]
But at a certain point, it's kinda like being a parent, if I leave a glass vase out for my kid and he breaks the vase, that's on me. So if I have a server and I have users that have permissions to do anything, and they're like, hey, I just rm dash rf slashed, because someone on the Internet told me it'd be funny.

[00:04:52]
And they wipe your server, that's on you. You shouldn't have given that permission. So hence, we always wanna follow the principle of least permissions as possible for all our users.