Transcript from the "Group Permissions" Lesson
>> Okay, so now I exit I'm back to primary. And let's talk about permissions now. Yeah, let's go ahead and do that. So actually, I'm gonna go back to being Brian cuz that was a fun experience. So again, I'm here as Brian, and where am I? Let's go to users, Not users, home, /ubuntu.
[00:00:45] Okay, so I'm inside of Ubuntu's home directory and you can see here this is all owned by Ubuntu, Ubuntu. So if I try and, For example here I try to, Vi another file.txt. So I vi another file.txt. Notice down here it says, read only, why is that? Well, it's because Brian doesn't have access to the ability to read and write inside of Ubuntu's directory.
[00:01:19] So if I come in here and I try and say, it even says changing a read only file. Then I come down here and say right quit. It's gonna say, I told you like seven times, this is read only. This is read only is because you don't have any permissions to write, read or write here.
[00:01:36] So, what I'll have to do here is say quit with an exclamation point and say quit without saving, okay? And let's talk about why that is. If you look here at another file.txt, this is gonna be we're looking at. This little like hieroglyphics that we have right here, these are the permissions of the file.
[00:02:15] So home here means it's a folder, right, that's what that d means. There's a handful of others, I think I wrote them down here. There's like binary files. There's a bunch of other stuff that doesn't really matter. The only two that really you see a whole lot of our normal files and directory files.
[00:02:37] Let's see, The next r, w, x, that is the, Yeah, so these are all file permissions. So you'll notice it says rwx, rwx, rwx, right? So I'm trying to make sure that I read it the correct way. Yep, so the first one is the user permissions, right? So, rwx here means that this can be read, written to or executed by Ubuntu.
[00:03:12] So it's the specific user that's listed here, okay? The next rwx here is the group. So this means that this file can be read, written, or executed by anyone in the Ubuntu, that's the Ubuntu user or anyone it's in the Ubuntu group. These just happen to be named the same thing they don't have to be, right?
[00:03:37] This could be like the readers group or something like that. The last r-x here is the everyone else group. So in this, is a directory, right? So this means that anyone that's not either in the group or this user can read from it, they can execute it, but they cannot write to it.
[00:04:03] So again, let's look here this another file that tar or sorry, not another file that txt this one right here. It's a flat file. This can be read to or written to by the user. It cannot be executed. This can be read to or written to, but it cannot be executed by the group.
[00:04:21] And it can be read by everyone else, but it can't be read or executed by anyone else. So that's what that means. Make sense so far? So that's why Brian or cannot write to another file.txt. It's because Brian can read it, Brian has our permissions here from the other, right, but he cannot write to it.
[00:04:51] Because he doesn't have any permissions to do that. I'll talk about the xd can execute later but basically means like, if it's like a binary or like a command, it can be ran as a command, so like LS, right? So if we look at ls -las /bin, you'll notice that all of these have x permissions, right?
[00:05:13] So like tar, that's what we've been using, right? It means anyone can execute for, like for example, Brian can't write to tar here. Does that make sense, okay. So where am I? Let's go back to, This dot right here, this top one represents the directory that we're in this moment in time, which means that it's owned by Ubuntu and the Ubuntu group.
[00:05:46] And Brian does not have write permissions on this folder. So if I try and do touch brian.txt, it's gonna say, Brian can't write here. Now, I absolutely could say, sudo touch brian.txt, but then who is gonna own the file? So if I have brian.txt now look who owns it.
[00:06:11] Root, root owns it. And what's even kind of more insulting is that not even Ubuntu can now read or write to this. Because you'll see here that there's only read permissions for anyone besides the root user. Go ahead and remove that. Actually, let's keep rolling with that. All right, well, yeah.
[00:06:45] So let's talk about like ways that we can kind of mitigate this. I'm gonna exit this out and so I'm gonna be now as Ubuntu, let's go ahead and go to the root directory. We kind of already talked about this a little bit. I wanna make a hello, but I can't do that as Ubuntu.
[00:07:05] So instead what I'll do is I'll make a directory, I'll sudo make a directory. So now I have a hello directory here. But this is owned by root root. What happens if I want Ubuntu to be able to read and write to this? So I can use something called, Go inside hello here, right?
[00:07:28] And I can't even still touch hello.txt. Ubuntu cannot read and write into this hello directory. So what I wanna do, Is I'm gonna say sudo change ownership. So that's what ch own or chown, if you wanna say it that way, don't say it that way. I can change the ownership from root root to Ubuntu, like this.
[00:08:01] And again, that's the Ubuntu user and the Ubuntu group, those could be different names. And then I wanna change that to /hello. So now if I look at the user permissions here, you'll see that Ubuntu owns this now. So now, again, in Ubuntu, I can say touch hello.txt.
[00:08:25] And now it works, because Ubuntu actually owns this directory now, and can do whatever they want there. So that's when you'll see change ownership a lot you'll be changing ownership probably from the root directory or root user to a user. Cuz again, like I can't, if I say su Brian, Brian can't write here, right?
[00:08:55] So this would be like one opportunity that you can make a directory that only one user can write to and then no one else can. So makes sense about permissions for users? So this is one way of going about this. You can like scope it down to users, but you can also change the, so let's take a look at this hello.txt that I just created here.
[00:09:21] This has read permissions for everybody, but only Ubuntu user or Ubuntu group people can write to it. What if I wanna make it so anybody can write to this file and it doesn't really matter who owns it? You can use something called chmod. What I can actually end up doing here is I'm gonna say sudo chmod.
[00:09:44] So I'm gonna change the permissions on the file. And I'm going to say, u=urw, g=rw and I think it's o, yeah, o=rw, so the o stands for other, so user group other for hello.txt. So now if I look at this again, you can see now anybody can read and write to this.
[00:10:17] So if I switch users to Brian now, and I say, touch brian.txt, one, don't touch me, absolutely don't touch me. But you can touch this folder, I gave you permissions to touch the folder. So, if I say touch brian.txt, now do you think this is gonna work? No, why is that?
[00:10:38] So Brian didn't get to the to the directory, Brian got permissions to the file. But it's so I can say vi hello.txt. And I can say hello this was written by brian, right quit. Yeah, right quit exclamation point cuz it doesn't have permissions in the directory. But now I can say exit and I can come back out here and I can cat hello.txt and look, that was actually written out by Brian.
[00:11:26] Makes sense? Cool, so if I wanted to do that by the directory as well, I could absolutely come in here and say change mod for that. Instead of changing it for the file, I can just put periods represent this directory or /hello if you wanna be more verbose, I'm just gonna put period.
[00:11:46] And now, you have to give it x for directories as well. So, come in here and you have to add x, For the directory for hello. And now if you go into hello, you can see I can switch users into brian. And I can say touch brian.txt and now it will allow Brian to create the file and here you can take a look.
[00:12:19] And you can see that we created a brian.txt and this is owned by brian brian. Despite the fact that this is a directory owned by Ubuntu. Make sense? So that's what change chmod is for. It's messing with those permissions for groups and users. I'll be honest, I almost always and just adding permissions to a file like usually it's either adding an executable permission or making it more permissive or less permissive for users.
[00:12:49] But I don't really modify the group permissions very much cuz I don't usually mess too much with group permissions.