Warm greetings fellow Linux-and-FOSS lovers! 😁🙏💚✨🤙
Welcome the third issue of Let's Learn Linux! I mentioned last week that my new Dell laptop had died, and that I was intending to send it back for a refund, so that I could choose another. I was finally able to return it a few days ago, and it should have arrived at its destination today. If all goes well I'll be able to choose another one in just a few days!
Another bit of good news is I now have quite a good loaner computer with which I can continue to work with Arch Linux until my replacement computer arrives! It's a great system, though several keyboard keys don't work. Luckily I have an external keyboard, so I make it work. I'm just super grateful to have a suitable system to continue working with Linux in general, and Arch specifically!
In this week's issue of Let's Learn Linux! I'll be explaining and going over Linux Permissions, the core of the Linux-security model. This is a very large subject, so in this post I'm only going to cover the basic aspects of how this system works, and why it is so useful. I'll save more in-depth explanations for future posts.
Every file and directory in a Linux system has specific read, write, and execute permissions that differ between various users, groups, and other accounts not belonging to either. For example, any particular file or directory/folder will have user, group, and other permissions.
When permissions to perform a certain action (read, write, or execute) are verified, first the user account is checked to see if it owns the file/directory, if it does, then no further checks are performed, as it would have full read, write, and execute permissions. If the account attempting to perform an action (read, write, execute) does not own the file or directory, then it is checked whether the user belongs to the group that has at least read, and maybe write and execute permissions. Group-level access may be restricted to just read, or read and write, with execute very often restricted. The other level is for accounts not belonging to either the user or group categories, and hence it will have the most restricted permussions.
Every file and directory has:
User Permissions
+Read/+Write/+Execute - The owner of a file or folder usually has full read, write, and execute permissions
Group Permissions
+Read/+Write/+|-Execute - The group level will also usually have read and write access, with execute access sometimes restricted
Other Permissions
+|-Read/-Write/-Execute - The other level usually, though not always, has at least read access, though write and execute access are usually restricted
At this point I should explain the difference between a regular user account and the root account. When you create a user account on a Linux system, it will have full read, write, and execute permissions for its specific home directory. When a user attempts to write, modify, move, or delete a file or folder outside its specific home directory, it will be unable to do so, as it does not have the necessary permissions. The same will occur if a user attempts to run certain commands in a terminal. Without the necessary permissions, certain things are not allowed.
The root account, which is the very first account created in any Linux system, has the ability to perform any action (read, write, execute) on any file and any folder of the system. This is the reason that regular user accounts operate with restricted access, so that they cannot irreparably damage the system without knowing it. Regular user accounts do have the ability to elevate their permissions if necessary, however.
Appending sudo before any root-level command in a terminal, and then entering the root password, will temporary allow a regular user account to execute root commands. Entering sudo su into a terminal, and again entering the root password, will give full root access in that terminal, so that any command entered will be executed with root permissions. Because of this is absolutely essential that one knows what he or she is doing.
On my own systems I always have a terminal open with usually four tabs - two tabs for regular user-level commands, and two root-level tabs to perform root commands. I've done it this way for years, and it works for me, as I'm very careful what I'm doing in which tab. I would not suggest this setup, however, for someone just learning how to do things in a Linux system.
Before I wrap up this post, I'd like to explain one special case where a root account could have restricted permissions.
If you run the following in a root terminal (in the same directory as the <file> acted upon):
chattr +i <file>
Then even the root account would not be able to modify the file, as this command makes the file immutable. The only way to make it editable once again would be to run the following in a root terminal:
chattr -i <file>
This turns off the immutable flag.
OK, I think that's a good place to stop for the moment. This is enough information to digest for one post. I hope that the information provided is clear, understandable, interesting, and engaging! If not, I'll modify how I'm presenting it. That's all for now! Until next week! 😁 🙏 💚 ✨ 🤙
All images were taken with my Motorola G Power Android Phone or are screen shots from my laptop.
Thank you all so much who have helped me get to where I am today, and allowing me to share more of the beauty and magic from my life and my world with you, and for your continuous appreciation and support! I am truly deeply grateful! 😁🙏💚✨🤙
If you'd like to find me on other alternative platforms where I have accounts (I spend most of my time here on Hive), click on this signature image below to go to my LinkTree page.
If you'd like to send me a BTC Lighting Tip (made possible by the fantastic work of brianoflondon on @v4vapp), just scan the QR image below. 👇
Sources
Signature image created by @doze, and the dividers made by @thepeakstudio, with all tweaked to their present form by me.
Banner image created by me using Polish, with the Arch Linux logo converted into ASCII art, and Tux the Linux Peguin created by Larry Ewing.