CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

Similar documents
CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

CSE 303 Lecture 4. users/groups; permissions; intro to shell scripting. read Linux Pocket Guide pp , 25-27, 61-65, , 176

CSE 390a Lecture 3. bash shell continued: processes; multi-user systems; remote login; editors

CSE 391 Lecture 3. bash shell continued: processes; multi-user systems; remote login; editors

CSE 391 Editing and Moving Files

CSE 391 Lecture 1. introduction to Linux/Unix environment

CSE 390a Lecture 1. introduction to Linux/Unix environment

Intro to Linux & Command Line

CSE 391 Lecture 1. introduction to Linux/Unix environment

Exercise Sheet 2. (Classifications of Operating Systems)

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

CS/CIS 249 SP18 - Intro to Information Security

CST8207: GNU/Linux Operating Systems I Lab Six Linux File System Permissions. Linux File System Permissions (modes) - Part 1

Lab 2A> ADDING USERS in Linux

commandname flags arguments

Mills HPC Tutorial Series. Linux Basics I

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

Overview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions

Introduction to Unix May 24, 2008

Chapter 8: Security under Linux

Introduction to the Linux Command Line

Files (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1

Outline. Structure of a UNIX command

Unix/Linux Basics. Cpt S 223, Fall 2007 Copyright: Washington State University

CS197U: A Hands on Introduction to Unix

Introduction: What is Unix?

5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

User Commands chmod ( 1 )

A Brief Introduction to Unix

CSCE 212H, Spring 2008, Matthews Lab Assignment 1: Representation of Integers Assigned: January 17 Due: January 22

Introduction of Linux

Introduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines

File Properties and Permissions

Working with Basic Linux. Daniel Balagué

: the User (owner) for this file (your cruzid, when you do it) Position: directory flag. read Group.

INTRODUCTION TO LINUX

CS 460 Linux Tutorial

Linux Kung-Fu. James Droste UBNetDef Fall 2016

Getting Started With Cpsc (Advanced) Hosted by Jarrett Spiker

Course 144 Supplementary Materials. UNIX Fundamentals

bash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1

Commands are in black

Operating Systems Lab 1 (Users, Groups, and Security)

CENG 334 Computer Networks. Laboratory I Linux Tutorial

SECTION -C. Getting Started with UNIX

CS Fundamentals of Programming II Fall Very Basic UNIX

Linux Command Line Primer. By: Scott Marshall

This lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]

CISC 220 fall 2011, set 1: Linux basics

Physics REU Unix Tutorial

Unix. Examples: OS X and Ubuntu

EECS Software Tools. Lab 2 Tutorial: Introduction to UNIX/Linux. Tilemachos Pechlivanoglou

Introduction to remote command line Linux. Research Computing Team University of Birmingham

Computer Systems and Architecture

Student Remote Login Procedure (see picture below): 1. Start SSH Secure Shell 2. Click the computer icon (4 th on the toolbar) 3.

CSE 390a Lecture 5. Intro to shell scripting

CS4350 Unix Programming. Outline

Introduction to Linux Workshop 1

Lab Authentication, Authorization, and Accounting

Lab Working with Linux Command Line

Linux at the Command Line Don Johnson of BU IS&T

INTRODUCTION TO BIOINFORMATICS

Users, Groups and Permission in Linux

Some Linux (Unix) Commands that might help you in ENSC351

Unix Introduction to UNIX

National University of Computer and Emerging Sciences Operating System Lab - 02 Lab Manual

Linux Training. for New Users of Cluster. Georgia Advanced Computing Resource Center University of Georgia Suchitra Pakala

CSCI 2132 Software Development. Lecture 4: Files and Directories

More Raspian. An editor Configuration files Shell scripts Shell variables System admin

GNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018

Chapter-3. Introduction to Unix: Fundamental Commands

Using UNIX. -rwxr--r-- 1 root sys Sep 5 14:15 good_program

Computer Systems and Architecture

Operating Systems. Copyleft 2005, Binnur Kurt

Operating Systems 3. Operating Systems. Content. What is an Operating System? What is an Operating System? Resource Abstraction and Sharing

Introduction to Linux

CSE 390a Lecture 2. Exploring Shell Commands, Streams, Redirection, and Processes

Unix Filesystem. January 26 th, 2004 Class Meeting 2

The kernel is the low-level software that manages hardware, multitasks programs, etc.

Using RANCID. Contents. 1 Introduction Goals Notes Install rancid Add alias Configure rancid...

CS 215 Fundamentals of Programming II Spring 2019 Very Basic UNIX

Network Monitoring & Management. A few Linux basics

Linux Operating System Environment Computadors Grau en Ciència i Enginyeria de Dades Q2

CHAPTER 1 UNIX FOR NONPROGRAMMERS

Unix Tutorial. Beginner. CS Help Desk: Marc Jarvis (in spirit), Monica Ung, Corey Antoniuk 2015

CS Unix Tools. Lecture 2 Fall Hussam Abu-Libdeh based on slides by David Slater. September 10, 2010

Introduction to Linux (Part I) BUPT/QMUL 2018/03/14

CSE 391 Lecture 5. Intro to shell scripting

Operating systems fundamentals - B10

Session 1: Accessing MUGrid and Command Line Basics

CS246 Spring14 Programming Paradigm Notes on Linux

File Access Control Lists (ACLs)

CSE 390 Lecture 9. Version control and Subversion (svn)

Unit: Making a move (using FTP)

L.A.M.P. Stack Part I

Introduction to Linux

CSE II-Sem)

Introduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University

Transcription:

CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1

Lecture summary Connecting to remote servers (attu) multi-user environments Text editors User accounts and groups File permissions The Super User 2

Connecting with ssh command ssh description open a shell on a remote server Linux/Unix are built to be used in multi-user environments where several users are logged in to the same machine at the same time users can be logged in either locally or via the network You can connect to other Linux/Unix servers with ssh once connected, you can run commands on the remote server other users might also be connected; you can interact with them can connect even from other operating systems 3

The attu server attu : The UW CSE department's shared Linux server connect to attu by typing: ssh attu.cs.washington.edu (or ssh username@attu.cs.washington.edu if your Linux system's user name is different than your CSE user name) Note: There are several computers that respond as attu (to spread load), so if you want to be on the same machine as your friend, you may need to connect to attu2, attu3, etc. 4

5 Multi-user environments command whoami passwd hostname w or finger write description outputs your username changes your password outputs this computer's name/address see info about people logged in to this server send a message to another logged in user Exercise : Connect to attu, and send somebody else a message.

Network commands command links or lynx ssh sftp or scp wget curl alpine, mail description text-only web browsers (really!) connect to a remote server transfer files to/from a remote server (after starting sftp, use get and put commands) download from a URL to a file download from a URL and output to console text-only email programs 6

Text editors command pico or nano emacs vi or vim description simple but crappy text editors (recommended) complicated text editor complicated text editor you cannot run graphical programs when connected to attu (yet) so if you want to edit documents, you need to use a text-only editor most advanced Unix/Linux users learn emacs or vi these editors are powerful but complicated and hard to learn we recommend the simpler nano (hotkeys are shown on screen) 7

Mounting remote files command sshfs description mount and interact with remote directories and files An alternate usage model to remotely connecting to servers is mounting remote directories and files and work on them locally once mounted, use remote directories and files as if they were local To mount a remote directory create a local directory to mount to mkdir csehomedir mount your remote files on your local system sshfs username@attu.cs.washington.edu:/homes/iws/username csehomedir/ 8

Aliases command alias description assigns a pseudonym to a command alias name=command must wrap the command in quotes if it contains spaces Example: When I type q, I want it to log me out of my shell. Example: When I type ll, I want it to list all files in long format. alias q=exit alias ll="ls -la" Exercise : Make it so that typing woman runs man. Exercise : Make it so that typing attu connects me to attu. 9

Users Unix/Linux is a multi-user operating system. Every program/process is run by a user. Every file is owned by a user. Every user has a unique integer ID number (UID). Different users have different access permissions, allowing user to: read or write a given file browse the contents of a directory execute a particular program install new software on the system change global system settings... 10

People & Permissions People: each user fits into only one of three permission sets: owner (u) if you create the file you are the owner, the owner can also be changed group (g) by default a group (e.g. ugrad_cs, fac_cs) is associated with each file others (o) everyone other than the owner and people who are in the particular group associated with the file Permissions: For regular files, permissions work as follows: read (r) allows file to be open and read write (w) allows contents of file to be modified or truncated execute (x) allows the file to be executed (use for executables or scripts) * Directories also have permissions (covered later). Permission to delete or rename a file is controlled by the permission of its parent directory. 11

Groups command description groups list the groups to which a user belongs chgrp change the group associated with a file group: A collection of users, used as a target of permissions. a group can be given access to a file or resource a user can belong to many groups see who s in a group using grep <groupname> /etc/group Every file has an associated group. the owner of a file can grant permissions to the group Every group has a unique integer ID number (GID). Exercise: create a file, see its default group, and change it 12

File permissions command chmod umask description change permissions for a file set default permissions for new files types : read (r), write (w), execute (x) people : owner (u), group (g), others (o) on Windows,.exe files are executable programs; on Linux, any file with x permission can be executed permissions are shown when you type ls -l is it a directory? owner (u) group (g) others (o) drwxrwxrwx 13

14 File permissions Examples Permissions are shown when you type ls l: -rw-r--r-- 1 rea fac_cs -rw--w---- 1 rea orca 55 Oct 25 12:02 temp1.txt 235 Oct 25 11:06 temp2.txt temp1.txt: owner of the file (rea) has read & write permission group (fac_cs) members have read permission others have read permission temp2.txt: owner:??? group:??? others:???

15 File permissions Examples Permissions are shown when you type ls l: -rw-r--r-- 1 rea fac_cs -rw--w---- 1 rea orca 55 Oct 25 12:02 temp1.txt 235 Oct 25 11:06 temp2.txt temp1.txt: owner of the file (rea) has read & write permission group (fac_cs) members have read permission others have read permission temp2.txt: owner of the file (rea) has read & write permission group (orca) members have write permission (but no read permission can add things to the file but cannot cat it) others have no permissions (cannot read or write)

Changing permissions letter codes: chmod who(+-)what filename chmod u+rw myfile.txt (allow owner to read/write) chmod +x banner??? chmod ug+rw,o-rwx grades.xls??? note: -R for recursive octal (base-8) codes: chmod NNN filename three numbers between 0-7, for owner (u), group (g), and others (o) each gets +4 to allow read, +2 for write, and +1 for execute chmod 600 myfile.txt chmod 664 grades.dat chmod 751 banner 16

Changing permissions letter codes: chmod who(+-)what filename chmod u+rw myfile.txt (allow owner to read/write) chmod +x banner (allow everyone to execute) chmod ug+rw,o-rwx grades.xls (owner/group can read and note: -R for recursive write; others nothing) octal (base-8) codes: chmod NNN filename three numbers between 0-7, for owner (u), group (g), and others (o) each gets +4 to allow read, +2 for write, and +1 for execute chmod 600 myfile.txt (owner can read/write (rw)) chmod 664 grades.dat (owner rw; group rw; other r) chmod 751 banner (owner rwx; group rx; other x) 17

chmod and umask chmod u+rw myfile.txt (allow owner to read/write) Note: leaves group and other permissions as they were. chmod 664 grades.dat (owner rw; group rw; other r) Note: sets permissions for owner, group and other all at once. umask returns the mask in use, determines the default permissions set on files and directories I create. Can also be used to set that mask. % umask 0022 0022 means that files I create will have group and other write bits turned off: 1) Take the bitwise complement of 022 8 -> 755 8 2) AND with 666 8 for files (777 8 for directories) : 755 8 = 111 101 101 666 8 = 110 110 110 110 100 100 = 644 8 (owner rw, group r, other r) % touch silly.txt % ls l silly.txt -rw-r--r-- 1 rea fac_cs 0 Oct 25 12:04 silly.txt 18

Exercises Change the permissions on myfile.txt so that: Others cannot read it. Group members can execute it. Others cannot read or write it. Group members & Others can read and write it. Everyone has full access. Now try this: Deny all access from everyone.!!! is it dead? 19

Exercises (Solutions) Change the permissions on myfile.txt so that: Others cannot read it. Group members can execute it. Others cannot read or write it. Group members & Others can read and write it. Everyone has full access. chmod o-r myfile.txt chmod g+xmyfile.txt chmod o-rw myfile.txt chmod go+rw myfile.txt chmod ugo+rwx myfile.txt Now try this: Deny all access from everyone.!!! is it dead? chmod ugo-rwx myfile.txt I own this file. Can I change the Owner s (u) permissions? 20

Directory Permissions Read, write, execute a directory? Read - permitted to read the contents of directory (view files and subdirectories in that directory, run ls on the directory) Write - permitted to write in to the directory (add, delete, or rename & create files and sub-directories in that directory) Execute - permitted to enter into that directory (cd into that directory) It is possible to have any combination of these permissions: Try these: Have read permission for a directory, but NOT execute permission???? Have execute permission for a directory, but NOT read permission??? *Note: permissions assigned to a directory are not inherited by the files within that directory 21

Directory Permissions Read, write, execute a directory? Read - permitted to read the contents of directory (view files and subdirectories in that directory, run ls on the directory) Write - permitted to write in to the directory (add, delete, or rename & create files and sub-directories in that directory) Execute - permitted to enter into that directory (cd into that directory) It is possible to have any combination of these permissions: Have read permission for a directory, but NOT execute permission Can do an ls from outside of the directory but cannot cd into it, cannot access files in the directory Have execute permission for a directory, but NOT read permission Can cd into the directory, can access files in that directory if you already know their name, but cannot do an ls of the directory *Note: permissions assigned to a directory are not inherited by the files within that directory 22

Permissions don t travel Note in the previous examples that permissions are separate from the file If I disable read access to a file, I can still look at its permissions If I upload a file to a directory, its permissions will be the same as if I created a new file locally Takeaway: permissions, users, and groups reside on the particular machine you re working on. If you email a file or throw it on a thumbdrive, no permissions information is attached. Why? Is this a gaping security hole? 23

Let s combine things Say I have a directory structure, with lots of.txt files scattered I want to remove all permissions for Others on all of the text files First attempt: chmod R o-rwx *.txt What happened? 24

Let s combine things Say I have a directory structure, with lots of.txt files scattered I want to remove all permissions for Others on all of the text files First attempt: chmod R o-rwx *.txt What happened? Try and fix this using find and xargs! find name "*.txt" find name "*.txt" xargs chmod o-rwx 25

Super-user (root) command sudo su description run a single command with root privileges (prompts for password) start a shell with root privileges (so multiple commands can be run) super-user: An account used for system administration. has full privileges on the system usually represented as a user named root Most users have more limited permissions than root protects system from viruses, rogue users, etc. if on your own box, why ever run as a non-root user? Example: Install the sun-java6-jdk package on Ubuntu. sudo apt-get install sun-java6-jdk 26

27 Playing around with power Courtesy XKCD.com

Playing around with power Create a file, remove all permissions Now, login as root and change the owner and group to root Bwahaha, is it a brick in a user s directory? Different distributions have different approaches Compare Fedora to Ubuntu in regards to sudo and su Power can have dangerous consequences rm * might be just what you want to get rid of everything in a local directory but what if you happened to be in /bin and you were running as root 28

Wrap-up discussion What do you think of the permissions model in *nix? How does it compare to your experience of other OS s? What are it s strengths? Are there any limitations? Can you think of a scenario of access rights that this approach doesn t easily facilitate? Additional info: ACL vs. Capabilities Access Control Lists Like what we just looked at each file has a list of who can do what Capabilities Different approach using capabilities, or keys Principle of least privilege, keys are communicable Not a focus point, but more info online if you re interested 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback