WEBVTT 00:02.130 --> 00:08.420 Not every user of a single operating system should have the same level of access to files and directories 00:08.990 --> 00:12.830 like an a professional or enterprise level operating system. 00:13.160 --> 00:17.210 Linux has methods for securing file under three access. 00:18.770 --> 00:26.870 These security systems allows the system administrator, the rule accuser or the file owner to protect 00:26.870 --> 00:37.400 their files from unwanted access or tampering by granting select user permissions to read, write or 00:37.400 --> 00:40.990 execute files for each file and directory. 00:41.210 --> 00:49.150 We can specify the permissions status for the files owner for a particular group of users and for all 00:49.150 --> 00:49.880 other users. 00:50.510 --> 00:55.910 This is a necessity in a multi user interface for enterprise level operating system. 00:56.570 --> 00:59.300 The alternative would be quite chaotic. 00:59.660 --> 01:07.370 So in this letter, I will show you how to check for and change permissions on files and directories 01:07.370 --> 01:08.870 for select users. 01:09.320 --> 01:12.080 How to set default file and directory permissions. 01:12.080 --> 01:14.300 And how to set special permissions. 01:14.960 --> 01:16.490 Finally, you will have. 01:16.940 --> 01:23.270 You will see how hackers understanding of permissions might help them exploit a system. 01:26.410 --> 01:33.310 We have different types of users in Linux, as you know, in Linux, the root user is all powerful. 01:33.670 --> 01:37.390 The root user can do basically anything on the system. 01:38.350 --> 01:44.620 Other users on the system have more limited capabilities and permissions and almost never have the access 01:45.130 --> 01:46.930 that the root user has. 01:47.710 --> 01:55.720 These other users are usually collected into groups that generally share a similar function in a commercial 01:55.720 --> 01:56.140 entity. 01:56.140 --> 02:00.850 In these groups might be finance, engineering, sales and so on. 02:01.390 --> 02:07.120 So in an IT environment, these groups might include developers, network administrators and database 02:07.120 --> 02:08.050 administrators. 02:08.260 --> 02:15.100 So the idea is to put people with similar needs into a group that is granted relevant permissions. 02:15.610 --> 02:18.910 Then each member of the group inherits the group permissions. 02:19.180 --> 02:25.270 So this is primarily for the ease of administering administrating permissions and security. 02:26.110 --> 02:29.800 The root user is part of the root group by default. 02:29.830 --> 02:36.400 So each new user on the system must be added to a group in order to inherit the permissions of that 02:36.400 --> 02:36.820 group. 02:38.760 --> 02:47.310 So each and every file and directory must be allocated a particular level of permissions for the different 02:47.310 --> 02:49.320 identities using it. 02:49.920 --> 02:53.350 The three levels of permissions are here. 02:53.370 --> 02:54.570 I want to show you here. 02:55.320 --> 03:00.210 Um ah uh, permissions really clear. 03:00.780 --> 03:06.380 And uh, we have w uh, right here, right? 03:07.080 --> 03:11.610 And we have X here x for execrable. 03:14.460 --> 03:21.910 So read here these grants permissions only to open, and we will file, right? 03:21.930 --> 03:25.710 Is this a lost user to weave and edit the file? 03:25.710 --> 03:33.330 And it is, as you know, this allows users to execute the file, but not necessarily weave or edit 03:33.330 --> 03:33.480 it. 03:33.890 --> 03:40.410 It is just executed if not written before, uh, read or write you. 03:41.340 --> 03:48.780 In this way, the root user can grant users a level of permission depending on what they need the files 03:48.780 --> 03:50.910 for when a file is created. 03:50.910 --> 03:57.870 Typically, the user who created is it is the owner of the file and the owning group is the user's current 03:57.870 --> 03:58.260 group. 03:58.740 --> 04:02.520 The owner of the file can grant various access privileges to it. 04:02.970 --> 04:11.280 So let's look at how to change permissions to pass ownership to individual users and to groups. 04:12.480 --> 04:15.930 So granting ownership to an individual user. 04:17.110 --> 04:23.930 To move ownership of a file to a different user so that they have the ability to control permissions 04:24.020 --> 04:26.130 so we can use Chrome. 04:26.510 --> 04:27.440 I'm not sure you. 04:29.850 --> 04:32.910 Home, but this means change all or. 04:33.180 --> 04:42.230 Change owner in Linux, so, uh, corn, for example, bulb here DMP bulbs. 04:42.330 --> 04:42.710 Wow. 04:43.260 --> 04:50.220 Here we give the command the name of the user we are giving ownership to, uh, bob here. 04:50.220 --> 04:51.810 And uh, this. 04:51.810 --> 04:57.180 Coleman grants the user account for bob ownership of Bob's file. 05:00.060 --> 05:09.120 So, uh, granting ownership to a group, so to transfer ownership of a file from one group to another. 05:09.420 --> 05:15.930 We can use the, uh uh, see how rep I want to show you here, um? 05:18.420 --> 05:20.300 See, scary. 05:21.060 --> 05:22.770 So a group. 05:23.070 --> 05:30.270 So this is the change group common hackers are often more likely to work alone than in groups. 05:30.570 --> 05:33.240 But it's not unheard of. 05:33.240 --> 05:40.770 Several hackers or pen testers work together on a project, and in that case, using groups is necessary. 05:41.170 --> 05:46.590 So, for instance, you might have a group of protesters and the group of security team members working 05:46.590 --> 05:47.640 on the same project. 05:48.060 --> 05:54.210 The Panthers, the Panthers stairs or in this example, are the root group, meaning they have all permissions 05:54.210 --> 05:54.900 and access. 05:55.320 --> 06:01.770 So the route group needs access to the hacking tools, where a security flaw can only need access to 06:01.770 --> 06:06.870 defensive tools such as intrusion intrusion detection system ideas. 06:07.170 --> 06:14.970 So let's say the route group download and install the program named New Ideas, the route group will 06:15.000 --> 06:18.450 need to change their ownership to the security group. 06:18.660 --> 06:23.120 So the security group can use it at will to do so. 06:23.130 --> 06:29.100 The road group here and will simply enter this command. 06:29.100 --> 06:31.400 Say who to. 06:34.230 --> 06:38.880 Ten new ideas, this is just an example, so I will not it's common. 06:40.150 --> 06:42.580 So this month passes the security group. 06:43.960 --> 06:46.090 Ownership of new ideas. 06:46.690 --> 06:53.860 So now you need to know how to check whether these locations have worked, so you will do by checking 06:53.860 --> 06:55.000 the files permissions. 06:56.050 --> 06:57.340 So checking permissions. 06:59.000 --> 07:06.620 You want to find out what permissions are granted to water users for a file or directory? 07:07.100 --> 07:08.180 Use the L. 07:08.180 --> 07:09.320 S Command. 07:11.750 --> 07:12.890 Unless command. 07:13.130 --> 07:18.110 Let me look at how many minutes we have, yes, that was the last month. 07:19.720 --> 07:26.590 Uh, within the L here, this means long speech that this will lay the contents of the directory in 07:26.590 --> 07:27.640 a long format. 07:28.060 --> 07:31.690 So this list will contain the permissions here. 07:32.470 --> 07:39.640 So as L Command on the file user share hash grant one of the my favorite. 07:40.600 --> 07:45.340 Um, federal controls here in order to see what we can learn about the files. 07:46.180 --> 07:46.630 So. 07:47.630 --> 07:48.380 This is them. 07:49.690 --> 07:51.880 File type here. 07:55.250 --> 08:02.750 And this is the permission of file here, as you can see here. 08:03.800 --> 08:11.060 This is the the number of links, so you will learn what his links link is in Linux. 08:11.690 --> 08:15.020 So this is the um, the owner of the file. 08:17.740 --> 08:23.290 And this is the then size of the file in Vice. 08:24.610 --> 08:30.910 So this means when the file is created or modified and this is the name of file. 08:31.780 --> 08:37.630 So for now, let's focus on the seemingly incomprehensible strings of letters and dashes on the left 08:37.630 --> 08:40.030 edge of each line. 08:40.600 --> 08:46.840 They tell us whether an item is a file or directory and what permissions, if any, are on it. 08:47.440 --> 08:56.050 So the first character tells you the file Typekit d stands for a directory and the hash indicates a 08:56.050 --> 08:56.470 file. 08:57.840 --> 09:01.060 Uh, so these are the two most common file types here. 09:01.420 --> 09:04.330 So the next section defines the permissions on the file. 09:04.540 --> 09:13.750 There are three sets of characters and made so some combination of read, write and execute in that 09:13.750 --> 09:14.140 order. 09:14.320 --> 09:18.790 So the first set represents the permissions of the owner. 09:18.820 --> 09:25.510 The second is of the group and the last news all, uh, all of the users. 09:26.260 --> 09:33.280 So regardless of which, set of the three letters you are looking at, if you see an R at first here, 09:33.610 --> 09:35.590 as you can see, there are same uh. 09:36.070 --> 09:36.490 So. 09:38.220 --> 09:45.600 That user of group users has permission to open and read that file as Tumblr is in the middle here. 09:45.760 --> 09:55.920 No means that they can write to modify the file or directory, and the AEC's is meaning if any geeks 09:55.920 --> 10:00.540 at the end means they can execute or run the file or directory. 10:00.780 --> 10:04.260 If any RW or X is replaced with a dash here. 10:04.770 --> 10:09.000 Like that, then the respective permissions hasn't been given. 10:09.480 --> 10:15.780 Not that the users kind of permission to execute on either binaries or scripts.