1
00:00:00,06 --> 00:00:01,06
- [Instructor] On a Linux system,

2
00:00:01,06 --> 00:00:05,00
we interact with file system metadata in a few ways.

3
00:00:05,00 --> 00:00:07,00
To explore basic attributes of a file,

4
00:00:07,00 --> 00:00:09,02
we can use the stat command.

5
00:00:09,02 --> 00:00:10,07
Here we see the permissions,

6
00:00:10,07 --> 00:00:13,01
the various timestamps associated with the file

7
00:00:13,01 --> 00:00:14,03
and some other information

8
00:00:14,03 --> 00:00:16,06
like the owner and group IDs,

9
00:00:16,06 --> 00:00:18,03
the inode for the file

10
00:00:18,03 --> 00:00:20,01
and its size and how many blocks

11
00:00:20,01 --> 00:00:22,05
on the file system the file occupies.

12
00:00:22,05 --> 00:00:25,07
None of these values are the actual data of the file.

13
00:00:25,07 --> 00:00:28,03
They're all metadata stored in the file system

14
00:00:28,03 --> 00:00:30,04
associated with the blocks or extents

15
00:00:30,04 --> 00:00:33,00
where the file's actual data is kept.

16
00:00:33,00 --> 00:00:35,04
We'll explore some of these other fields here shortly,

17
00:00:35,04 --> 00:00:36,09
but first, I'd like to draw your attention

18
00:00:36,09 --> 00:00:38,09
to these timestamps here.

19
00:00:38,09 --> 00:00:40,01
There's space for four of them,

20
00:00:40,01 --> 00:00:42,01
but usually only three are used

21
00:00:42,01 --> 00:00:44,07
because those are the three that POSIX requires.

22
00:00:44,07 --> 00:00:47,03
These three are called the access time or A time,

23
00:00:47,03 --> 00:00:49,03
the modify time or M time

24
00:00:49,03 --> 00:00:51,09
and the change time or C time.

25
00:00:51,09 --> 00:00:55,02
Access time is when the file was last accessed or read.

26
00:00:55,02 --> 00:00:58,05
Modify time is when the files contents were last modified.

27
00:00:58,05 --> 00:00:59,04
And change time,

28
00:00:59,04 --> 00:01:01,06
while it sounds similar to modify time,

29
00:01:01,06 --> 00:01:04,05
is when the files inode information was changed.

30
00:01:04,05 --> 00:01:05,03
So for example,

31
00:01:05,03 --> 00:01:07,02
if we change the files permissions or name

32
00:01:07,02 --> 00:01:09,07
or something that's associated with the inode,

33
00:01:09,07 --> 00:01:12,04
that will affect the C time or change time.

34
00:01:12,04 --> 00:01:14,03
If we open the file in an editor,

35
00:01:14,03 --> 00:01:16,05
modified its contents and saved the file,

36
00:01:16,05 --> 00:01:17,08
that would affect the M time

37
00:01:17,08 --> 00:01:19,05
or modification time.

38
00:01:19,05 --> 00:01:21,02
These values are updated by the system

39
00:01:21,02 --> 00:01:23,00
when their associated change occurs,

40
00:01:23,00 --> 00:01:24,05
but we can also use the touch command

41
00:01:24,05 --> 00:01:26,04
to change the values too.

42
00:01:26,04 --> 00:01:27,08
I won't spend a lot of time on this here,

43
00:01:27,08 --> 00:01:30,02
but let's take a look at this file from before.

44
00:01:30,02 --> 00:01:32,05
Using the touch command and a D option

45
00:01:32,05 --> 00:01:35,01
followed by a date time string and the file name,

46
00:01:35,01 --> 00:01:36,04
I can change both the access

47
00:01:36,04 --> 00:01:43,02
and modification times for this file.

48
00:01:43,02 --> 00:01:46,03
We can see that change with stat myfile1 again,

49
00:01:46,03 --> 00:01:49,06
and there we go.

50
00:01:49,06 --> 00:01:51,04
Take some time to explore the manual page

51
00:01:51,04 --> 00:01:52,04
for the touch command

52
00:01:52,04 --> 00:01:54,01
for some more useful options

53
00:01:54,01 --> 00:01:55,07
including the -r option,

54
00:01:55,07 --> 00:01:57,05
which can read the times from one file

55
00:01:57,05 --> 00:02:00,02
and apply them to another.

56
00:02:00,02 --> 00:02:02,01
This display shows the permissions

57
00:02:02,01 --> 00:02:04,09
and also shows the modified time for each file

58
00:02:04,09 --> 00:02:07,04
and we see its name and size.

59
00:02:07,04 --> 00:02:09,09
We can use the -lc option

60
00:02:09,09 --> 00:02:11,07
and the -lu option

61
00:02:11,07 --> 00:02:12,06
to show change time

62
00:02:12,06 --> 00:02:17,00
and access time respectively.

63
00:02:17,00 --> 00:02:19,05
This number here refers to how many links there are

64
00:02:19,05 --> 00:02:21,03
to the files inode.

65
00:02:21,03 --> 00:02:22,07
Most files will have just one,

66
00:02:22,07 --> 00:02:24,02
representing the file we see,

67
00:02:24,02 --> 00:02:25,05
but if there are symbolic links

68
00:02:25,05 --> 00:02:27,04
or hard links pointing to the files inode,

69
00:02:27,04 --> 00:02:29,05
the number will increase.

70
00:02:29,05 --> 00:02:31,01
File permissions tell the system

71
00:02:31,01 --> 00:02:32,08
which users and groups can read,

72
00:02:32,08 --> 00:02:35,01
write and execute a file.

73
00:02:35,01 --> 00:02:37,07
Permissions are extremely important on Linux systems,

74
00:02:37,07 --> 00:02:39,05
but because this isn't a Linux course,

75
00:02:39,05 --> 00:02:41,06
we won't be getting into the details of them here.

76
00:02:41,06 --> 00:02:42,05
We'll just take a look

77
00:02:42,05 --> 00:02:44,08
from a metadata perspective in this video.

78
00:02:44,08 --> 00:02:46,08
We can modify a file's access permissions

79
00:02:46,08 --> 00:02:48,03
with the chmod command,

80
00:02:48,03 --> 00:02:49,02
followed by either

81
00:02:49,02 --> 00:02:51,02
a numeric representation of the permissions

82
00:02:51,02 --> 00:02:54,04
like 755, or a symbolic representation

83
00:02:54,04 --> 00:02:56,03
using plus, minus or equals

84
00:02:56,03 --> 00:02:59,01
and various letters to represent permission modes.

85
00:02:59,01 --> 00:03:00,06
And we can change the file ownership

86
00:03:00,06 --> 00:03:03,07
or file group with chown and chgrp.

87
00:03:03,07 --> 00:03:05,09
File access permissions are a fairly basic

88
00:03:05,09 --> 00:03:07,04
and widely supported attribute

89
00:03:07,04 --> 00:03:09,06
across many UNIX type file systems,

90
00:03:09,06 --> 00:03:11,07
but there is one important factor to keep in mind

91
00:03:11,07 --> 00:03:14,06
when we copy files that have permissions.

92
00:03:14,06 --> 00:03:15,09
Permissions are represented

93
00:03:15,09 --> 00:03:18,01
by user and group numeric IDs,

94
00:03:18,01 --> 00:03:20,07
not explicit user and group names.

95
00:03:20,07 --> 00:03:21,06
In most cases,

96
00:03:21,06 --> 00:03:23,02
a user copying their own files

97
00:03:23,02 --> 00:03:24,07
to another disc or system

98
00:03:24,07 --> 00:03:27,00
will result in behavior we expect,

99
00:03:27,00 --> 00:03:29,01
correctly setting the owner and group ID,

100
00:03:29,01 --> 00:03:31,01
but if we copy files using other tools

101
00:03:31,01 --> 00:03:33,05
that preserve these owner and group ID values,

102
00:03:33,05 --> 00:03:36,06
we might have unexpected results on the target system.

103
00:03:36,06 --> 00:03:38,00
For example, on one system,

104
00:03:38,00 --> 00:03:40,03
the user Mary, might be the owner of a file

105
00:03:40,03 --> 00:03:42,06
and have the user ID 1004.

106
00:03:42,06 --> 00:03:44,06
If we copy that file to another system,

107
00:03:44,06 --> 00:03:47,02
depending on how that copy operation is performed,

108
00:03:47,02 --> 00:03:49,04
we could end up with that same file showing ownership

109
00:03:49,04 --> 00:03:52,04
by whatever user account corresponds with 1004

110
00:03:52,04 --> 00:03:53,06
on the other system.

111
00:03:53,06 --> 00:03:56,01
Or if there isn't a user ID 1004,

112
00:03:56,01 --> 00:03:58,02
we would just see the number 1004.

113
00:03:58,02 --> 00:04:00,06
We can fix this with permissions management tools,

114
00:04:00,06 --> 00:04:01,08
but this highlights the fact

115
00:04:01,08 --> 00:04:03,01
that permissions on a file

116
00:04:03,01 --> 00:04:05,08
aren't a reliable indicator of a person or user

117
00:04:05,08 --> 00:04:08,01
actually being responsible for that file.

118
00:04:08,01 --> 00:04:09,06
Permissions can be changed easily

119
00:04:09,06 --> 00:04:10,08
by administrative users

120
00:04:10,08 --> 00:04:12,09
and are often ignored in the copy process,

121
00:04:12,09 --> 00:04:15,01
especially between platforms.

122
00:04:15,01 --> 00:04:17,08
While they are represented by file system metadata,

123
00:04:17,08 --> 00:04:20,04
file permissions aren't the focus of this course.

124
00:04:20,04 --> 00:04:22,01
If you'd like to learn more about them though,

125
00:04:22,01 --> 00:04:23,01
take a look at my course

126
00:04:23,01 --> 00:04:24,09
called "Learning Linux Command Line"

127
00:04:24,09 --> 00:04:26,09
or other courses about Linux basics

128
00:04:26,09 --> 00:04:29,01
here on LinkedIn Learning.

129
00:04:29,01 --> 00:04:31,05
Other metadata that Linux type file systems store

130
00:04:31,05 --> 00:04:34,03
include ACLs or access control lists.

131
00:04:34,03 --> 00:04:36,03
ACLs allow us to be more specific

132
00:04:36,03 --> 00:04:38,01
about who can do what with files.

133
00:04:38,01 --> 00:04:38,09
For example,

134
00:04:38,09 --> 00:04:39,09
we can set up a much richer

135
00:04:39,09 --> 00:04:41,04
and more complex set of rules

136
00:04:41,04 --> 00:04:42,03
about who can do what

137
00:04:42,03 --> 00:04:44,06
to which files on a given system.

138
00:04:44,06 --> 00:04:45,06
On a Linux system,

139
00:04:45,06 --> 00:04:47,06
the file system itself needs to be mounted

140
00:04:47,06 --> 00:04:49,00
with support for ACLs

141
00:04:49,00 --> 00:04:51,01
in order for us to set ACLs

142
00:04:51,01 --> 00:04:52,09
because that particular metadata structure

143
00:04:52,09 --> 00:04:54,07
needs to be in place.

144
00:04:54,07 --> 00:04:58,03
So not all Linux systems will have ACLs by default.

145
00:04:58,03 --> 00:04:59,02
Here in the terminal,

146
00:04:59,02 --> 00:05:00,05
I'm using an external volume.

147
00:05:00,05 --> 00:05:01,06
It's EXT4,

148
00:05:01,06 --> 00:05:04,05
which means it automatically includes ACL support.

149
00:05:04,05 --> 00:05:06,07
Using the LS command with the -l option,

150
00:05:06,07 --> 00:05:09,02
we can see whether a file has an ACL.

151
00:05:09,02 --> 00:05:11,00
Here I can see one file has a plus

152
00:05:11,00 --> 00:05:12,08
after the regular permission string

153
00:05:12,08 --> 00:05:15,03
and that indicates that it has an ACL.

154
00:05:15,03 --> 00:05:17,03
We can see which ACLs are applied to files

155
00:05:17,03 --> 00:05:20,05
with the command getfacl or get Facl,

156
00:05:20,05 --> 00:05:27,00
facl being short for file access control list.

157
00:05:27,00 --> 00:05:28,03
Here we can see an ACL

158
00:05:28,03 --> 00:05:30,02
that grants a group called accounting

159
00:05:30,02 --> 00:05:32,07
read, write and execute access to the file.

160
00:05:32,07 --> 00:05:33,06
Notice in this output

161
00:05:33,06 --> 00:05:36,01
that there's another indication for others,

162
00:05:36,01 --> 00:05:37,08
which from the perspective of this file,

163
00:05:37,08 --> 00:05:40,03
is what any member of the accounting group would be.

164
00:05:40,03 --> 00:05:42,01
This would deny the accounting group

165
00:05:42,01 --> 00:05:44,05
write and execute access.

166
00:05:44,05 --> 00:05:46,02
This is overridden by the ACL,

167
00:05:46,02 --> 00:05:48,06
which specifically grants this group full access,

168
00:05:48,06 --> 00:05:50,03
even though the system will deny write

169
00:05:50,03 --> 00:05:53,01
and execute access to any other group member.

170
00:05:53,01 --> 00:05:54,02
To modify an ACL,

171
00:05:54,02 --> 00:05:56,09
we can use setfacl and the -m option,

172
00:05:56,09 --> 00:05:58,09
followed by an access control entry.

173
00:05:58,09 --> 00:05:59,07
For example,

174
00:05:59,07 --> 00:06:00,08
we can change the existing entry

175
00:06:00,08 --> 00:06:06,03
to only allow this group read access.

176
00:06:06,03 --> 00:06:10,01
I'll write setfacl -m g:

177
00:06:10,01 --> 00:06:13,06
and the group name :r for read

178
00:06:13,06 --> 00:06:18,07
and then the file name.

179
00:06:18,07 --> 00:06:22,03
Again, I'll run getfacl,

180
00:06:22,03 --> 00:06:25,04
and we can see that change was made.

181
00:06:25,04 --> 00:06:27,06
Access controls with ACLs are an important part

182
00:06:27,06 --> 00:06:29,03
of security on Linux systems

183
00:06:29,03 --> 00:06:32,03
and they're part of the file system metadata.

184
00:06:32,03 --> 00:06:34,05
In addition to basic attributes like permissions,

185
00:06:34,05 --> 00:06:35,08
dates and so on,

186
00:06:35,08 --> 00:06:39,01
files on most Linux systems can have extended attributes

187
00:06:39,01 --> 00:06:40,07
which are further ways to tag information

188
00:06:40,07 --> 00:06:42,08
onto files on the system.

189
00:06:42,08 --> 00:06:45,05
They're represented by key value pairs.

190
00:06:45,05 --> 00:06:47,03
To read extended attributes on files,

191
00:06:47,03 --> 00:06:49,05
we can use the getfattr command

192
00:06:49,05 --> 00:06:52,06
and we can set values with setfattr.

193
00:06:52,06 --> 00:06:54,08
On modern Linux compatible file systems

194
00:06:54,08 --> 00:06:56,00
like EXT4,

195
00:06:56,00 --> 00:06:58,05
we can set user extended attributes on a file,

196
00:06:58,05 --> 00:07:01,02
allowing us to add any text-based key name we want

197
00:07:01,02 --> 00:07:02,07
and any text, hexadecimal

198
00:07:02,07 --> 00:07:06,03
or base 64 encoded value associated with it.

199
00:07:06,03 --> 00:07:07,09
Some applications use this feature

200
00:07:07,09 --> 00:07:09,07
to add their own tags or other metadata

201
00:07:09,07 --> 00:07:11,04
to files they work with.

202
00:07:11,04 --> 00:07:13,07
Older Linux compatible file systems may need

203
00:07:13,07 --> 00:07:15,00
to be specifically mounted

204
00:07:15,00 --> 00:07:17,02
with user extended attribute support

205
00:07:17,02 --> 00:07:20,03
and others don't support extended attributes at all.

206
00:07:20,03 --> 00:07:23,06
We can add an extended attribute with setfattr

207
00:07:23,06 --> 00:07:29,00
and the name and the value followed by the file name.

208
00:07:29,00 --> 00:07:33,07
I'll write setfattr -n,

209
00:07:33,07 --> 00:07:38,01
user. and the name of my attribute.

210
00:07:38,01 --> 00:07:42,06
Then -v and a value,

211
00:07:42,06 --> 00:07:46,03
and then I'll provide a file name.

212
00:07:46,03 --> 00:07:49,08
Now let's use getfattr -d and an asterisk

213
00:07:49,08 --> 00:07:51,01
to view the extended attributes

214
00:07:51,01 --> 00:07:53,02
for all the files in this directory.

215
00:07:53,02 --> 00:07:54,08
Only one file has them,

216
00:07:54,08 --> 00:07:57,04
and here's the value that I set for this file.

217
00:07:57,04 --> 00:08:00,01
Extended attributes can contain some interesting information

218
00:08:00,01 --> 00:08:01,02
so they can be a vector

219
00:08:01,02 --> 00:08:03,02
for inadvertently sharing information

220
00:08:03,02 --> 00:08:05,01
that might not be meant to be shared.

221
00:08:05,01 --> 00:08:06,03
As long as a volume is mounted

222
00:08:06,03 --> 00:08:08,01
with extended attribute support,

223
00:08:08,01 --> 00:08:10,01
these attributes will be available.

224
00:08:10,01 --> 00:08:11,08
But if files with extended attributes

225
00:08:11,08 --> 00:08:14,01
are copied to a file system that doesn't support them,

226
00:08:14,01 --> 00:08:16,01
the attributes will be removed

227
00:08:16,01 --> 00:08:17,06
and these values will be removed

228
00:08:17,06 --> 00:08:19,05
if the file is moved or copied by tools

229
00:08:19,05 --> 00:08:21,08
without extended attribute support.

230
00:08:21,08 --> 00:08:24,00
Spend some time with the setfattr manual page

231
00:08:24,00 --> 00:08:27,01
to learn more about how extended attributes work.

232
00:08:27,01 --> 00:08:28,06
While extended attributes allow us

233
00:08:28,06 --> 00:08:31,05
to set key value pairs of information on files,

234
00:08:31,05 --> 00:08:32,07
there's another kind of information

235
00:08:32,07 --> 00:08:35,00
we can add to files called flags.

236
00:08:35,00 --> 00:08:36,07
These are simple on/off setting names

237
00:08:36,07 --> 00:08:39,00
and functions defined by the file system.

238
00:08:39,00 --> 00:08:40,05
Some of these flags can be used

239
00:08:40,05 --> 00:08:42,02
to make a file undeletable,

240
00:08:42,02 --> 00:08:45,02
to mark it so that the access time isn't updated and more.

241
00:08:45,02 --> 00:08:46,03
To work with these values,

242
00:08:46,03 --> 00:08:50,04
we'll use the commands lsattr and chattr.

243
00:08:50,04 --> 00:08:52,08
The manual pages for the chattr command

244
00:08:52,08 --> 00:08:54,07
briefly list the available flags

245
00:08:54,07 --> 00:08:56,08
and I encourage you to explore that.

246
00:08:56,08 --> 00:08:59,04
We can set flags with the chattr command

247
00:08:59,04 --> 00:09:01,02
followed by an option like +i

248
00:09:01,02 --> 00:09:07,01
to add the immutable flag to a file.

249
00:09:07,01 --> 00:09:09,00
Now, even though I'm the owner of that file,

250
00:09:09,00 --> 00:09:10,06
as I can see here,

251
00:09:10,06 --> 00:09:11,08
I'll be unable to delete it

252
00:09:11,08 --> 00:09:18,07
without first removing the flag.

253
00:09:18,07 --> 00:09:23,01
Even the super user can't delete this file directly.

254
00:09:23,01 --> 00:09:24,03
We can take a look at the flags

255
00:09:24,03 --> 00:09:25,06
for files in this directory

256
00:09:25,06 --> 00:09:31,02
with lsattr and an asterisk.

257
00:09:31,02 --> 00:09:34,07
Here we see the individual flags in a compact view.

258
00:09:34,07 --> 00:09:36,00
E means extents,

259
00:09:36,00 --> 00:09:38,01
indicating that this file uses extents,

260
00:09:38,01 --> 00:09:39,00
which we would expect,

261
00:09:39,00 --> 00:09:41,05
given that this is an EXT4 file system

262
00:09:41,05 --> 00:09:44,00
which uses extents rather than blocks.

263
00:09:44,00 --> 00:09:45,09
The more interesting flag here is I,

264
00:09:45,09 --> 00:09:47,07
which represents immutable,

265
00:09:47,07 --> 00:09:49,00
and we can see that more in detail

266
00:09:49,00 --> 00:09:51,03
with lsattr, -l for list,

267
00:09:51,03 --> 00:09:52,06
and the file name,

268
00:09:52,06 --> 00:09:53,06
which lists the name

269
00:09:53,06 --> 00:09:58,01
instead of just the letter for each flag.

270
00:09:58,01 --> 00:09:59,07
While flags don't necessarily reveal

271
00:09:59,07 --> 00:10:01,05
a whole lot of information about a file,

272
00:10:01,05 --> 00:10:03,09
they can be indicators that a file is interesting.

273
00:10:03,09 --> 00:10:04,08
A different file state

274
00:10:04,08 --> 00:10:07,04
that the system administrator wants to enforce after all,

275
00:10:07,04 --> 00:10:08,09
points to that file being different

276
00:10:08,09 --> 00:10:10,06
than the files around it.

277
00:10:10,06 --> 00:10:12,02
And it's good to know about these flags

278
00:10:12,02 --> 00:10:13,03
if we're working on a file

279
00:10:13,03 --> 00:10:16,00
that doesn't respond in the way we think it might.

280
00:10:16,00 --> 00:10:17,05
Perhaps it's marked as immutable

281
00:10:17,05 --> 00:10:19,09
or has no A time updates and so on.

282
00:10:19,09 --> 00:10:21,04
As with other metadata values,

283
00:10:21,04 --> 00:10:23,09
this flag will copy to other supported file systems

284
00:10:23,09 --> 00:10:26,02
when using tools that are aware of flags

285
00:10:26,02 --> 00:10:27,00
but will be dropped

286
00:10:27,00 --> 00:10:30,02
when copied to unsupported file systems.

287
00:10:30,02 --> 00:10:31,05
Some Linux file systems

288
00:10:31,05 --> 00:10:33,01
use an access management solution

289
00:10:33,01 --> 00:10:34,02
called SE Linux

290
00:10:34,02 --> 00:10:37,02
to further refine how files can be used.

291
00:10:37,02 --> 00:10:39,08
This information is also stored as extended attributes

292
00:10:39,08 --> 00:10:41,00
in the security name space

293
00:10:41,00 --> 00:10:43,00
on supported file systems.

294
00:10:43,00 --> 00:10:44,07
On a system that uses SE Linux,

295
00:10:44,07 --> 00:10:46,05
we can find this information for files

296
00:10:46,05 --> 00:10:50,05
by using the command ls -Z to show the context,

297
00:10:50,05 --> 00:10:51,08
which is what SE Linux calls

298
00:10:51,08 --> 00:10:53,09
the access control information it applies to

299
00:10:53,09 --> 00:10:55,07
and reads from files.

300
00:10:55,07 --> 00:10:57,03
As we'll see throughout the rest of the course,

301
00:10:57,03 --> 00:10:59,03
the basic file system metadata values

302
00:10:59,03 --> 00:11:01,09
like file name and access and modification times

303
00:11:01,09 --> 00:11:03,00
will transfer pretty easily

304
00:11:03,00 --> 00:11:05,03
to other file systems.

305
00:11:05,03 --> 00:11:06,04
Permissions can transfer

306
00:11:06,04 --> 00:11:08,01
but lose a lot of context and meaning,

307
00:11:08,01 --> 00:11:09,09
even when they're preserved.

308
00:11:09,09 --> 00:11:12,02
And extended metadata values can't be set

309
00:11:12,02 --> 00:11:13,07
on all file systems

310
00:11:13,07 --> 00:11:16,03
and don't always transfer to other file systems,

311
00:11:16,03 --> 00:11:17,05
but sometimes they do,

312
00:11:17,05 --> 00:11:19,02
as we'll see a bit later.

313
00:11:19,02 --> 00:11:20,01
Unfortunately,

314
00:11:20,01 --> 00:11:22,04
there isn't a whole lot of specific documentation

315
00:11:22,04 --> 00:11:24,06
about which combinations of file systems,

316
00:11:24,06 --> 00:11:25,08
tools, and attributes

317
00:11:25,08 --> 00:11:28,00
can transfer these values successfully.

318
00:11:28,00 --> 00:11:29,05
Some individual research is needed

319
00:11:29,05 --> 00:11:31,09
when setting up a system where these are used.

320
00:11:31,09 --> 00:11:34,06
ACLs are really intended for use within one system

321
00:11:34,06 --> 00:11:38,00
or within one administrator controlled network of systems.

322
00:11:38,00 --> 00:11:40,03
They won't protect files copied to other systems,

323
00:11:40,03 --> 00:11:43,01
much less other file systems or operating systems.

324
00:11:43,01 --> 00:11:44,08
If you're working with security on Linux,

325
00:11:44,08 --> 00:11:45,09
it's important to understand

326
00:11:45,09 --> 00:11:47,08
how metadata affects security

327
00:11:47,08 --> 00:11:49,08
and how it can fail us if we're not careful.

328
00:11:49,08 --> 00:11:51,02
It's also important to keep in mind

329
00:11:51,02 --> 00:11:53,04
what information is exposed by this metadata

330
00:11:53,04 --> 00:11:55,09
and how that could be a security risk.

331
00:11:55,09 --> 00:11:58,02
For more Linux specific detail about ACLs

332
00:11:58,02 --> 00:11:59,08
and other topics we're exploring here,

333
00:11:59,08 --> 00:12:02,05
take a look at the course "Linux: Files and Permissions"

334
00:12:02,05 --> 00:12:04,00
here on LinkedIn Learning.