 Hey guys right now we are going to talk about Linux file system permissions and it's easy It's easy because we only have three permissions those permissions are read write and execute every file has got ten bits That are associated with it the value of the first but kind of determines the kind of file So if it's a D, it's a directory if it's a just a dash It's a normal file if it's a link it would have an L for a symbolic link If it's a block-based file as you saw earlier on it would have a B And the value of the first bit determines the kind of file the remaining nine would be the permissions now You're looking at that and saying what you said nine. Didn't you just tell me that there are three permissions? Yeah, there are indeed three permissions However, those permissions can be applied to three different entities the three different entities would be the user We have the group for the next three and then the final three would be for other And I'll explain that more in a moment when you create a file You're the owner of that file and that is who the you refers to the user that is associated with the file So more explicitly this would refer to the owning user Now when you create a file you are logged in as a user and that user has got a group This would be the primary group now the group that is associated by default with a newly created file would be the users primary group and that is what would be the G or the owning group everyone who is not the logged in user or the User that is associated with that file or a member of the owning group that is associated with that file would be Qualified by other so we could have read write and execute associated with the owning user read write and execute associated with members of the owning group as well as read write and execute Associated with other so let's go get our hands dirty right now So we are going to create a directory called slash common So let's go and take care of that and the directories are just being created So let's go and do a listing right now of the directory now If you want to see a permit the permissions associated with the directory you would use ls dash ld now The d is really important over here because otherwise what's going to happen is that the ls command is going to show you the Contents of the directory common and it's not going to show you the properties Associated with a common directory so you can see again over here guys that we have ten bits Feel free to count them and you can see that the value of the first bit is a d this tells us that it's a directory And then we have nine more bits of a year and yet we have the permissions So rw and x would be associated with that components over there That is the owning user or the user that is associated with the file We also have the owning group of a year right next door and that is root and the next three bits would be the permissions for the owning group and Then the final three would be the permissions for other again other means everyone who is not the owning user and Everyone who is not a member of the owning group So let's go and try and give the student user access to this directory right now So do we just want the student user to be able to change into the directory if so? Well, the student user already can do that and here's why we always evaluate permissions in the order that we've defined them Ugo so is the student user the owning user of that directory the answer is no root is the owning user So these permissions are not going to be applicable so guys we stop at the first match We process no further we don't have a match So we're allowed to continue processing is the student user a member of the group that is associated with that file So we don't know let's go and find out we're gonna say groups Students and we can see that student is a member of the group students as well as the group wheel and that is not what the owning group is So now we are allowed to process further and he could see over here that we have The permissions for other now because the user student is not the owning user and not a member of the owning group The user student is qualified by other and therefore the student user has got read and execute permissions Which are perfectly sufficient to change into a directory and to do a directory listing So let's go and put that to the test right now We're gonna change into the directory common and we're gonna do a directory listing That's it nice and simple, but let's find out right now if we can create a file So we're gonna create a file called student dot file one And you can see that permission denied and that again is it's resigningly clear as to why we don't have the W permission or the Right permission so let's kind of find out how we could go about giving the user student the right permission Now to change permissions we use a command called Chimod which is used to change the permissions mode So what I could do over here is that I could say I'm gonna give other the W permission Now be very careful over here that other doesn't mean everyone Other means everyone who is not the owning user everyone who is not a member of the owning group So we're gonna give other Permissions to to slash common we're gonna give them the right permission So plus W means that we are adding something and we are adding the right permission So now if you have a look at the output of the LS-LV command against the common directory you can see right now that Rw and X has been given to to other so let's go and find out if the user student can log in and Create a file called student dot file one Success I can do that and if you had to go and explore who the owning user is of the file You'll see it would be the creator and the owning group would be the primary group of that user So what I'm gonna do right now is that I'm gonna go and create a user called Paul so let's go and use user ad and we're gonna type in Paul over here and I'm gonna do something very interesting right now I'm gonna set the owning group of that directory to be the group Paul So let's can influence that to do that we use the command chone or change ownership and there are two aspects to ownership you could be the owning user You could also be the only group So what I'm gonna do right now is that I'm only gonna change the owning group now We use a colon as a separator between the owning user and the owning group So if I wanted to make the user student the owning user And if I wanted to make the group Paul the owning group that is associated with common, I would use this command over here So chone student colon Paul for common and you can see that the transaction was successful no error message However, we want to validate our work so let's go and run the LS-LD command against common and you can see that the user student is indeed the owning user and Members of the group Paul have read and execute permissions So allow me now to go and log in as the user Paul So let me go and switch user We're gonna switch user to Paul and we're gonna try and get into the common directory And you can see that that transaction was successful because if you wanted to change into a directory You would need the execute permission if you wanted to do a directory listing You would need the read permission and we have that so let's go and see what happens right now When I create a file called Paul dot file one and you can see over here that it says permission denied now You may be drawn into thinking that well everyone has got the right permission. No, that's not the way it works Remember you process your permissions in order owning user then owning group and then other and you stop at the first match So what are Paul's permissions is Paul the owning user associated with common? The answer is no the student user is great Let's go to the next one is Paul a member of the owning group that is associated with common. Yes Paul is a member we can see over here that Paul of the group that is associated with common is the Paul group The Paul group is the primary group associated with the user Paul So we have a match guys you stop right there you process no further So the permissions that would be effective for the user Paul would be read and execute So allow me to log out as the user Paul right now and we're gonna add one more user So we're gonna do a user ad and we're gonna add the user George And what we now want to do is determine what George's permissions are to that common directory So nice and simple is George the owning user. No student is is George a member of the group that is associated with that with that directory which is Paul no George is not We just created George. We didn't influence George's groups yet So George is not a member of the owning group So therefore George is qualified by other and George should have read write and execute So let's go and put that to the test right now. So we're gonna switch a user to George and I'm gonna change into the common directory and I'm gonna try and create a brand new file called George file one and you can see that that transaction is successful showing how the permissions flow works So one more thing that I'm gonna do right now guys is that I'm gonna show you how as the user roots and Let's just go and get clear the output I want to show you how I could go and influence the permissions for the user students So I'm gonna say Chimad and we are gonna affect the owning user or the user And we are gonna be taking away permissions right now So the permissions that we are gonna be taking away would be how about we do minus read write and execute and We're gonna do that for the directory common So if you have a look at the permissions that are set right now You'll see that we have D for directory and then we have dash dash dash So in the absence of a permission you just use dashes. So no permissions for the owning user Now let's go and see how that how that affects the student user for the common directory I can't do a directory listing. Let's change out of the directory. Let's go and change back in again permission denied Let's go and see if I can create a file So we're gonna say common and we're gonna say student dot file to and again Transaction is unsuccessful and once again guys just as a reminder We always evaluate permissions in order. These are the permissions for the owning user and the user student is the owning user So we have a match we stop right there. We are not allowed to process any further Now while I told you that there are only three permissions in the Linux file system That was a little bit of a lie because we do have three other permissions However, they'll well be on the scope of this technical overview and with that guys, I'm gonna bring this chapter to an end I will see you in the next video