 We've seen already that some things that we can't access, some files we can't access, the student user couldn't see the shadow file, it said permission denied. If we try to run some programs, it may be permission denied. So there are some permissions on files. In general, every file, and a directory is a special case of a file, every file has some ownership, the person who owns it, and some permissions. What are you allowed to do with it? So that's what we want to look at briefly here. I'll log in as a named user, and I suggest you do that too. So we're as one of our named users. Note that when you log in, you're in the student directory. But that's not my home, I've logged in as a named user, so I want to go home, CD, and now I'm in my home. So let's create a file just to demonstrate here, echo something into my file, and just to make it clear, who am I? And let's look at the details of this file. So I have created a file, abc.txt, when we see the details, we see the file name, the date and time, and this column tells us the user that owns the file. Every file has a user that owns it, belongs to one person. So by default, when you're logged in as a user, when you create a file, you own that file. We'll see later, we can change who owns it, but by default, we own that file. The second column, and yours will be different, the second column shows the group that owns the file. So in fact, each file has a user, an individual user that owns it, as well as a group that owns it. And a group, as you may guess, contains a set of users, one or more users. And when we say the group owns it, it means anyone in that group can do some things, some special things with it. So with respect to this file, we say there's one user that owns it, there's one group of users that own it, and then there's all the rest of the world, everyone else, the others. So on our computers, we saw there are what, 100 plus users. For this file, one of those users owns it, some users are in the group, blue one that own it, and then there's all the other users, the other 99 users or however many there are. So we'll distinguish between three sets of users, the user that owns, the group that owns, and others. Others are not the user that owns and not in the group. User, group, others, U-G-O, we'll come back to those letters. So the ownership for those three sets of users, user, group, others, they can do different things potentially with the file. What thing can they do with a file? Well, there are three main operations in Linux. We can read a file, means open it and look at the contents. We can write to the file, which means modify the contents, delete, modifying. Deleting is just the same as modify. So write to a file means change or edit. And in some cases, we may want to execute files. If it's a program, we make it executable. So we can read, write, and execute. And the three letters are W and X, X for execute. So what can our user do with this file? How do we know? These nine characters tell us. Have a look. The first character tells us if it's a file or directory. This dash here says this is a file, not a directory. The next nine, we split them into three groups of three. So let's look at them. These three characters, just zoom in so everyone can see. R, W, dash. The three characters in the order of read, write, execute. Read, write, execute. So these three characters specify the permissions of the user that owns the file. So the user that owns the file, what can they do with it? They can read it because there's an R there. They can write to it because of the W. They cannot execute because there's no X. If they're allowed to execute, there'll be an X there, not a dash. So our user can read and write the file but they cannot execute. That's what this tells us. The next three characters are what the group can do with the file. Anyone in the group blue one is allowed to read the file, write the file but not execute. The last three characters are what others can do with it. Others in this case cannot do anything. They cannot read, write, or execute. So that's how to read the permissions. You may see an R here, I think, in your case, right? Or the default in your case, maybe an R. That is, others can read it. Let's try, zoom out. Here, this example. The reason I didn't have an R here is because that file was already created and modified before. The file XYZ, read and write. The user can read and write. The group can read and write. The others can read only. Meaning the others can look inside the file but they can't modify it. They can't write it. No one can execute. So that's how to read those nine characters. If you can't remember, they're on the reference card in front of you. Okay, it takes some time to practice and remember them. So we'll have some practice. Now what we'd like to do is to change the values. So let's try. Who am I? First, what groups am I in? Type groups. This tells me the groups I'm in. So we see I'm in a group that is based on my username. That's usually the default group. Everyone's usually in a group which has the same name as their username. And in these computers I've set up so that this user is in blue one group. You will see hopefully if you've logged in as your user you're in a colored group as well. The color based upon the desk. And probably the color followed by the number five, section five. So these are the groups I'm in. If you wanna see what people are in different groups, there's a file in the ETC directory called group. And you can look in that and it lists all the groups on the system. And you scroll down and you see who's in red blue one and it lists the users in that group. But there's one way to see who's in a particular group. That's similar to the past WD file. It shows, but this shows information about the groups not the individual users. ETC slash group. The command group shows what you're in. So our file xyz.txt, I would like to be able to change. I would like to be able to change who owns the file. The user that owns and the group that owns. Let's change the group. There's different ways to do it. CH own, change the ownership. CH own, change ownership. And we take two inputs. The username that we want to own, call on, follow by the group. Don't copy mine, use it for yours. So maybe you can change it so that previously it was owned by this user. I don't want to change that. I want the user to be the same. But the group was this one. I want to change to blue one, in my case. Maybe you change your file to be in your colored group. And the file name. Change the ownership of this file. You see the group has now changed from the original group to blue one. So in fact, that changed the group only. You could also change the user as well, but there may be some restrictions on which users you can change to. There's a short way to change groups. CHGRP, change group. I've just changed it back to the original group. So CH own, change the user and the group. CHGRP, change just the group. So you can use either. Let me change it back to blue one, in my case. So we can change the ownership of files. We can also change the permissions on those files. And sometimes it's not called permissions. It's the modes of which we can access that file. There are three modes, read, write, and execute. So we can change the mode for the file. So to change the mode, CHMOD, change CHMOD. And this is a little bit complex, but if you remember, there are three sets of users. The user that owns you, the group that owns G, others O. And there are three types of modes or permissions. Read, write, execute, RWX. So we can add and subtract permissions, plus or minus. Our current file, the others can read the file. Let's change the permissions so others cannot read. O, subtract, or revoke the permission to read that file. So the syntax here is specify the set of users, and then either plus or minus, usually. Plus gives the permission, minus revokes the permission. And then what permission, in this case, read, the R's gone. I subtracted the R's, meaning for the others, meaning other people can no longer read this file. If you're the user, you can read it. If you're in the group, you can read it, but if you're anyone else, you cannot read it. And you can have other combinations. CHMOD, the group, don't let the group edit the file. Group, subtract, the write permissions. Now the W has gone. Here, all right? So the group users can only read, they cannot write. If you wanna change that back, you can grant permissions or add permissions. Plus, give them the permission to do that. And now the W's back. CHON changes the user and the group that owns the file. CHGRP just changes the group. CHMOD changes the permissions. And you can set combinations based upon user, group, and others, grant or revoke, plus or minus, read, write, execute. And with that, you can set up what you're aimed to do to secure the files. So this needs practice. So what I'll do is just put up a couple of tasks that you can try, very simple. And just learn some of the syntax for CHMOD and CHON, try some different things. Do this as your named user, not a student. And to test that the permissions do what you expect. And the way to test is to get your friend to log into your computer and see if they can read the file. So try to set up some permissions so that it protects some of the files. To get started, what can you do? To show the groups you're in, your run groups. I'll just leave that up there. To change the mode, CHMOD, to change the owner, CHON. You can also use CHGRP and some tasks. And just so it shows on the screen. Very easy task, but try some others as well and get your friend to test by see if they can access those files. Get different friends to test. One that's in the group and one that's not in your group and see if you can set different things up.