 In the previous demo I introduced the basic permissions that are available in the Linux operating system that is we can indicate whether we have a file or a directory and then whether a user within some group or some other user has read, write or execute permissions and we can see those permissions in the first column of the output of the ls-l command I've created some users on my demo system here, a set of users and some files for those users so let's see what those different users can do and see how the permissions impact upon the capabilities of the users currently I'm logged in as S Gordon, that's my current user, indicated by the prompt here my current directory is slash home slash S Gordon and by default every user has a directory in their slash home directory so I've got some files here, in the CSS322 directory I can enter that directory because I'm the owner of that and I have execute permissions and I can look at files in that directory let's see what I can do in seeing other users' directories so I'll go into the slash home directory and ls and we see there are a set of other home directories for other users so this is some example users that have been created on the system and that's their home directories so from the user S Gordon's perspective we can see that I have permissions or the permissions given for each of the directories for Booneck, Instructor, Nappat and others depends upon what's given in the first column first let's see what groups I am part of who am I shows my user name, that's simple so I am user S Gordon more detailed information of who am I is using my identity if I run the command ID I can see that my user ID UID here is S Gordon in fact the user name is identified by a unique number so in fact S Gordon is really 1003 on the system user 1003 so that's the user, also I have a group ID my primary group and in this case my primary group is set up to be faculty or group 1007 but a user can be part of multiple groups so you have a primary group and additional groups so in this case I am set up to be part of the group CSS322 ITS413 and also as listed here my primary group is the faculty group so the user S Gordon is in three groups on the system to see that in a nicer format just run groups and you will see the set of groups that you, the current user as part of so let's clear actually we can go up and let's look and see from the permissions for these other users directories what I can access let's take for example this line for Dr. Tanarak's home directory so Tanarak is another user on the system we see that the owner of this directory is the user Tanarak and the group for this directory is faculty I know I am part of the faculty group so we saw that from the groups command that S Gordon is in the faculty group so let's look at the permissions that I have on the Tanarak directory we see here the first three characters indicate the permissions for the directory owner that is the user Tanarak the next three permissions indicate that for the users of the faculty group that is the users of the faculty group have no permissions on the Tanarak directory that is I cannot read, write or execute let's test that I will see if I can CD into that directory that is into Tanarak's home directory permission denied I don't have execute permission or the faculty users do not have execute permission on the Tanarak directory can I LS? No so I cannot see inside Dr. Tanarak's home directory even though I am a member of the faculty group the faculty group members do not have any permissions on that directory also other users do not have permissions on that directory so that means I cannot access his home directory what about other users? well we see I can access their directories the user Booneck I can CD into that directory we see although I am not part of the students group I am another user and we see for the directory here other users have read and execute permission so if I try and CD into that directory again and if I run LS I can see the contents of that directory so I can access this user's home directory and see files in that let's see what some other users can do I am going to switch users just for the demo I am going to log in as a different user one way to do that is to use the command su switch user and then specify the user's name so I am going to switch to the user Smith and just in this demo I actually know the password I have created these users and I know their password so I am going to log in as that user normally you need to know the password to access that user's account I will CD to the home directory now I am logged in as user Smith given by the user name given here I am in the home directory of user Mr Smith and who am I I am now logged in as Smith so let's see what Mr Smith can do in accessing other people's directories first what groups is Mr Smith part of he is part of the students group and the ITS413 group we are currently in slash home slash Smith there are no files in his home directory let's see if he can access his home directory yes why because if we see the s gordon directory owned by user s gordon group faculty Mr Smith is in the students and the ITS413 group so he is not within the faculty group he is not the user owner s gordon he is one of the other users so he can execute that directory that is they can see the contents of the directory and they can change into the directory that is execute so Mr Smith is currently in the directory of s gordon he can see the contents of the directory can he see the contents of file secrets well we look at the permissions the permissions for s gordon do not matter for Mr Smith he is not s gordon the group is faculty Mr Smith is not in the faculty group so from the perspective of the file secrets.txt Mr Smith is one of the other users and the permissions for other users is that there are no permissions that is they cannot read write or execute on that file let's test that can we show the output of secrets using cat no permissions denied can we as Mr Smith delete secrets using rm do you want to remove a right protected file let's try yes permission denied still that is we cannot delete the file so we cannot read the file we cannot delete the file can we modify the file if we open it in a text editor we see down the bottom that nano reports permission denied even if we change something and control x to try and save and say yes I cannot save it as that file so I'll cancel so Mr Smith doesn't have permissions to view edit or execute that file what else can we do Mr Smith in s Gordon's home directory we see another file called print message we see it's green why is it green because this file has execute permissions it's actually a program that we can execute and again we look at what other users can do because from the perspective of this file Mr Smith is another user he has read permissions and execute permissions how do we execute it we specify that we're in the current directory the file or the program name and I know that how this program works we supply some message and it should print the message on the screen so yes Mr Smith can execute the program print message you can also look at the contents of that file it's just a script in this case a very simple script it goes whatever we pass in as an input to the screen let's go back into our home directory and see what other users directories Mr Smith can access we see we can execute on the booneck directory so cd into that directory as Mr Smith and ls minus l see any files in there so Mr Smith can access boonecks directory you can see that the file exists can you see the contents of the file again as a reminder Mr Smith is a member of the group students the file myassignment.txt is owned by Mr Booneck and the group owner is students which Mr Smith is a member of for students group members there are no permissions so we cannot read the file permission denied so we can see the file name but we cannot see the contents of that file we can see the file name because the directory slash home slash booneck has read and execute permissions for the students users let's try another user I'll switch to a different user in this case tanyaton switch user tanyaton and I know her password but I typed it wrong I typed the wrong password that case I'll try again cd current directory is slash home slash tanyaton who am I so the user has changed let's see what she can access on the system let's go into the slash home directory and again try to access another user's directory let's see what we can access in s gordon's directory we can access as we see seen before so the user tanyaton can access s gordon's directory what groups is tanyaton in she's in the students group and it's 413 group can she access the directory css 322 try try to cd into css 322 as tanyaton and we find she cannot access because permission is denied because for that directory you need to be part of the css 322 group to read or execute them on the directory miss tanyaton's only members of the students and it's 413 group as shown by the output of the groups command so she cannot access the directory css 322 but she should be able to access the directory it's 413 because the group owner is group it's 413 which has read and execute permissions on that directory and miss tanyaton is a member of the ITS 413 group so let's try we can cd in and we can ls we can see the contents of we can see the list of files and directories in there and we can see the contents of the files because again we have read permissions for the members of the ITS 413 group which tanyaton is sub directory for students look at the permissions again the 4 students sub directory has permissions read write and execute rwx for the users in the ITS 413 group which tanyaton is that means of course we can execute and cd into that directory because we have write permissions on the directory that is the members of the ITS 413 group have write permissions on this 4 students directory it means that they can modify the contents of the directory let's try and create a file using nano open a file put some content in the file and save cdx save yes save as tanyaton.txt ls minus l so in sgordon's home directory within the ITS 413 slash 4 students sub directory a sub directory in sgordon's home because the permissions are for the group ITS 413 they can write to this directory anyone within that group can create and modify files in the directory so we see tanyaton just created a file called tanyaton.txt she is the owner of that file her default group is students and the default permissions created for that file show that others can read, group members can read and tanyaton can read and write the file so we can give other users permissions to other users directories let's try one more example let's go back to the home directory and we're currently logged in as Ms.Tanyaton and let's enter Mr.Napat's directory which we see student users have read, write and execute permissions as other users have just read and execute permissions tanyaton is a member of the students group so we can cd into the directory we see that there are two files in this directory with the file, the second file not so important.txt it's owned by Mr.Napat and the group owner is students recall we are logged in as tanyaton and her groups include the students group so she's a member of the group she has read and write permissions on this file means she can edit the file open it with nano it's got some text in it add some more text and let's save the file ctrl x, save changes yes same file name and just cat that file so tanyaton has changed that file which is owned by Mr.Napat she gets permissions to change the file because she's a member of the students group and members of the students group have write permissions on that file write permissions also means you can delete the file so as tanyaton will try and delete the file not so important.txt with rm and it's gone so even though the user Mr.Napat created the file another user had permission to delete the file what about the remaining file don't delete this.txt can tanyaton modify or delete that file let's see if we can open it in a text editor we opened the file with nano and nano reports an error saying we cannot read the file we have permission denied why? tanyaton although they are a member of the students group there are no permissions for the student group members to access that file they cannot read or modify the file can we delete the file as tanyaton yes or no gives us a warning do you really want to remove this write protected file let's try yes I want to delete it no problem the file is gone so tanyaton could not view the contents of the file but was able to delete the file why is that let's go back and check why the home directory for Mr.Napat owner Mr.Napat group owner students tanyaton was a member of students the permissions for students were rwx that is users part of the students group can have the right permission on the directory slash home slash napat right permission on the directory means that you can change the contents of that directory including creating files and deleting files so in this case tanyaton had the permission to delete files into Mr.Napat's directory even though she couldn't read those files so that demonstrates some different examples of how permissions can be used there are much more than what we've covered here there are some more complex attributes that you can give to permissions and it becomes complex and how you combine those nine different conditions three different types of users the user the group and the other users and the permissions of read write and execute try and explore to see what you can do on shared operating systems and accessing other people's files and how you can give other people access to your files