1
00:00:02,130 --> 00:00:08,420
Not every user of a single operating system should have the same level of access to files and directories

2
00:00:08,990 --> 00:00:12,830
like an a professional or enterprise level operating system.

3
00:00:13,160 --> 00:00:17,210
Linux has methods for securing file under three access.

4
00:00:18,770 --> 00:00:26,870
These security systems allows the system administrator, the rule accuser or the file owner to protect

5
00:00:26,870 --> 00:00:37,400
their files from unwanted access or tampering by granting select user permissions to read, write or

6
00:00:37,400 --> 00:00:40,990
execute files for each file and directory.

7
00:00:41,210 --> 00:00:49,150
We can specify the permissions status for the files owner for a particular group of users and for all

8
00:00:49,150 --> 00:00:49,880
other users.

9
00:00:50,510 --> 00:00:55,910
This is a necessity in a multi user interface for enterprise level operating system.

10
00:00:56,570 --> 00:00:59,300
The alternative would be quite chaotic.

11
00:00:59,660 --> 00:01:07,370
So in this letter, I will show you how to check for and change permissions on files and directories

12
00:01:07,370 --> 00:01:08,870
for select users.

13
00:01:09,320 --> 00:01:12,080
How to set default file and directory permissions.

14
00:01:12,080 --> 00:01:14,300
And how to set special permissions.

15
00:01:14,960 --> 00:01:16,490
Finally, you will have.

16
00:01:16,940 --> 00:01:23,270
You will see how hackers understanding of permissions might help them exploit a system.

17
00:01:26,410 --> 00:01:33,310
We have different types of users in Linux, as you know, in Linux, the root user is all powerful.

18
00:01:33,670 --> 00:01:37,390
The root user can do basically anything on the system.

19
00:01:38,350 --> 00:01:44,620
Other users on the system have more limited capabilities and permissions and almost never have the access

20
00:01:45,130 --> 00:01:46,930
that the root user has.

21
00:01:47,710 --> 00:01:55,720
These other users are usually collected into groups that generally share a similar function in a commercial

22
00:01:55,720 --> 00:01:56,140
entity.

23
00:01:56,140 --> 00:02:00,850
In these groups might be finance, engineering, sales and so on.

24
00:02:01,390 --> 00:02:07,120
So in an IT environment, these groups might include developers, network administrators and database

25
00:02:07,120 --> 00:02:08,050
administrators.

26
00:02:08,260 --> 00:02:15,100
So the idea is to put people with similar needs into a group that is granted relevant permissions.

27
00:02:15,610 --> 00:02:18,910
Then each member of the group inherits the group permissions.

28
00:02:19,180 --> 00:02:25,270
So this is primarily for the ease of administering administrating permissions and security.

29
00:02:26,110 --> 00:02:29,800
The root user is part of the root group by default.

30
00:02:29,830 --> 00:02:36,400
So each new user on the system must be added to a group in order to inherit the permissions of that

31
00:02:36,400 --> 00:02:36,820
group.

32
00:02:38,760 --> 00:02:47,310
So each and every file and directory must be allocated a particular level of permissions for the different

33
00:02:47,310 --> 00:02:49,320
identities using it.

34
00:02:49,920 --> 00:02:53,350
The three levels of permissions are here.

35
00:02:53,370 --> 00:02:54,570
I want to show you here.

36
00:02:55,320 --> 00:03:00,210
Um ah uh, permissions really clear.

37
00:03:00,780 --> 00:03:06,380
And uh, we have w uh, right here, right?

38
00:03:07,080 --> 00:03:11,610
And we have X here x for execrable.

39
00:03:14,460 --> 00:03:21,910
So read here these grants permissions only to open, and we will file, right?

40
00:03:21,930 --> 00:03:25,710
Is this a lost user to weave and edit the file?

41
00:03:25,710 --> 00:03:33,330
And it is, as you know, this allows users to execute the file, but not necessarily weave or edit

42
00:03:33,330 --> 00:03:33,480
it.

43
00:03:33,890 --> 00:03:40,410
It is just executed if not written before, uh, read or write you.

44
00:03:41,340 --> 00:03:48,780
In this way, the root user can grant users a level of permission depending on what they need the files

45
00:03:48,780 --> 00:03:50,910
for when a file is created.

46
00:03:50,910 --> 00:03:57,870
Typically, the user who created is it is the owner of the file and the owning group is the user's current

47
00:03:57,870 --> 00:03:58,260
group.

48
00:03:58,740 --> 00:04:02,520
The owner of the file can grant various access privileges to it.

49
00:04:02,970 --> 00:04:11,280
So let's look at how to change permissions to pass ownership to individual users and to groups.

50
00:04:12,480 --> 00:04:15,930
So granting ownership to an individual user.

51
00:04:17,110 --> 00:04:23,930
To move ownership of a file to a different user so that they have the ability to control permissions

52
00:04:24,020 --> 00:04:26,130
so we can use Chrome.

53
00:04:26,510 --> 00:04:27,440
I'm not sure you.

54
00:04:29,850 --> 00:04:32,910
Home, but this means change all or.

55
00:04:33,180 --> 00:04:42,230
Change owner in Linux, so, uh, corn, for example, bulb here DMP bulbs.

56
00:04:42,330 --> 00:04:42,710
Wow.

57
00:04:43,260 --> 00:04:50,220
Here we give the command the name of the user we are giving ownership to, uh, bob here.

58
00:04:50,220 --> 00:04:51,810
And uh, this.

59
00:04:51,810 --> 00:04:57,180
Coleman grants the user account for bob ownership of Bob's file.

60
00:05:00,060 --> 00:05:09,120
So, uh, granting ownership to a group, so to transfer ownership of a file from one group to another.

61
00:05:09,420 --> 00:05:15,930
We can use the, uh uh, see how rep I want to show you here, um?

62
00:05:18,420 --> 00:05:20,300
See, scary.

63
00:05:21,060 --> 00:05:22,770
So a group.

64
00:05:23,070 --> 00:05:30,270
So this is the change group common hackers are often more likely to work alone than in groups.

65
00:05:30,570 --> 00:05:33,240
But it's not unheard of.

66
00:05:33,240 --> 00:05:40,770
Several hackers or pen testers work together on a project, and in that case, using groups is necessary.

67
00:05:41,170 --> 00:05:46,590
So, for instance, you might have a group of protesters and the group of security team members working

68
00:05:46,590 --> 00:05:47,640
on the same project.

69
00:05:48,060 --> 00:05:54,210
The Panthers, the Panthers stairs or in this example, are the root group, meaning they have all permissions

70
00:05:54,210 --> 00:05:54,900
and access.

71
00:05:55,320 --> 00:06:01,770
So the route group needs access to the hacking tools, where a security flaw can only need access to

72
00:06:01,770 --> 00:06:06,870
defensive tools such as intrusion intrusion detection system ideas.

73
00:06:07,170 --> 00:06:14,970
So let's say the route group download and install the program named New Ideas, the route group will

74
00:06:15,000 --> 00:06:18,450
need to change their ownership to the security group.

75
00:06:18,660 --> 00:06:23,120
So the security group can use it at will to do so.

76
00:06:23,130 --> 00:06:29,100
The road group here and will simply enter this command.

77
00:06:29,100 --> 00:06:31,400
Say who to.

78
00:06:34,230 --> 00:06:38,880
Ten new ideas, this is just an example, so I will not it's common.

79
00:06:40,150 --> 00:06:42,580
So this month passes the security group.

80
00:06:43,960 --> 00:06:46,090
Ownership of new ideas.

81
00:06:46,690 --> 00:06:53,860
So now you need to know how to check whether these locations have worked, so you will do by checking

82
00:06:53,860 --> 00:06:55,000
the files permissions.

83
00:06:56,050 --> 00:06:57,340
So checking permissions.

84
00:06:59,000 --> 00:07:06,620
You want to find out what permissions are granted to water users for a file or directory?

85
00:07:07,100 --> 00:07:08,180
Use the L.

86
00:07:08,180 --> 00:07:09,320
S Command.

87
00:07:11,750 --> 00:07:12,890
Unless command.

88
00:07:13,130 --> 00:07:18,110
Let me look at how many minutes we have, yes, that was the last month.

89
00:07:19,720 --> 00:07:26,590
Uh, within the L here, this means long speech that this will lay the contents of the directory in

90
00:07:26,590 --> 00:07:27,640
a long format.

91
00:07:28,060 --> 00:07:31,690
So this list will contain the permissions here.

92
00:07:32,470 --> 00:07:39,640
So as L Command on the file user share hash grant one of the my favorite.

93
00:07:40,600 --> 00:07:45,340
Um, federal controls here in order to see what we can learn about the files.

94
00:07:46,180 --> 00:07:46,630
So.

95
00:07:47,630 --> 00:07:48,380
This is them.

96
00:07:49,690 --> 00:07:51,880
File type here.

97
00:07:55,250 --> 00:08:02,750
And this is the permission of file here, as you can see here.

98
00:08:03,800 --> 00:08:11,060
This is the the number of links, so you will learn what his links link is in Linux.

99
00:08:11,690 --> 00:08:15,020
So this is the um, the owner of the file.

100
00:08:17,740 --> 00:08:23,290
And this is the then size of the file in Vice.

101
00:08:24,610 --> 00:08:30,910
So this means when the file is created or modified and this is the name of file.

102
00:08:31,780 --> 00:08:37,630
So for now, let's focus on the seemingly incomprehensible strings of letters and dashes on the left

103
00:08:37,630 --> 00:08:40,030
edge of each line.

104
00:08:40,600 --> 00:08:46,840
They tell us whether an item is a file or directory and what permissions, if any, are on it.

105
00:08:47,440 --> 00:08:56,050
So the first character tells you the file Typekit d stands for a directory and the hash indicates a

106
00:08:56,050 --> 00:08:56,470
file.

107
00:08:57,840 --> 00:09:01,060
Uh, so these are the two most common file types here.

108
00:09:01,420 --> 00:09:04,330
So the next section defines the permissions on the file.

109
00:09:04,540 --> 00:09:13,750
There are three sets of characters and made so some combination of read, write and execute in that

110
00:09:13,750 --> 00:09:14,140
order.

111
00:09:14,320 --> 00:09:18,790
So the first set represents the permissions of the owner.

112
00:09:18,820 --> 00:09:25,510
The second is of the group and the last news all, uh, all of the users.

113
00:09:26,260 --> 00:09:33,280
So regardless of which, set of the three letters you are looking at, if you see an R at first here,

114
00:09:33,610 --> 00:09:35,590
as you can see, there are same uh.

115
00:09:36,070 --> 00:09:36,490
So.

116
00:09:38,220 --> 00:09:45,600
That user of group users has permission to open and read that file as Tumblr is in the middle here.

117
00:09:45,760 --> 00:09:55,920
No means that they can write to modify the file or directory, and the AEC's is meaning if any geeks

118
00:09:55,920 --> 00:10:00,540
at the end means they can execute or run the file or directory.

119
00:10:00,780 --> 00:10:04,260
If any RW or X is replaced with a dash here.

120
00:10:04,770 --> 00:10:09,000
Like that, then the respective permissions hasn't been given.

121
00:10:09,480 --> 00:10:15,780
Not that the users kind of permission to execute on either binaries or scripts.