Fix VMWare Player Resolution with Solus (All Versions)

Beggars Can’t be Choosers

Recently, in my “all Windows all the time” job I have felt the need to have some virtual desktops on my Home PC that I can spin up in a few moments notice so that I can scratch the Linux itch.  Dual boot won’t work because I have to stay connected to my VPN and we don’t support Linux for this 🙁  Obviously, this is where virtualization software comes into play.

State of Virtualization 2020

However, virtualization software seems to want to make running a Linux desktop in 2020 problematic with their programs chock full of buginess.

Hyper-V?  Not if you run Windows Home and no support for graphics.  Not to mention, you’ll have to gut install it via powershell and when it fails, gut it via powershell and elect to go with another option.  Hyper-V is an afterthought by Microsoft now as well for desktop players.

How about Oracle Virtualbox?  It works great for simple things like Ubuntu and Debian…but you can no longer change resolutions for most because it doesn’t support older formats of Display drivers.  Often times for things like Solus, you boot to a black screen and can do little else, let alone install anything even with additions installed.

None of the aforementioned solutions are able to go full screen on every Linux distribution I take for a spin.

Enter VMware Player.

With some light hacking to get VMware tools installed on Solus, full screen magic can be had again.  I’m going to walk you through how to get any flavor of Solus up and running with VMware Tools installed and therefore, magnificent, full screen splendor.

VMWare Tools Installation on Solus

I’m going to assume you were able to get Solus installed on VMware Player and you’ve just booted up to a fresh desktop.  Install any updates required through the software center and if you need to reboot for a kernel update, please do so.

Once you’re at the desktop, select Player >> Manage >> Install VMware Tools.  Click “Yes” when prompted.  After this, launch a console and ensure that VMware Tools has mounted as a separate device (I use df- h to make sure it’s mounted).  If they haven’t mounted, launch the file explorer utility and click on the VMware Tools device in the left hand pane.  They should mount and you should be able to see them inside the console as follows:

 

 

 

Navigate to that location and list the contents.  You should see a file named something like  “VMwareTools-10.3.21-14772444.tar.gz”.  Copy this file to a location of your choosing.  I copied it to my documents.

 

Next, unzip and untar the files:

 

Once the files are extracted, enter into the directory and run the following command (use sudo if you aren’t in root group like I am) to see what we need to do:

 

 

Follow the prompts pressing return for default values and you should hit a snag on the following:

 

 

So VMware Tools is looking for rc directories, but they don’t exist on Solus (for good reason!).  So let’s give VMware Tools what it wants.  Control-C to drop out of the installer and let’s create those files as root:

 

 

Run the installer again, pressing return for all defaults.  Let it fail on “Unable to copy the source file /usr/lib/vmware-tools/configurator/pam.d/vmtoolsd to the destination file /etc/pam.d/vmtoolsd

Since that path doesn’t exist, let’s create it

 

 

Now let’s run that command to install the tools again (vmware-install.pl) and select all defaults by pressing return.

VMware Tools should finish installing completely at this time.  Reboot the VM.  Log back in.

Attempt to change the resolution and things should be right as rain at this point in time…before the tools install, not so much.  Make sure in the VM settings in player that you have the 3D acceleration checkbox checked and you should have quite a nice experience running VM’s using VMware Player.

Questions? Concerns?  Please do let me know below and I’ll attempt to help in any way I can.  Opinions?  I like those too!  Let me know how crap I am below!  Thanks much for reading!

Creating Symlinks – How and Why

As part of your Linux journey, you’ve probably heard of symlinks which are also known as symbolic links.  I figured that since I fixed an error using symbolic links to setup an environment to allow my son to learn program.  I am using something called HacketyHack which can be found here:  http://hackety.com

The problem is that on Ubuntu or Debian, the libssl and libcrypto libraries are out of date.  Hackety Hack’s program requires versions greater than 1.0.0 and 0.9.8 is installed.  The fix is of course a symbolic link.  But how do we do this and more importantly, WHY do we have to do this to fix it?  Let’s go through what they are first.

What is a Symbolic Link?

Look on your computers’ desktop right now.  If you’re like most people, you’ll have many shortcuts to different programs that you access daily.  On my Windows 7 machine at work, I have around 40-50 shortcuts to commonly used tools and places I access to accomplish my job.  Those are, in a nutshell, what symlinks are.  They’re pretty much just advanced shortcuts and with the case I’m going to present today…shortcuts without an icon.  Symlinks redirect a computer to an end location OR make a computer think the end location is where the shortcut is…and since they perform these 2 functions, there are 2 types of them.

  1. Hard Links
  2. Soft Links

Soft Link – When you click on/open a soft link, you’re redirected to the location it is pointing to.  For example, if you click on ‘My Documents’ on your desktop, you’re redirected to a path on the C: drive where your documents are stored.

Hard Link – A hard link makes the computer think that the shortcut is the actual end location.  So, using our ‘My Documents’ example above…the computer would look at the ‘My Documents’ shortcut and it would see it as the actual end location instead of a pointer to the end location.

What Would I Use a Symbolic Link For?

Do you use dropbox or box.net or any other cloud storage system to share files/store files/backup files?  Then a symbolic link might be a good option for you.  Imagine that you setup a folder on your desktop that is named ‘send-to CLOUD’ and when you drag and drop files to that folder, it sends it directly to those cloud storage systems.  This is something that symbolic links can accomplish.

Another case might be if you need files stored in 2 different locations.  Maybe you want to have settings files for an application be redirected to dropbox so that you can access it and use it on another computer.  As you can see, there are many different reasons for using symbolic links.

How Do I Setup a Symbolic Link?

In Linux, you use the command ‘ln’.  To setup a soft link, you use the -s flag like this:

ln -s /usr/lib/library.so.0.9.8 /usr/lib/library.so.1.0.0

So, in the example above, the file library.so.1.0.0 is LINKED or pointed back to the actual file library.so.0.9.8.  To setup a hard link you’d drop the -s flag:

ln /tmp /other/location/tmp

In the above example, your /tmp folder will now appear in 2 locations…both /tmp and the /other/location/tmp.  Please understand that /other/location/tmp has to actually exist <em>before</em> you issue the command.

To remove a symbolic link, just use the ‘rm’ command.  I usually use -rf as flags so that it recursively deletes and forces it to occur without confirmation but it is up to you:

rm /other/location/tmp

How Do I Fix Hackety Hack on Debian?

As promised, the solution to fixing Hackety Hack on Debian.  First, you need to find/locate the libraries that it complains about.  In the first error I received, it was looking for libssl.so.1.0.0.  I use the mlocate package which has the command ‘locate’ to find libssl.so as follows:

devnet@lostlap:~$ locate libcrypto
/lib/libssl.so.0.9.8
/usr/lib/libssl.so.0.9.8

The output tells me that there is a libssl.so.0.9.8 in two locations:  /usr/lib and /lib.  I’ll need to symbolically link both of those with a soft link so that when the program looks for the file libssl.so.1.0.0 it finds it and the link points it back to libssl.so.0.9.8.

sudo ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.1.0.0

 

sudo ln -s /lib/libssl.so.0.9.8 /lib/libssl.so.1.0.0

Now that those to locations are created, we need to follow up with libcrypto which resides in the same two directories as libssl.

sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.1.0.0

 

sudo ln -s /lib/libcrypto.so.0.9.8 /lib/libcrypto.so.1.0.0

Now that both of those are linked to our actual ssl and crypto libraries, you can try running the file from Hackety Hack again.

For me, this fixed the initial two problems but I still have a failure when the installer does a hard check for OpenSSL 1.0.0 and unfortunately, I don’t have a complete solution for it yet.  So, I suppose I lied a bit with the ‘fix’ for Hackety Hack.  The above information is good though for other programs that might require libraries similar to the ones we linked.

Hopefully, you now have a decent understand of how and why to use symbolic links.

Some Random Helpful Hints

I’ve been slowly collecting a few commands that are useful to me for various things while using Linux.  I figured that I would share some of these handy commands.  In no particular order, they are:

To copy, preserving permissions AND structure AND recursively, from a remote system to your local system:

rsync -r -a -v -e ssh server1.address.com:/dir/youwant/to/copy/ /local/location/for/directory/

Please note that the code above assumes that you are using key based authentication and not password.  For password based authentication, it would look more like this:

rsync -r -a -v -e ssh remoteuser@server1.address.com:/dir/youwant/to/copy/ /local/location/for/directory/

To remove all files matching a certain extension (xml in my example) in a directory:

find . -type f -name "*.xml" -exec rm -f {} \;

To go into a location, find all files that match a certain extension (jpg in my example) and move them to a different directory:

find . -name "*.jpg" | xargs -i mv '{}' /location/to/move/them/to/ 

To recursively remove empty directory from the directory you are currently in (your pwd):

find -depth -type d -empty -exec rmdir {} \;

These are a few of the commands that I’ve found useful in the past few weeks.  I hope you find them useful as well.  I’ll be test driving quite a few different distributions and reporting back what I find as well as experimenting with various different commands…I really like find because it is so powerful so look for some more posts with uses of the find command.  Thanks for reading and sorry for my lapse in posting this past month!

Chasing Your ‘Tail’ With Linux

‘GNU tail’ is a small utility which prints (by default) the last 10 lines of any file. This an amazing piece of software not only allows you to see the last part of a file but also enables you to monitor a file’s changes without opening the file.

‘tail’ can be used alone or can be combined with other commands like ‘grep’, ‘ls’ etc.

To use ‘tail’, let’s first create a text file. You can create the file by issuing following command in terminal;

touch my_file

Now open my_file with your favorite text editor (nano in my case) and write some lines. For this article, I have written the following 15 lines;

this is the 1st line
this is the 2nd line
this is the 3rd line
this is the 4th line
this is the 5th line
this is the 6th line
this is the 7th line
this is the 8th line
this is the 9th line
this is the 10th line
this is the 11th line
this is the 12th line
this is the 13th line
this is the 14th line
this is the 15th line

Now issue the following command in terminal;

tail my_file

It will print the last 10 lines which would be the “this is the 6th line” through “this is the 15th line”.

You can control the number of lines which ‘tail’ will print. You can either increase or decrease the number of lines. For example, if you want ‘tail’ to show only last 3 lines, you can do this by issuing the following command;

tail -n 3 my_file

Now it will print only last 3 lines. You can use any number of lines instead of 3. Or you can use a plus sign like;

tail -n+7 my_file

‘tail’ will start printing from 7th line to the end of the file.

You can view the desired file with respect to size. Issue the following command in terminal;

tail -c 14 my_file

And it will show the output of last 14 bytes. In my case, the output was;

the 15th line

‘tail’ not only displays the static output of a file but it can also monitor the file for changes. A ‘-f’ option is used with ‘tail’ and it starts acting like a monitoring tool which not only displays the last few lines but also constantly updates the output as the file changes. Here is a very popular example;

tail -f /var/log/message

‘tail’ will print the last 10 lines of ‘message’ file. If you now plug-in you USB stick, you will notice that the change in ‘message’ file will instantly be reported by ‘tail’. To release the cursor press Ctrl+c.

There are many other useful options which you can use with ‘tail’ like;

tail -q my_file        # never output headers
tail -v my_file        # always outputs headers

You can combine ‘tail’ with other utilities like ‘ls’, ‘grep’, ‘head’ etc.

You can combine ‘tail’ with ‘grep’ to get lines with some specific ‘word’.

tail -n 5 my_file | grep 14

It will print only those lines out of last 5 which contains the word ’14’. In my case the output was:

this is 14th line # ’14’ will be highlighted

‘tail’ can also be combined with ‘ls’ to get the list of last few files/folders. For example, if you issue the following command;

ls -l | tail -n 2

It will give a long listing of files/folders but will show the last 2 entries of the working directory.

These are just two examples of combining ‘tail’ with other utilities. There are countless examples of combination of ‘tail’ and other softwares.

‘GNU tail’ is a very handy tool. It can output any amount of data depending upon the options used. It makes the work of an ordinary user much easer and helps him/her find information in files more efficiently. To become an expert in Linux, this is a mandatory utility over which a user must have complete mastery. Hopefully, this tutorial gets you started chasing your tail!

Using ‘Alias’ in Linux

There comes a time in every Linux users’ life when you will open the Terminal more often than not because you have realized that it is faster, more efficient and more powerful than GUI (Graphical User Interface).  You’ll have started to learn more and more commands and now feel more comfortable with command prompt.  The command prompt is all about commands – short commands as well as long commands.  If you are like me then you may not like to type the long commands (or even small commands) 🙂

You may be thinking about some way to avoid typing commands over and over. Enter the ‘alias’.

The ‘alias’ tool is a way to make the complicated things simple (and simple things simpler). You can use ‘alias’ instead of long (or even short) commands.  Now let’s see how the ‘alias’ works.

‘alias’ can make difficult and lengthy commands easy. The general format of ‘alias’ is:

alias Any_Word=”Command”

It means you linked an existing command to a (New) Word. This ‘Any_Word’ may contain anything – any alpha-numeric symbol, ‘Any_Word’ as well as ‘Command’ are interchangeable and can be used for the same purpose.

Simple Commands Made Simpler

As an example, ‘ls -l’  is used for listing directory contents in ‘long listing format’. This ‘ls -l’ can be replaced with a simpler alias. You can set the ‘alias’ for ‘ls –l’ as follows:

alias ll=”ls –l”

Now you just have to type ‘ll’ (without quotes) to get ‘long listing format’.

Or if you frequently misspell ‘ls’ as ‘sl’ and don’t want to install ‘sl’ package, then, you can use the following alias:

alias sl=”ls”

Now, whenever you type ‘sl’ in terminal, it will give you same results as ‘ls’.

Now consider even simpler example. To close a Terminal (or logout), you have to type ‘exit’ in Terminal. This ‘exit’ command can be made even simpler by using the following ‘alias’:

alias x="exit"

Now, you only have to type ‘x’ in Terminal to ‘exit’

Other examples of ‘alias’ are:

alias cp="cp -iv"
#make copy operation interactive and verbose
alias rm="rm -iv"
#make remove operation interactive and verbose
alias mv="mv -iv"
#make move operation interactive and verbose

Make Package Management A Bit Simpler

If you use Debian (or its derivatives) then you will be familiar with APT.  It is an excellent package manager.

In Ubuntu, to install software using APT, you have to use the following command:

sudo apt-get install <sofware_name>

It is a long command and consumes a lot of your time and energy 🙂

You can shorten this command by using ‘alias’.  Issue the following command in Terminal:

alias Install=”sudo apt-get install”

You can obviously use your own word instead of ‘Install’.

Now, you just have to type:

Install <software_name>

to install the (same) software. Simple, isn’t it?

You can simplify other aspects of APT. For example, you can use the following ‘alias’:

alias Remove=”sudo apt-get remove”

to uninstall a software.

Some other examples of attaching APT with ‘alias’ are:

alias Update=”sudo apt-get update”
alias Upgrade=”sudo apt-get upgrade”
alias Search=”apt-cache search”
alias Autoremove=”sudo apt-get autoremove”
alias Autoclean=”sudo apt-get autoclean”
alias Purge=”sudo apt-get remove –purge”

and so on…

A Very Interesting ‘alias’ For A Difficult Keyboard Button

On some keyboards, the dot (.) button is at very difficult position and if you have to use it more than once, it becomes even more difficult.  That’s why ‘cd ..’ is the command which I mistype the most.  This complication can be easily removed by using following ‘alias’ (you can use any other word instead of a dot):

alias .=”cd ..”
alias ..=”cd ../..”
alias ...=”cd ../../..”
alias ....=”cd ../../../..”

Using Internet From Terminal

If you regularly use lynx to browse the internet in terminal then you have to type long urls with lynx to visit the web pages.  You can simplify these long urls by using ‘alias’:

alias Google=”lynx http://www.google.com/”
alias Yahoo=”lynx http://www.yahoo.com/”
alias yalb =”lynx http://linux-blog.org/”

and so on…

Now just type Google, Yahoo or yalb to visit the respective web sites.

Simple ‘alias’ For More Complicated Commands

Long commands are not only difficult to remember but also take more time to type; when you have to use them on daily basis, you become frustrated when typing them again and again and again… So, ‘alias’ are more suitable for long and complicated commands.

Let’s consider an example.

To find the top 10 largest files in your system, you can set the following ‘alias’:

alias top10files=”find . -type f -exec ls -sh {} \; | sort -n -r | head -10”

You can even mix different commands with ‘alias’.  For instance, if you regularly use ‘tail’ and direct its output to file to later view that file, you can set a very simple ‘alias’ to do this cumbersome operation in 1 word:

alias Tail=”tail /var/log/messages > hello.txt;cat hello.txt”

Now just enter ‘Tail’ and viola! All is done at once.

You can use any file with tail and direct its output and you can even use ‘nano’ or ‘vi’ to view/edit its output.

Here’s another example… ‘alias’ to connect to a remote server:

alias any_name=”ssh <remote_server_address> -l <username> -p <port>”

You can even create ‘alias’ for your bash scripts, like:

alias clc=”sh /home/user/myscripts/calc.sh”

Now that you have set a few different ‘alias’  you might want to check that which ‘alias’ are set on your system.  To do that, just issue the following command:

alias

and it will list all the set ‘alias’ you have.

To remove an ‘alias’, just issue the ‘unalias’ command, like:

unalias Google

and now typing Google in terminal will do nothing (as it was set with lynx).

To remove all the ‘alias’, issue the following command and all the ‘alias’ are gone:

unalias –a

We have discussed the way of setting the ‘alias’ for different kinds of commands.  But setting ‘alias’ in this way be temporary.  When you reboot you PC, all the ‘alias’ which you have set will be gone.  This does not mean that you have to set all the ‘alias’ every time you boot your PC.  If you have set an ‘alias’ and you liked it so much that you want it to permanently reside in you PC, just add this alias in ‘.bashrc’ file in you home directory. For example, if you want ‘alias’:

Install <software_name>

to permanently reside in your PC then user your favorite text editor and add the following line in your ‘~/.bashrc’ file:

alias Install=”sudo apt-get install”

Now this ‘alias’ will not vanish into thin air when you reboot your PC. Only those ‘alias’  which are listed in ‘~/.bashrc’ file will be permanent.

This guide is just a preview about ‘alias’.  It is just about basic ways of using ‘alias’ to make your life simpler.  ‘GNU alias’ is a tool which can simplify your life immensely.  But unfortunately this tool is not given the attention it deserves.  In short, it is such a powerful tool that if you give it proper time, it can make you forget typing 🙂

Linux File Permissions, Groups, and Users

Why Are Permissions Important?

Permissions are important for keeping your data safe and secure.   Utilizing permission settings in Linux can benefit you and those you want to give access to your files and you don’t need to open up everything just to share one file or directory (something Windows sharing often does).  You can group individual users together and change permissions on folders (called directories in Linux) and files and you don’t have to be in the same OU or workgroup or be part of a domain for them to access those files.  You can change permissions on one file and share that out to a single group or multiple groups.  Fine grained security over your files places you in the driver seat in control of your own data.

Some will argue that it may be too much responsibility…that placing this onto the user is foolish and other aforementioned operating systems don’t do this.  You’d be right…XP doesn’t do this.  However, Microsoft saw what Linux and Unix do with the principle of least privilege and have copied this aspect from them.  While the NTFS filesystem employs user access lists with workgroups and domains…it cannot mirror the fine grained, small scale security of Linux for individual files and folders.  For the home user, Linux empowers control and security.

I’m going to go over how users and directory/file permissions work.  So, let’s setup an example that will allow us to explore file permissions.  If you have any questions, just ask it in the comments section at the end of the article.

File Permissions Explained

permissionsThe picture to your left is a snapshot of my $HOME directory.  I’ve included this “legend” to color code and label the various columns.  Let’s go through the labels and names of things first and then work on understanding how we can manipulate them in the next section.

As noted in the picture, the first column (orange) explains whether or not the contents listed is a directory or not.  If any of these happened NOT to be a directory, a dash (-) would be in place of the d at the beginning of the listing on the far left.

In the second, third, and fourth column (Green, Blue and Red) we find permissions.  Looking at the gray box in the bottom-right corner gives us an explanation of what each letter represents in our first few columns.  These tell us whether or not each user, group, or other (explained in detail later in this article) have read, write, and execute privileges for the file or folder/directory.

In the 5th column (white) the number of hard links is displayed.  This column shows the number of actual physical hard links.  A hard link is a directory reference, or pointer, to a file on a storage volume that is a specific location of physical data.  More information on hard links vs. symbolic (soft) links can be found here.

In column 6 (light blue) we find the user/owner of the file/directory.  In column 7 (gray blue), the group that has access to the file/folder is displayed.  In column 8 (pink), the size of the file or folder is shown in kilobytes.  In column 9 (fluorescent green), the last date the file or folder was altered or touched is shown.  In column 10 (grey), the file or directory name is displayed.

We’re going to pay specific attention to the first four columns in the next section and then follow that up by working with the sixth and seventh by going over user/owner and group.  Let’s move on to go over all of those rwx listings and how we can make them work for us.

Read, Write, Execute – User, Group, Other

First, let’s go over what different permissions mean.  Read permission means you can view the contents of a file or folder.  Write permission means you can write to a file or to a directory (add new files, new subdirectories) or modify a file or directory.  Execute permission means that you can change to a directory and execute ( or run ) a file or script for that file or directory.

The User section shown in green in the picture above shows whether or not the user can perform the actions listed above.  If the letter is present, the user has the ability to perform that action.  The same is true for the Group shown in blue above…if a member of the group that has access to the file or directory looks in this column, they will know what they can or can’t do (read,write, or execute).  Lastly, all others (noted in the red column above).  Do all others have read, write, and execute permissions on the file or folder?  This is important for giving anonymous users access to files in a file server or web server environment.

You can see how fine grained you might be able to set things up with…For example, you may give users read only access while allowing a group of 5 users full control of the file or directory.  You may want to switch that around.  It’s entirely up to you how you want to setup permissions.

More about Groups

Let’s go through setting up a group and adding a few users to it and then assigning that group permissions to access a directory and file.

Create a file inside your home directory by opening up a shell or terminal and typing:

touch ~/example.txt

You’ve now created a file called example.txt inside your home directory.  If you are already there, you can list the contents with the ‘ls’ command.  Do that now.  If you’re not already there, type ‘cd ~/’ and you will be taken to your home directory where you can ‘ls’ list the files.  It should look similar to the following:

[devnet@lostlap ~]$ ls -l
total 40
drwxr-xr-x  2 devnet devnet 4096 2010-05-24 17:04 Desktop
drwxr-xr-x  6 devnet devnet 4096 2010-05-24 13:10 Documents
drwxr-xr-x  9 devnet devnet 4096 2010-05-27 15:25 Download
-rw-rw-r--  1 devnet devnet    0 2010-05-28 10:21 example.txt
drwxr-xr-x 13 devnet devnet 4096 2010-05-26 16:48 Music
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:09 Pictures
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:04 Videos

Next up, let’s create a new group and a couple of new users.  After creating these we’ll assign the users to the new group.  After that, we’ll move the file and lock it down to the new group only.  If everything works as planned, the file should be accessible to root and the other 2 users but NOT accessible to your current user. You’ll need to be root for all of these commands (or use sudo for them). Since I have sudo and don’t want to continually type sudo, I used the command “sudo -s” and entered my root password to permanently log in as root in a terminal for the duration of this how-to. OK, Let’s get started:

[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser1
[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser2

The above commands will create two users that should be pretty close to your current logged in user (as far as group membership goes).  If the groups you’re adding the user to do not exist, you may get a warning that the groups don’t exist…no worries, just continue.  If the above commands don’t work on your system (I used Arch Linux to do this) then you can use the GUI elements to manage users and add a new one.  You won’t need to add them to any extra groups since we just need a basic user.  Next, let’s create our ‘control’ group.

[root@lostlap ~]$ groupadd testgroup

The above command creates the ‘testgroup’ group. Now let’s add the two users we created to this group.

[root@lostlap ~]$ gpasswd -a testuser1 testgroup
[root@lostlap ~]$ gpasswd -a testuser2 testgroup

The command above adds both our test users to the test group we created. Now we need to lock the file down so that only those users inside of ‘testgroup’ can access it. Since your current logged in user is NOT a member of ‘testgroup’ then you shouldn’t be able to access the file once we lock access to that group.

[root@lostlap ~]$ chgrp testgroup example.txt

The above command changes the group portion of file permission (discussed earlier) from a group your currently logged in user is a member of to our new group ‘testgroup’. We still need to change the owner of the file so a new terminal opened up as your current user won’t be the owner of example.txt.  To do this, let’s assign example.txt a new owner of Testuser2.

[root@lostlap ~]$ chown testuser2 example.txt

Now when you try to access the file example.txt you won’t be able to open it up as your standard user (root still will be able to access it) because you don’t have the permissions to do so. To test this, open up a new terminal (one where you are not root user) and use your favorite text editor and try to open up example.txt.

[devnet@lostlap ~]$ nano example.txt

Both testuser1 and testuser2 will be able to access example.txt because testuser2 owns the file and testuser1 is in the testgroup that has access to this file. However, your current logged in user will also have READ rights to it but will not be able to access it. Why? Let’s take a look at the permissions on example.txt

[devnet@lostlap ~]$ ls -l example.txt
-rw-r--r-- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Notice that the user, group, and other (1st, 2nd, and 3rd position of r,w,x – see the handy diagram I made above) have permissions assigned to them. The user can read and write to the file. The group can read it. Others can also read it. So let’s remove a permission to lock this file down. Go back to your root terminal that is open or ‘sudo -s’ to root again and do the following:

[root@lostlap ~]$ chmod o-r example.txt

Now go back to your user terminal and take a look at the file again:

[devnet@lostlap ~]$ ls -l example.txt
-rw-r----- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Once that has been accomplished, try and open the file with your favorite text editor as your currently logged in user (devnet for me):

[devnet@lostlap ~]$ nano example.txt

Your user now should get a permission denied error by nano (or whatever text editor you used to open it). This is how locking down files and directories works. It’s very granular as you can give read, write, and execute permissions to individual users, groups of users, and the general public. I’m sure most of you have seen permissions commands with 777 or 644 and you can use this as well (example, chmod 666 filename) but please remember you can always use the chmod ugo+rwx or ugo-rwx as a way to change the permissions as well. I liked using letters as opposed to the numbers because it made more sense to me…perhaps you’ll feel the same.

Hopefully you now have a general understanding how groups, users and permissions work and can appreciate how the complexity of it is also elegant at the same time. If you have questions, please fire away in the comments section. Corrections? Please let me know! Thanks for reading!

Creative Commons License
Except where otherwise noted, the content on this site is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.