Back to the Basics with Debian

Sometimes, you just have so many problems with the distribution you’re running that you have to wipe it out with a clean slate. I did that this past week and am now using Debian.

With using Debian there comes a feeling of being back to the very basic of Linux distros…much in the same way when you use Arch…it just feels plain, unencumbered, and basic and there is a feeling you get when build something from nothing…you start with a kernel and just enough CLI tools and create your house…then live in it.

It feels good to be stable. It feels good to not have to worry about programs crashing, the net disconnecting, or not being able to install programs.

People like to ride the unstable or testing route with most things out there…as I move forward in my Linux journey, I find myself looking to be less and less cutting edge and more and more stable. Plus, if there is a program out there that needs updating…backports are always a good way to get them.

I’m enjoying my new digs and will look to getting back into the swing of posting enjoyable articles and how-to’s in the upcoming weeks.

Disillusioned by the Community

There are times when I don’t want to admit that I use and love Linux.

It’s true…at times, I’m embarrassed to tell people that I’m part of the community as a whole.

You may wonder when these times are…right now is one of those times.  I despise infighting found in free and open source software…specifically, I really don’t like it when people have one sided experiences and apply their experience to ALL areas of Linux and open source software.  Case in point is this blog post on KDE 4.6 experience in Ubuntu.  For everyone out there, please be advised that Ubuntu is not equivalent with ALL Linux.  In fact, Ubuntu does Gnome very well…but it doesn’t do KDE well at all.

If you truly want to know what KDE 4.6 is like, you need to go with a KDE specific distribution like Mandriva and ride that cutting edge.  I can guarantee you won’t be greeted by crash handlers and all sorts of nonsense that you’ll get inside Ubuntu when you install KDE along side of your Gnome install.

Posts like the one I linked to above make me angry…it’s like driving a Volvo compact car and then dismissing every other car company that makes a compact car as equivalent the experience on the Volvo.  To me, you need to drive each implementation (each companies interpretation) and make an informed decision as to what you find.  Taking a test drive of a Volvo compact and then bad mouthing all compact cars is ignorant…and in my opinion, that is what the person above does with KDE 4.x

I’m a staunch defender of KDE 4.x and I’ve blogged about ignorance surrounding it in the past.  Not all gripes about it are ignorant…but a majority of people’s problems they have with it are simply people band-wagoning together to trounce something because it’s cool to do so.  Much the same is M. Night Shyamalan’s Airbender movie…people talked so much crap about the movie and him as a director, I thought that the movie was going to be the worst movie of all time.  It wasn’t near as bad as people were making it out to be and Shyamalan isn’t the worst director out there by any means.

I think overall, KDE 4.x has become the M. Night Shyamalan of the Linux world…a very talented director(project) that everyone was accustomed to making great movies(desktops) that doesn’t want to be pigeon holed into fitting what others feel it should fit.  KDE 4 is not KDE 3 and for good reason.  It’s being coded and made into something different yet subtly similar because it’s 2011 and not 1996.  If you don’t like it, don’t use it.

IF you don’t use it…don’t trash talk it.

If you want an HONEST representation of it, go to a distribution that prides itself on providing a good implementation of it.  Saying “Ubuntu is the most popular and people are going to try it out on Ubuntu” is wrong…because I don’t know of many end users that will enable a PPA repository and possibly jack up their Gnome install to give it a go…when they can just pop in a Live CD and give it a try….I think the poster of the blog entry above forgot about the magic of Live CD’s for his ‘review’.  It’s too bad that he feels Ubuntu’s lack of attention to all things KDE are representative to KDE as a whole…and it’s too bad his attempt at ascribing this notion comes off as troll-like.

I don’t use Ubuntu at all yet you don’t see me trolling the Ubuntu boards talking about how crappy I feel it is.  If you use Linux you are a part of the Linux community as a whole.  This community encompasses all distributions and all desktop environments.  You have a responsibility therefore; if you want to see Linux succeed, be tolerant and understanding of opposing distros/desktops. Talking trash about other opposing opinions is irresponsible and juvenile.  I hope someday people take this inherent and implied cordiality to heart.  Until then, we have posts like the one above…whether inadvertently geared to bash KDE or absolutely geared to bash KDE…it nonetheless bashed it.  I hope we can grow past things like this in the future.

Chasing Your ‘Tail’ With Linux

‘GNU tail’ is a small utility which prints (by default) the last 10 lines of any file. This an amazing piece of software not only allows you to see the last part of a file but also enables you to monitor a file’s changes without opening the file.

‘tail’ can be used alone or can be combined with other commands like ‘grep’, ‘ls’ etc.

To use ‘tail’, let’s first create a text file. You can create the file by issuing following command in terminal;

touch my_file

Now open my_file with your favorite text editor (nano in my case) and write some lines. For this article, I have written the following 15 lines;

this is the 1st line
this is the 2nd line
this is the 3rd line
this is the 4th line
this is the 5th line
this is the 6th line
this is the 7th line
this is the 8th line
this is the 9th line
this is the 10th line
this is the 11th line
this is the 12th line
this is the 13th line
this is the 14th line
this is the 15th line

Now issue the following command in terminal;

tail my_file

It will print the last 10 lines which would be the “this is the 6th line” through “this is the 15th line”.

You can control the number of lines which ‘tail’ will print. You can either increase or decrease the number of lines. For example, if you want ‘tail’ to show only last 3 lines, you can do this by issuing the following command;

tail -n 3 my_file

Now it will print only last 3 lines. You can use any number of lines instead of 3. Or you can use a plus sign like;

tail -n+7 my_file

‘tail’ will start printing from 7th line to the end of the file.

You can view the desired file with respect to size. Issue the following command in terminal;

tail -c 14 my_file

And it will show the output of last 14 bytes. In my case, the output was;

the 15th line

‘tail’ not only displays the static output of a file but it can also monitor the file for changes. A ‘-f’ option is used with ‘tail’ and it starts acting like a monitoring tool which not only displays the last few lines but also constantly updates the output as the file changes. Here is a very popular example;

tail -f /var/log/message

‘tail’ will print the last 10 lines of ‘message’ file. If you now plug-in you USB stick, you will notice that the change in ‘message’ file will instantly be reported by ‘tail’. To release the cursor press Ctrl+c.

There are many other useful options which you can use with ‘tail’ like;

tail -q my_file        # never output headers
tail -v my_file        # always outputs headers

You can combine ‘tail’ with other utilities like ‘ls’, ‘grep’, ‘head’ etc.

You can combine ‘tail’ with ‘grep’ to get lines with some specific ‘word’.

tail -n 5 my_file | grep 14

It will print only those lines out of last 5 which contains the word ’14’. In my case the output was:

this is 14th line # ’14’ will be highlighted

‘tail’ can also be combined with ‘ls’ to get the list of last few files/folders. For example, if you issue the following command;

ls -l | tail -n 2

It will give a long listing of files/folders but will show the last 2 entries of the working directory.

These are just two examples of combining ‘tail’ with other utilities. There are countless examples of combination of ‘tail’ and other softwares.

‘GNU tail’ is a very handy tool. It can output any amount of data depending upon the options used. It makes the work of an ordinary user much easer and helps him/her find information in files more efficiently. To become an expert in Linux, this is a mandatory utility over which a user must have complete mastery. Hopefully, this tutorial gets you started chasing your tail!

Using ‘Alias’ in Linux

There comes a time in every Linux users’ life when you will open the Terminal more often than not because you have realized that it is faster, more efficient and more powerful than GUI (Graphical User Interface).  You’ll have started to learn more and more commands and now feel more comfortable with command prompt.  The command prompt is all about commands – short commands as well as long commands.  If you are like me then you may not like to type the long commands (or even small commands) 🙂

You may be thinking about some way to avoid typing commands over and over. Enter the ‘alias’.

The ‘alias’ tool is a way to make the complicated things simple (and simple things simpler). You can use ‘alias’ instead of long (or even short) commands.  Now let’s see how the ‘alias’ works.

‘alias’ can make difficult and lengthy commands easy. The general format of ‘alias’ is:

alias Any_Word=”Command”

It means you linked an existing command to a (New) Word. This ‘Any_Word’ may contain anything – any alpha-numeric symbol, ‘Any_Word’ as well as ‘Command’ are interchangeable and can be used for the same purpose.

Simple Commands Made Simpler

As an example, ‘ls -l’  is used for listing directory contents in ‘long listing format’. This ‘ls -l’ can be replaced with a simpler alias. You can set the ‘alias’ for ‘ls –l’ as follows:

alias ll=”ls –l”

Now you just have to type ‘ll’ (without quotes) to get ‘long listing format’.

Or if you frequently misspell ‘ls’ as ‘sl’ and don’t want to install ‘sl’ package, then, you can use the following alias:

alias sl=”ls”

Now, whenever you type ‘sl’ in terminal, it will give you same results as ‘ls’.

Now consider even simpler example. To close a Terminal (or logout), you have to type ‘exit’ in Terminal. This ‘exit’ command can be made even simpler by using the following ‘alias’:

alias x="exit"

Now, you only have to type ‘x’ in Terminal to ‘exit’

Other examples of ‘alias’ are:

alias cp="cp -iv"
#make copy operation interactive and verbose
alias rm="rm -iv"
#make remove operation interactive and verbose
alias mv="mv -iv"
#make move operation interactive and verbose

Make Package Management A Bit Simpler

If you use Debian (or its derivatives) then you will be familiar with APT.  It is an excellent package manager.

In Ubuntu, to install software using APT, you have to use the following command:

sudo apt-get install <sofware_name>

It is a long command and consumes a lot of your time and energy 🙂

You can shorten this command by using ‘alias’.  Issue the following command in Terminal:

alias Install=”sudo apt-get install”

You can obviously use your own word instead of ‘Install’.

Now, you just have to type:

Install <software_name>

to install the (same) software. Simple, isn’t it?

You can simplify other aspects of APT. For example, you can use the following ‘alias’:

alias Remove=”sudo apt-get remove”

to uninstall a software.

Some other examples of attaching APT with ‘alias’ are:

alias Update=”sudo apt-get update”
alias Upgrade=”sudo apt-get upgrade”
alias Search=”apt-cache search”
alias Autoremove=”sudo apt-get autoremove”
alias Autoclean=”sudo apt-get autoclean”
alias Purge=”sudo apt-get remove –purge”

and so on…

A Very Interesting ‘alias’ For A Difficult Keyboard Button

On some keyboards, the dot (.) button is at very difficult position and if you have to use it more than once, it becomes even more difficult.  That’s why ‘cd ..’ is the command which I mistype the most.  This complication can be easily removed by using following ‘alias’ (you can use any other word instead of a dot):

alias .=”cd ..”
alias ..=”cd ../..”
alias ...=”cd ../../..”
alias ....=”cd ../../../..”

Using Internet From Terminal

If you regularly use lynx to browse the internet in terminal then you have to type long urls with lynx to visit the web pages.  You can simplify these long urls by using ‘alias’:

alias Google=”lynx http://www.google.com/”
alias Yahoo=”lynx http://www.yahoo.com/”
alias yalb =”lynx http://linux-blog.org/”

and so on…

Now just type Google, Yahoo or yalb to visit the respective web sites.

Simple ‘alias’ For More Complicated Commands

Long commands are not only difficult to remember but also take more time to type; when you have to use them on daily basis, you become frustrated when typing them again and again and again… So, ‘alias’ are more suitable for long and complicated commands.

Let’s consider an example.

To find the top 10 largest files in your system, you can set the following ‘alias’:

alias top10files=”find . -type f -exec ls -sh {} \; | sort -n -r | head -10”

You can even mix different commands with ‘alias’.  For instance, if you regularly use ‘tail’ and direct its output to file to later view that file, you can set a very simple ‘alias’ to do this cumbersome operation in 1 word:

alias Tail=”tail /var/log/messages > hello.txt;cat hello.txt”

Now just enter ‘Tail’ and viola! All is done at once.

You can use any file with tail and direct its output and you can even use ‘nano’ or ‘vi’ to view/edit its output.

Here’s another example… ‘alias’ to connect to a remote server:

alias any_name=”ssh <remote_server_address> -l <username> -p <port>”

You can even create ‘alias’ for your bash scripts, like:

alias clc=”sh /home/user/myscripts/calc.sh”

Now that you have set a few different ‘alias’  you might want to check that which ‘alias’ are set on your system.  To do that, just issue the following command:

alias

and it will list all the set ‘alias’ you have.

To remove an ‘alias’, just issue the ‘unalias’ command, like:

unalias Google

and now typing Google in terminal will do nothing (as it was set with lynx).

To remove all the ‘alias’, issue the following command and all the ‘alias’ are gone:

unalias –a

We have discussed the way of setting the ‘alias’ for different kinds of commands.  But setting ‘alias’ in this way be temporary.  When you reboot you PC, all the ‘alias’ which you have set will be gone.  This does not mean that you have to set all the ‘alias’ every time you boot your PC.  If you have set an ‘alias’ and you liked it so much that you want it to permanently reside in you PC, just add this alias in ‘.bashrc’ file in you home directory. For example, if you want ‘alias’:

Install <software_name>

to permanently reside in your PC then user your favorite text editor and add the following line in your ‘~/.bashrc’ file:

alias Install=”sudo apt-get install”

Now this ‘alias’ will not vanish into thin air when you reboot your PC. Only those ‘alias’  which are listed in ‘~/.bashrc’ file will be permanent.

This guide is just a preview about ‘alias’.  It is just about basic ways of using ‘alias’ to make your life simpler.  ‘GNU alias’ is a tool which can simplify your life immensely.  But unfortunately this tool is not given the attention it deserves.  In short, it is such a powerful tool that if you give it proper time, it can make you forget typing 🙂

GNU find – A Multidimensional Tool

Beginners are mostly afraid of command prompt.  Whenever they see a command prompt, they immediately say “its very difficult”.  But it’s not true.  The Command prompt is as friendly as GUI (Graphical User Interface), provided if you use it with proper procedure.

Most people use GUI tools to search for files.  They don’t realize that they can use command line tools to search for them as well! GNU ‘find’ is such like a tool which can not only search files but can even copy, move or delete these files on the fly.

So let’s see that how ‘find’ works.

Find Your Lost Files!

Let’s start from a simple example:

Suppose you want to search for a file named ‘master.txt’ in your home directory.

Open the Terminal and issue the following command:

find . -name “master.txt”

‘find’ will immediately show the results.  If ‘find’ does not show any result, this means that the file, in our case, ‘master.txt’, does not exist.  It is not always the case that you want to find something in you home directory.  The lost/desired file may be anywhere in your computer.  Suppose you want to find a file named ‘space-01.jpg’ and you only know that its located somewhere in /usr directory. You can find it by issuing following command in Terminal:

find /usr -name “space-01.jpg”

and ‘find’ will tell you that this is located under /usr/share/backgrounds.

Using Wildcards

Maybe you want to search for a file but you don’t know its exact name?  Don’t worry!  You can still locate the file using ‘GNU find’ and wildcard will help you in this regard. Wildcards are a way of searching files when you don’t know much about your desired file.

One of the commonly used wildcard is asterisk (*).  Lets consider an example to better understand the things.

Suppose you want to search a file named ‘Jumping_Flowers’ but you only remember the ‘Jumping‘ part of the file name.  So issue the following command in Terminal:

find . -name “Jumping*”

And it will display all the files starting with the word ‘Jumping’.  You can use asterisk (*) anywhere with a file name.  For example:

find . -name “*Jumping*”

And it will display all the files which contains the word ‘Jumping’.

Here are some more examples of use of a wildcard:

find . -name “Jumping*Flowers*”
find . -name “*Jumping*Flowres.mp3”

Searching For Different File Types

Sometimes you are not looking for some specific file but you are looking for a group of files.  For example, you may be looking for all the .txt files in your home directory.  To find all the .txt files, you will give the following command in Terminal:

find . -name *.txt

In case of mp3 files, the above command will be:

find . -name *.mp3

When You Want to Search with Respect to Time

If you want to search for files by the last time they were accessed, you can use -amin flag with ‘find’.  In this case you have to put a minus (-) sign before the time.  The time here is in minutes.  In order to search for .doc files which were accessed in last 10 minutes, you will give the following command:

find . -amin -10 -name "*.doc"

Similarly, to search for .doc files which were modified in last 20 minutes, you will use -mmin option as follows:

find . -mmin -20 -name “*.doc”

Search For Files which are Eating Your Hard Disk

There may be files on your system which are not only huge in size but also located obscure places.  You may also may not know when they were last accessed.  You have to use -size option with ‘find’ to locate them.

Let’s see how we can do this:

find . -size +100M

It will list all those files which are greater than 100 Megabytes.  You can replace ‘M’ with ‘G’ (for Gigabyte) or with ‘k’ (for Kilobyte)

Copy, Move, or Delete Unwanted Files on the Fly

Copy – ‘find’ can also be used to copy or backup your files.  You can use ‘find’ to copy certain files from one location to other with one simple command.

Suppose you want copy all of your mp3 songs from your home directory to your Windows Partition.  Enter the following command in Terminal:

find . -name "*.mp3" -exec cp {} /path/to/Windows_Drive \;

And all of your mp3 files will be copied to the desired Drive/Folder.

Move – There may be situations that you quickly want to move all of your document files from your Hard Disk to your USB to keep them safe.  To move all of your documents from your home directory to your USB, you will issue the following command:

find . -name "*.doc" -exec cp {} /path/to/USB \;

Delete – Suppose there are a lot of .tmp files and you want to get rid of them at once.  Again ‘GNU find’ is at your service and does the work for you.  Issue the following in Terminal and all of the .tmp files are gone…

find . -name '*.tmp' -exec rm {} \;

Which Files are Owned by You and Which Are Not?

There may be a situation when you want to know that which files in some other directories (or even in your home directory) are owned by some other user of your computer.

Suppose there is another user named ‘blackstar’ with whom you are sharing your PC.  Now you want to know that which .doc files in Windows Directory is owned by this user ‘blackstar’.  You can do this by issuing the following command:

find /path/to/Windows_Drive -user blackstar -name “*.doc”

Just replace ‘blackstar’ with your username to search on your system.

Direct the Output of ‘find’ to a File

You can save the results of your ‘find’ command to a text file which will allow you to examine the results in detail at some later time (or to create playlist of your songs).  For this purpose a greater than (>) sign is used (referred to as “piping the command”).

Suppose you want to save the list of all the mp3 songs in your home directory to a text file (which you can later share with your friend), you can do this by:

find . -name "*.mp3" > mp3.txt

It will save the complete path to all of your mp3 songs in the file named mp3.txt.

Find, a Handy Command Line Tool

This article is basically directed towards new users of Linux which are not much familiar with command prompt. This is a small but comprehensive article about ‘GNU find’ . The man pages of ‘find’ list a huge number of options which are difficult to explain in detail in one small article. I tried to cover those option which are commonly used. Obviously, to know more about such a powerful tool , one has to visit its man pages again and again and spend a lot time with ‘find’ 🙂

Linux File Permissions, Groups, and Users

Why Are Permissions Important?

Permissions are important for keeping your data safe and secure.   Utilizing permission settings in Linux can benefit you and those you want to give access to your files and you don’t need to open up everything just to share one file or directory (something Windows sharing often does).  You can group individual users together and change permissions on folders (called directories in Linux) and files and you don’t have to be in the same OU or workgroup or be part of a domain for them to access those files.  You can change permissions on one file and share that out to a single group or multiple groups.  Fine grained security over your files places you in the driver seat in control of your own data.

Some will argue that it may be too much responsibility…that placing this onto the user is foolish and other aforementioned operating systems don’t do this.  You’d be right…XP doesn’t do this.  However, Microsoft saw what Linux and Unix do with the principle of least privilege and have copied this aspect from them.  While the NTFS filesystem employs user access lists with workgroups and domains…it cannot mirror the fine grained, small scale security of Linux for individual files and folders.  For the home user, Linux empowers control and security.

I’m going to go over how users and directory/file permissions work.  So, let’s setup an example that will allow us to explore file permissions.  If you have any questions, just ask it in the comments section at the end of the article.

File Permissions Explained

permissionsThe picture to your left is a snapshot of my $HOME directory.  I’ve included this “legend” to color code and label the various columns.  Let’s go through the labels and names of things first and then work on understanding how we can manipulate them in the next section.

As noted in the picture, the first column (orange) explains whether or not the contents listed is a directory or not.  If any of these happened NOT to be a directory, a dash (-) would be in place of the d at the beginning of the listing on the far left.

In the second, third, and fourth column (Green, Blue and Red) we find permissions.  Looking at the gray box in the bottom-right corner gives us an explanation of what each letter represents in our first few columns.  These tell us whether or not each user, group, or other (explained in detail later in this article) have read, write, and execute privileges for the file or folder/directory.

In the 5th column (white) the number of hard links is displayed.  This column shows the number of actual physical hard links.  A hard link is a directory reference, or pointer, to a file on a storage volume that is a specific location of physical data.  More information on hard links vs. symbolic (soft) links can be found here.

In column 6 (light blue) we find the user/owner of the file/directory.  In column 7 (gray blue), the group that has access to the file/folder is displayed.  In column 8 (pink), the size of the file or folder is shown in kilobytes.  In column 9 (fluorescent green), the last date the file or folder was altered or touched is shown.  In column 10 (grey), the file or directory name is displayed.

We’re going to pay specific attention to the first four columns in the next section and then follow that up by working with the sixth and seventh by going over user/owner and group.  Let’s move on to go over all of those rwx listings and how we can make them work for us.

Read, Write, Execute – User, Group, Other

First, let’s go over what different permissions mean.  Read permission means you can view the contents of a file or folder.  Write permission means you can write to a file or to a directory (add new files, new subdirectories) or modify a file or directory.  Execute permission means that you can change to a directory and execute ( or run ) a file or script for that file or directory.

The User section shown in green in the picture above shows whether or not the user can perform the actions listed above.  If the letter is present, the user has the ability to perform that action.  The same is true for the Group shown in blue above…if a member of the group that has access to the file or directory looks in this column, they will know what they can or can’t do (read,write, or execute).  Lastly, all others (noted in the red column above).  Do all others have read, write, and execute permissions on the file or folder?  This is important for giving anonymous users access to files in a file server or web server environment.

You can see how fine grained you might be able to set things up with…For example, you may give users read only access while allowing a group of 5 users full control of the file or directory.  You may want to switch that around.  It’s entirely up to you how you want to setup permissions.

More about Groups

Let’s go through setting up a group and adding a few users to it and then assigning that group permissions to access a directory and file.

Create a file inside your home directory by opening up a shell or terminal and typing:

touch ~/example.txt

You’ve now created a file called example.txt inside your home directory.  If you are already there, you can list the contents with the ‘ls’ command.  Do that now.  If you’re not already there, type ‘cd ~/’ and you will be taken to your home directory where you can ‘ls’ list the files.  It should look similar to the following:

[devnet@lostlap ~]$ ls -l
total 40
drwxr-xr-x  2 devnet devnet 4096 2010-05-24 17:04 Desktop
drwxr-xr-x  6 devnet devnet 4096 2010-05-24 13:10 Documents
drwxr-xr-x  9 devnet devnet 4096 2010-05-27 15:25 Download
-rw-rw-r--  1 devnet devnet    0 2010-05-28 10:21 example.txt
drwxr-xr-x 13 devnet devnet 4096 2010-05-26 16:48 Music
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:09 Pictures
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:04 Videos

Next up, let’s create a new group and a couple of new users.  After creating these we’ll assign the users to the new group.  After that, we’ll move the file and lock it down to the new group only.  If everything works as planned, the file should be accessible to root and the other 2 users but NOT accessible to your current user. You’ll need to be root for all of these commands (or use sudo for them). Since I have sudo and don’t want to continually type sudo, I used the command “sudo -s” and entered my root password to permanently log in as root in a terminal for the duration of this how-to. OK, Let’s get started:

[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser1
[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser2

The above commands will create two users that should be pretty close to your current logged in user (as far as group membership goes).  If the groups you’re adding the user to do not exist, you may get a warning that the groups don’t exist…no worries, just continue.  If the above commands don’t work on your system (I used Arch Linux to do this) then you can use the GUI elements to manage users and add a new one.  You won’t need to add them to any extra groups since we just need a basic user.  Next, let’s create our ‘control’ group.

[root@lostlap ~]$ groupadd testgroup

The above command creates the ‘testgroup’ group. Now let’s add the two users we created to this group.

[root@lostlap ~]$ gpasswd -a testuser1 testgroup
[root@lostlap ~]$ gpasswd -a testuser2 testgroup

The command above adds both our test users to the test group we created. Now we need to lock the file down so that only those users inside of ‘testgroup’ can access it. Since your current logged in user is NOT a member of ‘testgroup’ then you shouldn’t be able to access the file once we lock access to that group.

[root@lostlap ~]$ chgrp testgroup example.txt

The above command changes the group portion of file permission (discussed earlier) from a group your currently logged in user is a member of to our new group ‘testgroup’. We still need to change the owner of the file so a new terminal opened up as your current user won’t be the owner of example.txt.  To do this, let’s assign example.txt a new owner of Testuser2.

[root@lostlap ~]$ chown testuser2 example.txt

Now when you try to access the file example.txt you won’t be able to open it up as your standard user (root still will be able to access it) because you don’t have the permissions to do so. To test this, open up a new terminal (one where you are not root user) and use your favorite text editor and try to open up example.txt.

[devnet@lostlap ~]$ nano example.txt

Both testuser1 and testuser2 will be able to access example.txt because testuser2 owns the file and testuser1 is in the testgroup that has access to this file. However, your current logged in user will also have READ rights to it but will not be able to access it. Why? Let’s take a look at the permissions on example.txt

[devnet@lostlap ~]$ ls -l example.txt
-rw-r--r-- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Notice that the user, group, and other (1st, 2nd, and 3rd position of r,w,x – see the handy diagram I made above) have permissions assigned to them. The user can read and write to the file. The group can read it. Others can also read it. So let’s remove a permission to lock this file down. Go back to your root terminal that is open or ‘sudo -s’ to root again and do the following:

[root@lostlap ~]$ chmod o-r example.txt

Now go back to your user terminal and take a look at the file again:

[devnet@lostlap ~]$ ls -l example.txt
-rw-r----- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Once that has been accomplished, try and open the file with your favorite text editor as your currently logged in user (devnet for me):

[devnet@lostlap ~]$ nano example.txt

Your user now should get a permission denied error by nano (or whatever text editor you used to open it). This is how locking down files and directories works. It’s very granular as you can give read, write, and execute permissions to individual users, groups of users, and the general public. I’m sure most of you have seen permissions commands with 777 or 644 and you can use this as well (example, chmod 666 filename) but please remember you can always use the chmod ugo+rwx or ugo-rwx as a way to change the permissions as well. I liked using letters as opposed to the numbers because it made more sense to me…perhaps you’ll feel the same.

Hopefully you now have a general understanding how groups, users and permissions work and can appreciate how the complexity of it is also elegant at the same time. If you have questions, please fire away in the comments section. Corrections? Please let me know! Thanks for reading!

Creative Commons License
Except where otherwise noted, the content on this site is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.