Even more notes on a class my employer sent me to.
The class is still interesting. The notes are still boring. Previous installments can be found by searching my JU blog. Don't bother, though.
Unit 10: Advanced Topics in Users, Groups, and Permissions
User and Group ID Numbers
+ User names map to UID numbers.
+ Group names map to GID numbers.
+ Data is associated with UID and GID, not Username and Group name.
+ More importantly, two different usernames with two different passwords can have the same UID. In that case, the two different usernames would refer to the same user.
/etc/passwd, /etc/shadow/, and /etc/group
+ These files store authentication info in plaintext.
+ /etc/passwd - Used to store passwords (in the past), but is not secure.
+ /etc/shadow - Stores encrypted passwords.
+ A user in /etc/passwd may have a shell of "nologin". This is so processes can own files without allowing a malicious person to login with that username.
Changing Your Identity
+ su starts a new shell as a different user.
+ su - starts a new login shell
+ su starts a interactive shell
Default Permissions
+ Default file permissions: 666
+ Default directory permissions: 777
+ umask is subtraced from default permissions, to determine a user's actual permissions.
+ "Non-privileged" users (i.e., users not root) have a default umask of 002
+ root has a default umask of 022
+ A user's umask is applied when the user creates a file.
+ Changing a umask does not retroactively change the permissions on files created prior to the change.
+ umask is a process-by-process effect. umask changes in one session are not applied to other sessions.
+ Global and permanent umask changes are made in a user's shell config files (e.g., .bashrc).
+ NOTE: Execute permission is never granted to a file by default upon creation (regardless of the umask). Execute permission must be granted explicitly.
Special Permissions
+ Only root can change the the password file. But users need to be able to change their passwords. So /usr/bin/passwd has a special permission: -r-s--x--x. The "s" permission indicates that a user becomes root while running the command. This allows them to update /etc/passwd with their changes. Once the process exits, the user loses the temporary root privileges granted by the special permission. This is an example of special permissions, their function, and utility.
+ The special Group permission -rwxr-s--x causes the file to inherit its directory's Group membership, rather than the Group membership of the User that created it.
NOW WE DO SOME LABS.
The lab requires me to log completely out of my workstation, so I'm posting these notes now.