Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could someone please explain what the following code does...
okay, let's have a look.
Code:
chown -R example_user:example_user .ssh
change owner and group of all files in ./.ssh and in all directories below
chmod 700 .ssh
change permission of directory ./.ssh so that the owner can do anything, other
group members or other users have no permission whatsoever
chmod 600 .ssh/authorized_keys
change permission of file ./.ssh/authorized_keys so that its owner can read and
write it, other users can do nothing
I'm new to all of this, and will read up on things, but am trying to figure out a tutorial I was reading quicker so I can call my web host and know what I'm talking about when they modify things!
Quote:
Originally Posted by Doc CPU
okay, let's have a look.
Code:
chown -R example_user:example_user .ssh
change owner and group of all files in ./.ssh and in all directories below
What does the -R mean?
When you say "change owner and group of all files" is the a change FROM ____ TO ____?
I don't understand what example_ser:example_user .ssh means?
See where I am confused?
Quote:
Originally Posted by Doc CPU
Code:
chmod 700 .ssh
change permission of directory ./.ssh so that the owner can do anything, other
group members or other users have no permission whatsoever
Why typically would you use 700 on a directory, but 600 on a file in the directory?
Quote:
Originally Posted by Doc CPU
Code:
chmod 600 .ssh/authorized_keys
change permission of file ./.ssh/authorized_keys so that its owner can read and
write it, other users can do nothing
How do I know if authorized_keys is a directory or file? (I see lots of tutorials online on this topic and so make it sound like it is a directory whereas others make it sound like a file?!
It does a recursive change, so the changes are applied to the .ssh directory and all of its subdirectories and files
Quote:
Originally Posted by RobInRockCity
When you say "change owner and group of all files" is the a change FROM ____ TO ____?
FROM whatever they used to be, TO example_user:example_user
Quote:
Originally Posted by RobInRockCity
I don't understand what example_ser:example_user .ssh means?
example_user:example_user are the new user:group respectively. .ssh is the directory being changed
So it's changing the owner of the .ssh directory (and all subdirectories/files) to example_user, and also changing the group to example_user. The syntax is:
chown -arguments user:group file
Quote:
Originally Posted by RobInRockCity
Why typically would you use 700 on a directory, but 600 on a file in the directory?
The number is octal, it represents the bitwise addition of the permissions you want to set.
1 = execute
2 = write
4 = read
Add up the permissions you want, and you get a number between 0-7. The first number is the permission for the file/dir's owner, the second number is for any members of the file/dir's group, the third number is for everyone else. The difference between "6" and "7" is execute permission. Directories require execute permissions to navigate them, files only need execute permissions in order to execute them (programs, scripts, etc.).
Quote:
Originally Posted by RobInRockCity
How do I know if authorized_keys is a directory or file?
It's a file. You can always run "ls -l ~/.ssh/authorized_keys". If the very first character in the output is a "d", eg: "drwx------" then it's a directory, otherwise (eg: "-rw-------") it's not.
Last edited by suicidaleggroll; 02-17-2015 at 01:47 PM.
It does a recursive change, so the changes are applied to the .ssh directory and all of its subdirectories and files
Got it.
Quote:
Originally Posted by suicidaleggroll
FROM whatever they used to be, TO example_user:example_user
example_user:example_user are the new user:group respectively. .ssh is the directory being changed
So it's changing the owner of the .ssh directory (and all subdirectories/files) to example_user, and also changing the group to example_user. The syntax is:
chown -arguments user:group file
So if I had this...
Code:
chown -R rob:rob .ssh
...then that would make "Rob" the user and "Rob" the group owners of the ".ssh" directory, right?
Does that mean that "Rob" the user has to be in "Rob" the group for this to work? (Could Rob *not* be in the "Rob" group?)
For a single VPS where the only people with access is me and my web host, do I even need to introduce the concept of Groups?
Quote:
Originally Posted by suicidaleggroll
The number is octal, it represents the bitwise addition of the permissions you want to set.
1 = execute
2 = write
4 = read
Add up the permissions you want, and you get a number between 0-7. The first number is the permission for the file/dir's owner, the second number is for any members of the file/dir's group, the third number is for everyone else.
Yeah, I knew that part.
Quote:
Originally Posted by suicidaleggroll
The difference between "6" and "7" is execute permission. Directories require execute permissions to navigate them, files only need execute permissions in order to execute them (programs, scripts, etc.).
So if a Directory was 700 then you could never enter into it, right?
And if a File was 600, you could read and write to it, but not run it, right? (So why would you want to do that? When would execution be bad?)
Quote:
Originally Posted by suicidaleggroll
It's a file. You can always run "ls -l ~/.ssh/authorized_keys". If the very first character in the output is a "d", eg: "drwx------" then it's a directory, otherwise (eg: "-rw-------") it's not.
Can you also tell because there isn't a trailing /
So if a Directory was 700 then you could never enter into it, right?
And if a File was 600, you could read and write to it, but not run it, right? (So why would you want to do that? When would execution be bad?)
If the directory is 700, and you own the folder then you can enter it and write to it. But members of the folders group and everyone else cannot.
To navigate a directory, it must have a execute and read bit set. Technically, 733 is valid. This will only permit writing to the directory, but the owner can read and write in the directory.
Execution is bad when the file that you run contains code you don't want run. e.g. spyware.
It best practice to not have execute bits on pictures, videos, documents, etc because they have no need to be permitted to execute code.
...then that would make "Rob" the user and "Rob" the group owners of the ".ssh" directory, right?
Yes
Quote:
Originally Posted by RobInRockCity
Does that mean that "Rob" the user has to be in "Rob" the group for this to work?
No, you can set them independently. You can also use
chown Rob .ssh
chgrp Rob .ssh
To perform the two steps separately, "chown Rob:Rob .ssh" is just a shortcut.
Quote:
Originally Posted by RobInRockCity
For a single VPS where the only people with access is me and my web host, do I even need to introduce the concept of Groups?
Probably not
Quote:
Originally Posted by RobInRockCity
So if a Directory was 700 then you could never enter into it, right?
700 means you can enter, read, and write if you're the owner. If it were 600, then you wouldn't be able to work with the directory.
Quote:
Originally Posted by RobInRockCity
And if a File was 600, you could read and write to it, but not run it, right?
Yes
Quote:
Originally Posted by RobInRockCity
(So why would you want to do that? When would execution be bad?)
You never want a non-executable file to be given execute permissions. It's a security problem and bad form. It's also something that Windows does constantly, and is part of the reason why it's so ridiculously vulnerable to spyware and viruses.
Quote:
Originally Posted by RobInRockCity
Can you also tell because there isn't a trailing /
That only works in one direction. ~/.ssh/ can only point to the directory .ssh, but ~/.ssh could point to either a file or a directory. In other words, the trailing slash means "this is a directory", but lack of a trailing slash does not mean it must be a file.
Last edited by suicidaleggroll; 02-17-2015 at 02:13 PM.
If the directory is 700, and you own the folder then you can enter it and write to it. But members of the folders group and everyone else cannot.
To navigate a directory, it must have a execute and read bit set. Technically, 733 is valid. This will only permit writing to the directory, but the owner can read and write in the directory.
I meant to say that if a directory was 600 then even the owner couldn't look inside it, right? (Would everyone be locked out of it forever?!)
Quote:
Originally Posted by Miati
Execution is bad when the file that you run contains code you don't want run. e.g. spyware.
It best practice to not have execute bits on pictures, videos, documents, etc because they have no need to be permitted to execute code.
So you are saying that you "read" a picture or document or video or song, but you don't need to "execute" them?
That only works in one direction. ~/.ssh/ can only point to the directory .ssh, but ~/.ssh could point to either a file or a directory. In other words, the trailing slash means "this is a directory", but lack of a trailing slash does not mean it must be a file.
Wow, that is interesting! I never realized that is how Linux does things.
A basic idea of linux (I think *nix in general) is that everything is a file. For example, you can view information about your cpu by going to /proc/cpuinfo.
More or less, directories are files that reference other files.
While this might seem like a odd idea, in practice it becomes a very efficent method of organizing information and giving useful features.
For example, you can point output to the black hole of /dev/null, fill a file full of binary 0's from /dev/zero, and gain random information from /dev/random and /dev/urandom (the latter not being "true" random)
Quote:
(Would everyone be locked out of it forever?!)
Yes. But, since you (or whomever) owns the directory, they can change permissions of the directory. This would restore (change) the access to whatever it is set as.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
