LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-17-2015, 01:43 PM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
File Permissions


I am trying to learn how to set up Authentication Keys to log in to my server.

Could someone please explain what the following code does...
Code:
chown -R example_user:example_user .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
Thanks,


Rob
 
Old 02-17-2015, 02:11 PM   #2
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Rep: Reputation: 127Reputation: 127
Two good links:
http://linuxcommand.org/lts0070.php
http://www.linux.com/learn/tutorials...le-permissions
 
Old 02-17-2015, 02:13 PM   #3
Doc CPU
Senior Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Mint, Debian, Gentoo, Win 2k/XP
Posts: 1,099

Rep: Reputation: 343Reputation: 343Reputation: 343Reputation: 343
Hi there,

Quote:
Originally Posted by RobInRockCity View Post
Could someone please explain what the following code does...
okay, let's have a look.

Code:
chown -R example_user:example_user .ssh
   change owner and group of all files in ./.ssh and in all directories below
chmod 700 .ssh
   change permission of directory ./.ssh so that the owner can do anything, other
   group members or other users have no permission whatsoever
chmod 600 .ssh/authorized_keys
   change permission of file ./.ssh/authorized_keys so that its owner can read and
   write it, other users can do nothing
Does that take you anywhere?

[X] Doc CPU
 
Old 02-17-2015, 02:13 PM   #4
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Thanks for the links.

Care to help me figure out the first line a little quicker?


Rob
 
Old 02-17-2015, 02:26 PM   #5
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by RobInRockCity View Post
Care to help me figure out the first line a little quicker?
"Quicker" means more to the point, ignoring excess information.
What happens when someone next time says
Code:
chmod 766 .ssh/authorized_keys
would you know what that meant?

Take some time, read through and understand the information in the links. That way you won't have to ask every time something new shows up

type into a terminal
Code:
man chown
man chmod
To gain a more complete understanding of the two commands.

As for the chown question

the syntax goes like this:
Code:
chown -arguments example_user:example_group file1 file2 files
 
Old 02-17-2015, 02:37 PM   #6
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Thanks for trying to help.

I'm new to all of this, and will read up on things, but am trying to figure out a tutorial I was reading quicker so I can call my web host and know what I'm talking about when they modify things!

Quote:
Originally Posted by Doc CPU View Post
okay, let's have a look.

Code:
chown -R example_user:example_user .ssh
   change owner and group of all files in ./.ssh and in all directories below
What does the -R mean?

When you say "change owner and group of all files" is the a change FROM ____ TO ____?

I don't understand what example_ser:example_user .ssh means?

See where I am confused?


Quote:
Originally Posted by Doc CPU View Post
Code:
chmod 700 .ssh
   change permission of directory ./.ssh so that the owner can do anything, other
   group members or other users have no permission whatsoever
Why typically would you use 700 on a directory, but 600 on a file in the directory?


Quote:
Originally Posted by Doc CPU View Post
Code:
chmod 600 .ssh/authorized_keys
change permission of file ./.ssh/authorized_keys so that its owner can read and
write it, other users can do nothing
How do I know if authorized_keys is a directory or file? (I see lots of tutorials online on this topic and so make it sound like it is a directory whereas others make it sound like a file?!


Quote:
Originally Posted by Doc CPU View Post
Does that take you anywhere?

[X] Doc CPU
A little!


Rob
 
Old 02-17-2015, 02:41 PM   #7
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Miati View Post
"Quicker" means more to the point, ignoring excess information.
What happens when someone next time says
Code:
chmod 766 .ssh/authorized_keys
would you know what that meant?

Take some time, read through and understand the information in the links. That way you won't have to ask every time something new shows up
Please see my questions above.

My confusion is mostly in the first line. And I will read up more, but first I need to understand Line 1. (I get the permissions stuff mostly.)

Sincerely,


Rob
 
Old 02-17-2015, 02:46 PM   #8
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by RobInRockCity View Post
What does the -R mean?
It does a recursive change, so the changes are applied to the .ssh directory and all of its subdirectories and files

Quote:
Originally Posted by RobInRockCity View Post
When you say "change owner and group of all files" is the a change FROM ____ TO ____?
FROM whatever they used to be, TO example_user:example_user

Quote:
Originally Posted by RobInRockCity View Post
I don't understand what example_ser:example_user .ssh means?
example_user:example_user are the new user:group respectively. .ssh is the directory being changed
So it's changing the owner of the .ssh directory (and all subdirectories/files) to example_user, and also changing the group to example_user. The syntax is:
chown -arguments user:group file

Quote:
Originally Posted by RobInRockCity View Post
Why typically would you use 700 on a directory, but 600 on a file in the directory?
The number is octal, it represents the bitwise addition of the permissions you want to set.
1 = execute
2 = write
4 = read

Add up the permissions you want, and you get a number between 0-7. The first number is the permission for the file/dir's owner, the second number is for any members of the file/dir's group, the third number is for everyone else. The difference between "6" and "7" is execute permission. Directories require execute permissions to navigate them, files only need execute permissions in order to execute them (programs, scripts, etc.).


Quote:
Originally Posted by RobInRockCity View Post
How do I know if authorized_keys is a directory or file?
It's a file. You can always run "ls -l ~/.ssh/authorized_keys". If the very first character in the output is a "d", eg: "drwx------" then it's a directory, otherwise (eg: "-rw-------") it's not.

Last edited by suicidaleggroll; 02-17-2015 at 02:47 PM.
 
1 members found this post helpful.
Old 02-17-2015, 02:58 PM   #9
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
It does a recursive change, so the changes are applied to the .ssh directory and all of its subdirectories and files
Got it.


Quote:
Originally Posted by suicidaleggroll View Post
FROM whatever they used to be, TO example_user:example_user

example_user:example_user are the new user:group respectively. .ssh is the directory being changed
So it's changing the owner of the .ssh directory (and all subdirectories/files) to example_user, and also changing the group to example_user. The syntax is:
chown -arguments user:group file
So if I had this...
Code:
chown -R rob:rob .ssh
...then that would make "Rob" the user and "Rob" the group owners of the ".ssh" directory, right?

Does that mean that "Rob" the user has to be in "Rob" the group for this to work? (Could Rob *not* be in the "Rob" group?)

For a single VPS where the only people with access is me and my web host, do I even need to introduce the concept of Groups?



Quote:
Originally Posted by suicidaleggroll View Post
The number is octal, it represents the bitwise addition of the permissions you want to set.
1 = execute
2 = write
4 = read

Add up the permissions you want, and you get a number between 0-7. The first number is the permission for the file/dir's owner, the second number is for any members of the file/dir's group, the third number is for everyone else.
Yeah, I knew that part.


Quote:
Originally Posted by suicidaleggroll View Post
The difference between "6" and "7" is execute permission. Directories require execute permissions to navigate them, files only need execute permissions in order to execute them (programs, scripts, etc.).
So if a Directory was 700 then you could never enter into it, right?

And if a File was 600, you could read and write to it, but not run it, right? (So why would you want to do that? When would execution be bad?)


Quote:
Originally Posted by suicidaleggroll View Post
It's a file. You can always run "ls -l ~/.ssh/authorized_keys". If the very first character in the output is a "d", eg: "drwx------" then it's a directory, otherwise (eg: "-rw-------") it's not.
Can you also tell because there isn't a trailing /

Like this is a directory, right?
Code:
~/.ssh/authorized_keys/

And this would be a file, right?
Code:
~/.ssh/authorized_keys

Thanks,


Rob
 
Old 02-17-2015, 03:06 PM   #10
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Quote:
So if a Directory was 700 then you could never enter into it, right?

And if a File was 600, you could read and write to it, but not run it, right? (So why would you want to do that? When would execution be bad?)
If the directory is 700, and you own the folder then you can enter it and write to it. But members of the folders group and everyone else cannot.
To navigate a directory, it must have a execute and read bit set. Technically, 733 is valid. This will only permit writing to the directory, but the owner can read and write in the directory.

Execution is bad when the file that you run contains code you don't want run. e.g. spyware.
It best practice to not have execute bits on pictures, videos, documents, etc because they have no need to be permitted to execute code.

Last edited by Miati; 02-17-2015 at 03:09 PM.
 
Old 02-17-2015, 03:11 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by RobInRockCity View Post
So if I had this...
Code:
chown -R rob:rob .ssh
...then that would make "Rob" the user and "Rob" the group owners of the ".ssh" directory, right?
Yes

Quote:
Originally Posted by RobInRockCity View Post
Does that mean that "Rob" the user has to be in "Rob" the group for this to work?
No, you can set them independently. You can also use
chown Rob .ssh
chgrp Rob .ssh
To perform the two steps separately, "chown Rob:Rob .ssh" is just a shortcut.

Quote:
Originally Posted by RobInRockCity View Post
For a single VPS where the only people with access is me and my web host, do I even need to introduce the concept of Groups?
Probably not

Quote:
Originally Posted by RobInRockCity View Post
So if a Directory was 700 then you could never enter into it, right?
700 means you can enter, read, and write if you're the owner. If it were 600, then you wouldn't be able to work with the directory.

Quote:
Originally Posted by RobInRockCity View Post
And if a File was 600, you could read and write to it, but not run it, right?
Yes

Quote:
Originally Posted by RobInRockCity View Post
(So why would you want to do that? When would execution be bad?)
You never want a non-executable file to be given execute permissions. It's a security problem and bad form. It's also something that Windows does constantly, and is part of the reason why it's so ridiculously vulnerable to spyware and viruses.

Quote:
Originally Posted by RobInRockCity View Post
Can you also tell because there isn't a trailing /
That only works in one direction. ~/.ssh/ can only point to the directory .ssh, but ~/.ssh could point to either a file or a directory. In other words, the trailing slash means "this is a directory", but lack of a trailing slash does not mean it must be a file.

Last edited by suicidaleggroll; 02-17-2015 at 03:13 PM.
 
1 members found this post helpful.
Old 02-17-2015, 03:22 PM   #12
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Miati View Post
If the directory is 700, and you own the folder then you can enter it and write to it. But members of the folders group and everyone else cannot.
To navigate a directory, it must have a execute and read bit set. Technically, 733 is valid. This will only permit writing to the directory, but the owner can read and write in the directory.
I meant to say that if a directory was 600 then even the owner couldn't look inside it, right? (Would everyone be locked out of it forever?!)


Quote:
Originally Posted by Miati View Post
Execution is bad when the file that you run contains code you don't want run. e.g. spyware.
It best practice to not have execute bits on pictures, videos, documents, etc because they have no need to be permitted to execute code.
So you are saying that you "read" a picture or document or video or song, but you don't need to "execute" them?


Rob
 
Old 02-17-2015, 03:24 PM   #13
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by RobInRockCity View Post
I meant to say that if a directory was 600 then even the owner couldn't look inside it, right? (Would everyone be locked out of it forever?!)
Everyone would be locked out until the owner changed the permissions back to 700.

Quote:
Originally Posted by RobInRockCity View Post
So you are saying that you "read" a picture or document or video or song, but you don't need to "execute" them?
Correct
 
1 members found this post helpful.
Old 02-17-2015, 03:25 PM   #14
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
That only works in one direction. ~/.ssh/ can only point to the directory .ssh, but ~/.ssh could point to either a file or a directory. In other words, the trailing slash means "this is a directory", but lack of a trailing slash does not mean it must be a file.
Wow, that is interesting! I never realized that is how Linux does things.

Thanks!


Rob
 
Old 02-17-2015, 05:42 PM   #15
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
I would suggest reading the following links to get a nice overview of the linux filesystem
http://www.tldp.org/LDP/intro-linux/...ect_03_01.html
http://en.tldp.org/HOWTO/Unix-and-In...WTO/index.html

A basic idea of linux (I think *nix in general) is that everything is a file. For example, you can view information about your cpu by going to /proc/cpuinfo.
More or less, directories are files that reference other files.
While this might seem like a odd idea, in practice it becomes a very efficent method of organizing information and giving useful features.

For example, you can point output to the black hole of /dev/null, fill a file full of binary 0's from /dev/zero, and gain random information from /dev/random and /dev/urandom (the latter not being "true" random)

Quote:
(Would everyone be locked out of it forever?!)
Yes. But, since you (or whomever) owns the directory, they can change permissions of the directory. This would restore (change) the access to whatever it is set as.

Last edited by Miati; 02-17-2015 at 05:43 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
File Permissions- Once again the Permissions questions?? fusionstate Linux - Newbie 2 01-04-2014 01:47 PM
chmod: changing permissions of `/usr../bin': Read-only file File System Issue cdhar Linux - Newbie 3 12-31-2012 07:17 AM
SMB - File copy from Windows file permissions changed? tiger.woods Red Hat 1 12-04-2012 07:18 AM
File permissions v. directory permissions Completely Clueless Linux - Newbie 7 07-09-2009 09:33 AM
file permissions OK, but command permissions? stabu Linux - General 2 10-05-2005 01:00 PM


All times are GMT -5. The time now is 03:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration