File Manipulation, Interaction, and Permissions

`~$ touch myfile.txt` - creates a file - if the file exists, it will change the timestamp of the file to current `~$ mkdir -p important` - (make directory) creates a folder - pretty much always use -p (I have it aliased as such) `~$ cp myfile logins` - copy a file or folder, must give new name `~$ mv logins ./Documents` - move a file or folder, rename, or merge `~$ rm -R important` - remove a file or folder - use `-R` to remove a folder `~$ file logins` - determines the type of file given # File Permissions `~$ ls -l` - show files and permissions it is written as: `-rwxrwxrwx` 12 3 4 1) file type: - "-" indicates regular file - "d" indicates a directory 2) Read, write, and execute permissions for the file owner 3) Read, write, and execute permissions for all other users 4) Read, write, and execute permissions for the group owner of the file `chmod 760 file1.txt` 7 <--- the owner can do anything 6 <--- the group can read and write 0 <--- randos cant do anything each RWX is in binary. Read is worth 4 write is worth 2 execute is worth 1 you add these to set the permissions you want for example: `-rwxr-x--x` `chmod 751 file1.txt` `chmod +t /Images` sets the **sticky bit** on the /Images directory. The sticky bit prevents the file being deleted from anyone but the owner & root. `chattr +i /Images/README` sets the **immutable attribute** -- means that the file cannot be moved, renamed or deleted `chattr -i /Images/README` **removes** the immutable object `lsattr /Images/README` to view the addition ### Use chown Change the owner but not the group: `chown newowner filename` Change the owner and the group `chown newowner:newgroup filename` Change the group but not the owner `chown :newgroup filename` <u>Files:</u> - **Read**: ability to view contents of a file - **Write**: ability to save changes to a file - **Execute**: ability to run a script, program or software <u>Directories</u> - **Read**: ability to see contents of directory - **Write**: create, rename, and delete files in a directory. Requires execute attribute to be set - **Execute:** ability to access a directory, execute a file from that directory or perform a task on that directory. # Groups /etc/groups -- groups allow you to manage permissions for a large group of people instead of changing each person's individually `groupadd` - create a group `groupmod` - modify an existing group `groupdel` - delete an existing group `usermod -aG sales USERNAME` - adds given user to the group given # Access Control lists (ACL) Standard permissions are limited to one user, one group and all others... - cannot grant different access levels to 2 different users ACLs permit multiple users to be given mulitple levels of access ACLs permit multiple groups to be given multiple levels of access DO NOT USE THESE ADVANCED COMMANDS UNLESS THE BASICS WONT WORK IN THE CURRENT APPLICATION `getfacl` - display ACL entries `setfacl -m u:usera:rwx fileA` - set ACL entry for usera with rwx access `setfacl -m g:groupa:rwx fileA` - set ACL entry for groupa with rwx access # PolicyKit Configuration Instead of using sudo you can use PolicyKit and it gives you very granual rules. `pkexec` - allows a user to execute an action `pkaction` - details about an action `pkcheck` - display if a process is allowed `pkttyagent` - text based authentication agent links: [[_LinuxTerminalCMDIndex]] tags: #linux #terminal #CMD #permissions