S6E0: "Fat Access"

Posted 2021-02-14 23:59
Modified 2021-02-28 00:39
Comments 0

WE’RE BACK, BABY! We talk about chown/chmod and dig deeper into what exactly the standard access security model is for Linux.

• Just the Tip
• Notes
• 15 Clams
• Errata
• Music

Just the Tip

• Paden tells us about the Department of Energy and FERC compromise due to the Solarwinds compromise.

Notes

Starts at 38m40s. (I know.)

I was drinking coconut water and black tea. Paden was drinking water. Jthan was drinking F O R B I D D E N Yuengling.

• chown and chmod, UID and GID, octal permissions
  • chown, UID and GIDs/usernames and groupnames
    • In a traditional *NIX system, users are listed in /etc/passwd “database”. It maps usernames to UIDs, specifies the preferred shell, etc. See man 5 passwd for more information.
      • Passwords used to be kept in the /etc/passwd file, but now are not – they’re typically in a separate “database”, /etc/shadow. See man 5 shadow.
    • (Groups are kept in respective /etc/group and /etc/gshadow. You can man both of those files too for explanations on what the columns are.)
    • If you’re using LDAP auth, that complicates these things but know two things: 1.) user/group mappings are usually cached, and 2.) you absolutely should be using sssd.
  • chmod, modal permission system
    • Take this example ls -l output: drwxr-x--x 50 bar baz 4096 Feb 8 16:58 foo
      • This means it is a directory that allows read, write, and execute permissions for the bar user.
      • Only read and execute (traversal) permissions for the baz group, and
      • Only the execute (traversal) permissions for everyone else (“other”).
    • Sticky bits, SUID, and SGID are… sort of obsolete, more or less (SUID is still fairly useful). You can read more about them here. (It turns out, the sticky bit for files has been ignored in the BSDs as well. Originally it was to be used as a special flag for the kernel.)
    • Octal modes are extremely hard to describe in speech without diagrams, but here are some useful resources to get you started:
      • An octal permissions calculator
      • Understanding Octal File Permissions
      • UNIX File Permissions
• BONUS! Bookmark endoflife.date !

15 Clams

In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)

Starts at 1h14m08s.

Jthan talks about CentOS 6. You can purchase extended support “at a reasonable price” for CentOS 6 from Cloudlinux.

Errata

• We had some weird audio issues with this one. I sound tinny (I didn’t optimize my input levels) and Jthan dropped a couple minutes in, so we had to use his Mumble track for the first several minutes.
• Also Jthan “mostly” fixed his laptop.
• Also also, Jthan has brought to my attention that GrubHub now apparently has an API. I’m not sure if this is accessible to just restaurants or if customers can use it too.
• amayer let us know:

Hey, In the last episode, S6E0 at 1:11:08, r00t^2 mentioned that you can change individual permissions with the letter form but not with the octal form. I believe this is incorrect. Reading the man page doesn’t make it extremely clear if the example below is an intended behavior or some backward compatibility thing but I’ve used chmod like this a few times thinking I was clever.

Thanks, amayer! I remember that not working when I last tried it but it seems that is either possible now or my test wasn’t accurate.

Music

Author r00t^2
Categories Season Six