S6E0: "Fat Access"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2021-02-04 04:27:50 2021-02-14 07:35:17 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 46a6fdc0edd8422ba36c3924de913c3525ea1bfab6ee23e8d4748ba4860dec08 click click
OGG 1c6b9200629c77795ef0d656f17f1ee0a1d1db24014190272a4f9f2429803e19 click click
Quicklisten:

WE’RE BACK, BABY! We talk about chown/chmod and dig deeper into what exactly the standard access security model is for Linux.

Just the Tip

Notes

Starts at 38m40s. (I know.)

I was drinking coconut water and black tea. Paden was drinking water. Jthan was drinking F O R B I D D E N Yuengling.

  • chown and chmod, UID and GID, octal permissions
    • chown, UID and GIDs/usernames and groupnames
      • In a traditional *NIX system, users are listed in /etc/passwd “database”. It maps usernames to UIDs, specifies the preferred shell, etc. See man 5 passwd for more information.
        • Passwords used to be kept in the /etc/passwd file, but now are not – they’re typically in a separate “database”, /etc/shadow. See man 5 shadow.
      • (Groups are kept in respective /etc/group and /etc/gshadow. You can man both of those files too for explanations on what the columns are.)
      • If you’re using LDAP auth, that complicates these things but know two things: 1.) user/group mappings are usually cached, and 2.) you absolutely should be using sssd.
    • chmod, modal permission system
      • Take this example ls -l output: drwxr-x--x 50 bar baz 4096 Feb 8 16:58 foo
        • This means it is a directory that allows read, write, and execute permissions for the bar user.
        • Only read and execute (traversal) permissions for the baz group, and
        • Only the execute (traversal) permissions for everyone else (“other”).
      • Sticky bits, SUID, and SGID are… sort of obsolete, more or less (SUID is still fairly useful). You can read more about them here. (It turns out, the sticky bit for files has been ignored in the BSDs as well. Originally it was to be used as a special flag for the kernel.)
      • Octal modes are extremely hard to describe in speech without diagrams, but here are some useful resources to get you started:
  • BONUS! Bookmark endoflife.date !

15 Clams

In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)

Starts at 1h14m08s.

Jthan talks about CentOS 6. You can purchase extended support “at a reasonable price” for CentOS 6 from Cloudlinux.

Errata

  • We had some weird audio issues with this one. I sound tinny (I didn’t optimize my input levels) and Jthan dropped a couple minutes in, so we had to use his Mumble track for the first several minutes.
  • Also Jthan “mostly” fixed his laptop.
  • Also also, Jthan has brought to my attention that GrubHub now apparently has an API. I’m not sure if this is accessible to just restaurants or if customers can use it too.
  • amayer let us know:

Hey, In the last episode, S6E0 at 1:11:08, r00t^2 mentioned that you can change individual permissions with the letter form but not with the octal form. I believe this is incorrect. Reading the man page doesn’t make it extremely clear if the example below is an intended behavior or some backward compatibility thing but I’ve used chmod like this a few times thinking I was clever.

Thanks, amayer! I remember that not working when I last tried it but it seems that is either possible now or my test wasn’t accurate.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Words Cosmic Kingsnake click CC-BY-NC-ND 4.0
Outro Follow Viktor Van River click CC-BY-SA 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.