Linux for IBM i: Authorities and permissions

Part of administering a Linux OS is adapting permissions and authorities to the needs of your organization. David Vasta explains how to decode the file permission system, how to use chmod, and concepts in file management on the Linux OS.

In part one, David Vasta introduced Linux to the IBM i person. In part two he provided an overview of useful commands and terminology for the novice. Here, he explains how permissions and authorities work.

In Linux, file names can be up to 256 characters long with "-", "_", and "." characters and letters and numbers. When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example:

drwxrwxrwx

There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax

1 2 3 4 5 6 7 8 9 10
FILE User permissions Group permissions Other permissions
TYPE READ WRITE EXECUTE READ WRITE EXECUTE READ WRITE EXECUTE
D R W X R W X R W X

  • Character 1 is the type of file: - is ordinary, d is directory, l is link.
  • Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
  • Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
  • Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute

There are five possible characters in the permission fields. They are:

  • r = read - This is only found in the read field.
  • w = write - This is only found in the write field.
  • x = execute - This is only found in the execute field.
  • s = setuid - This is only found in the execute field.
  • If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.

This can be a bit tricky as we as System i people are not used to this type of security. Everything in Linux is a file much like the System i

The first character is a "d" and is for directory

What is chmod?
chmod is a Unix command that lets you tell the system how much (or little) access it should permit to a file. Using the command will edit the information in the previous section.

CHMOD - Changes the authorities on a file using the command with the proper arguments.

Example: chmod a+rwx myfile

The first character identifies the set of permissions to be changed and can be one of the following:

  • u – user
  • g - group
  • o - other
  • a – all

The next part after the '+' is what we are changing. The + adds and a - removes. The rwx permissions are being added. All of them are being added so all the people accessing this file will have rwx permissions to it. You could also us the octal format. The octal format is a little more geek but once you get it, makes life easy. Most admins use this format anyway.

Example: chmod 775 myfile

755 is a little easier for you to nail the permissions home.

R=4
W=2
X=1

You may find this Cut and Paste chmod calculator helpful as you begin working with chmod.

File management concepts
Owner: Every file in Linux has one and only one owner. The owners permissions are controlled with file authority. The owner can change the owner or any of the part of the file authority using the CHOWN command as long as they have root access or some type of sudo or SU.

Group: Every file in Linux has one (and only one) group. User profiles have a primary group that is listed in the /etc/passwd file and they can belong to other groups in the /etc/group file. Files created by a user will get the owners primary group. Group ownership is changed using the chgrp command.

Directory listings: One of the most common commands you will use is "ls." It's a very useful command and has loads and loads of options. Use "man ls" to find them all.

Typical uses for "ls":

Command What it does
ls List files
ls | less Stops after each page
ls –a Includes the files starting with "."
ls –I Lists more information
ls –F Shows the type of file
ls ~ Shows the contents of your home directory

Copying files: The "cp" command is short for "copy." This command gives you the ability to copy files al over the OS as long as you have rights.

cp file1 file2

This command copies file1 into a new file called file2 or: cp <original file> <new file name>

cp can copy the entire contents of a directory: cp -r oldddir newdir

Relocation or renaming files: So you want to move some files around and you need a truck, you should get a "mv" command. Here is what it takes to move files using mv:

mv file1 files2 file3 direcrtory

or

mv oldfilename newfilename

User management: What is a user?
User-name is a representation of a unique User ID (UID) on the system. Each user is associated with a primary group and can belong to one or more secondary groups.

A user definition typically consists of the following items:

  • User name
  • Password definition
  • User ID (UID)
  • Primary Group ID (GID)
  • Full name or description
  • Path to home directory
  • Path to shell (used for interactive command), or first program to execute.

Fields in the /etc/passwd file:

  • Login name: The name used to login to the system – this name is mapped by Linux to the Numeric user ID (UID)
  • Optional encrypted password: The password used to access the system – if shadow passwords is enabled (the default behavior) this field will not be used (password will be stored in /etc/shadow)
  • Numerical user ID: The unique integer number used by the system to identify the user. This number is "mapped" by the system to the Login name
  • Numerical group ID: The unique integer number used by the system to identify the primary group that this user belongs to. This number maps to a group name in the /etc/group file
  • User name or comment field: Used to provide additional information about the user. Can contain optional information such as "pri=" for the initial priority of the user command interpreter, and "umask=" to set the initial value of the file creation mask.
  • User home directory: Identifies the initial working directory for the active process to be started in upon successful login
  • User command interpreter: Identifies the shell or initial program to execute upon successful login.

Clips from Linux

Login name PW UID GID User name User home dir Shell

Fields in the /etc/group file:

  • Group name: The name used to identify the group – this name is mapped by Linux to the Numeric Group ID (GID)
  • Password: The encrypted group password. If this field is blank (which is the case for most installations) then no group password is needed.
  • Group ID (GID): The unique integer number used by the system to identify the group. This number is mapped to the group name by the system.
  • User list: All of the group member's user names, separated by commas.
Clip from Linux

Group name PW GID Members of the group

User profile control, configuration files: Linux makes use of "control files" to configure a user's login environment and shell environment (among others). Many of these control files reside in the user's home directory, typically /home/ . The names of most of these files starts with a "." which means that they are not displayed in a normal (i.e., "ls" listing). The "-a" option on the "ls" command will display the hidden files.

/home/ /.profile

Read/invoked when the user log's into the system and contains settings for the overall login environment for the user

/home/ /.bashrc

Read/invoked every-time a new shell is started and contains settings for the shell environment

/home/ /.vnc

A directory that contains information required for running vnc sessions. This directory is created the first time the user issues the 'vncserver' command. It is read/invoked every-time the user starts a new vncserver session

Graphical interfaces
Each Linux OS seems to have a system tool and here is a quick list of some terms you might come across:

Linux Generic Tool: WebMin – Open Source configuration tool that runs on a variety of Linux distributions (including both Red Hat and SuSE) on a variety of platforms (including Intel and PPC!!)

SuSE: YaST2 (Yet Another Setup Tool) – An integrated configuration tool that provides a GUI interface to most system configuration activities.

Red Hat: system-config-* - Red Hat provides separate configuration tools for each function, example system-config-packages for package management and system-config-network for networking.

Where is the GUI?
At this point you are likely pretty tired of the command line, and I don't blame you. I would be too. Right now there are a few schools of thought on GUI desktops. With hardware becoming more speedy one might ask what does it matter if I run a desktop on my server? While I can see the point, I have to tell you that I disagree, unless you absolutely can't live without them. I'll concede, some of the server-based tools in the GUI are nice. In the same breath, I'll tell you to go ahead and run the server with the GUI because Linux is so fast that it's not going to build up that much overhead anyway. You decide. There are alternatives to running and GUI that I would like to cover also.

Most servers give you the option at some time to install the GUI, and I have found myself wanting the GUI at least for the first few days. While I know the commands I still think at times the GUI is just as quick and can get the same things done.

When push comes to shove you are going to want the command line because it may be the only way to talk to the server. So knowing both is always good. I would build up my command-line skills then work from the GUI. You could alternatively do as I did, and do them both at the same time. I called it cheating at that time, but later chalked it up to the way I learn.

Once you get the X-Windows system up or the GUI you can use a VNC client to access it from your local PC. It's all very easy. I will not be covering how to install X Windows or the GUI.

My favorite tool is Webmin. I found it some weeks after my first Linux Server install, and have been in love ever since. It allows the administrator to run the server from a Web console. It's all rather cool and is really easy to install. Also it will work with most of the Linux and UNIX based operating systems out there right now, so if you have some other boxes, I would highly recommend using Webmin on them as well.

Packages
Redhat and SuSE utilize the RPM or Rehdat Package Manager to install applications. IBM packages most of their applications for Linux in RPM format along with gZIP and TAR as well. Debian and Ubuntu us the .deb packages in case you run across them and wonder what they are, of course this just means confusion for the end user.

Package installation concepts

  • The RedHat Package Manager (RPM) has become the defacto standard for package installation and maintenance on a wide range of Linux distributions
  • RPM provides facilities for installation, removal, and maintenance of packages
  • A database of packages installed on the system is maintained by RPM and can be queried for a wide range of package information
  • In addition to RPM, a large number of packages are also available using the Linux standard tools of "tar" and "gzip"

Command Description
RPM Seeing what packages are installed
rpm –qa List all packages installed
rpm –qa | grep bash Find rpms with "bash" in the name
rpm –qi bash Show information about the bash package

That is all for this session. Please remember there are tons and tons of places to get your content online for Linux. If you don't have an answer you need can find it somewhere. A site I like is the The Linux documentation project.

Editor's note: SearchEnterpriseLinux.com has tips and information similar to what you find at Search400.com.

ABOUT THE AUTHOR: David Vasta is the Lotus Notes Administration Team Lead over North America at Atlas Copco. He has 17 years of data center and iSeries experience working in companies such as IBM, REAL and Cingular. He writes a regular blog at System i blogger.

This was first published in November 2008

Dig deeper on Linux on iSeries

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchEnterpriseLinux

SearchDataCenter

Close