Figuring Out Group Permissions in Linux

You may be faced with a situation in which you must figure out who has permissions to a file or directory and what those permissions are. This sounds simple enough. It really is not as simple as it may sound, here is an example. You view the contents of the /var/www (/var/www/html in CentOS) directory where your web site content is found and you see a directory that looks like this:
Ubuntu
drwxr-xr-x 2 www-data fsmith 4096 2008-05-12 05:19 3qw
CentOS
drwxr-xr-x 2 apache fsmith 4096 2008-05-12 05:19 3qw

The owner is www-data (apache in CentOS), that is not uncommon in the /var/www directory as www-data is the user that Ubuntu uses for web content. However the group can present a problem in that the question will arise, who is in the group? There is an easy way to determine that. Use cat to view the contents of the group file that lists users in a group. A good way to do this is to pipe the output of the cat command into a text filter search with grep like so:
cat /etc/group | grep fsmith
fsmith:x:1001:
The | symbol (pipe) will take the output of one command and use it as input to the second command. With the output you will see that the group fsmith does not list any users after the final “:”. There is only one user in this group, fsmith. If the output looked like this:

cat /etc/group | grep fsmith
fsmith:x:1001: tom, jane,jerry,joan,rudy

Now you know that the group contains five users who have permissions to this file(fsmith, jane, jerry, joan and rudy). The /etc/group file is a file that you can view with:

cat /etc/group

When you view the output you will see a number of groups that are relevant to permissions.
root:x:0:
The root group is for the root user only, DO NOT add users to this group, it could very well create system failure and will certainly increase security issues.

The following groups in Ubuntu not CentOS are groups that are given by default to the first user created on the system for administrative purposes. In other words, this is the user that is able to use the sudo command and these represent those permissions. The first example of groups represent the permissions to use cdrom, floppy, audio, video and dialout. These are not permissions that you will typically use from a remote connection.

dialout:x:20:mike
cdrom:x:24:mike
floppy:x:25:mike
audio:x:29:mike
dip:x:30:mike
video:x:44:mike
plugdev:x:46:mike
fuse:x:107:mike

These groups are the administrative groups that allow users to run root commands using sudo. These are the groups that you could edit to add users who could be able to use sudo.
adm:x:4:mike
admin:x:120:mike

The adm group has historically been a group that was used to allow users in the group to read log files. Here is an example from /var/log where syslog is readable by the adm group.

-rw-r—– 1 syslog adm 2752 2008-08-14 07:21 syslog

If you run visudo and view the default file you will see these lines at the bottom which lists the rights of the admin group as capable of running any root commands.

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

Modify Your Command Prompt

You may find that you want to modify the prompt. This can help you create visibility for special features or just modify it to something more useful. You can view the default settings for the prompt by using this command:

echo $PS1

As stated above it will show user, hostname, location and definition whether it is a normal user or root.

Create a single character

PS1=”$ ”

The space behind the $ is enforced by placing the quotes so it does not run into your text. The $ is typically used to show that it is a normal user not the root user indicated by the “#”.

Change options for the prompt

\d : the date Weekday Month Date format
\h : the hostname up to the first ‘.’
\A : the current time in 24-hour HH:MM format
\u : the username of the current user
\w : the current working directory, with $HOME abbreviated with a tilde
\$ : if the effective UID is 0, a #, otherwise a $

Create a colored prompt
You may want to create a color prompt that you can use for visibility. In this example the hostname has been dropped to make a shorter prompt and the prompt is turned red but the commands that you enter will be black. The export command will change these features.

mike@ub:~$ export PS1=’\e[0;31m[\u:\w]\$ \e[m '
[mike:~]$

This will color the prompt but not any commands that you enter.

List of Color codes
Color Code
Black 0;30
Blue 0;34
Green 0;32
Cyan 0;36
Red 0;31
Purple 0;35
Brown 0;33
Blue 0;34
Green 0;32
Cyan 0;36
Red 0;31
Purple 0;35
Brown 0;33

Replace digit 0 with 1 for a lighter color.

Make Changes permanent
All of the changes you make will be lost when you close the terminal or log out. Here are directions to make them permanent.

Ubuntu
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_colored_prompt=yes

The .bashrc file in each user’s home directory allows you to change the default for the prompt to a color prompt by uncommenting the line:

#force_colored_prompt=yes

Unfortunately a typo in the line must also be corrected so that it should read:
force_color_prompt=yes

Ubuntu or CentOS
Place your custom prompt in the user .bashrc file with this command:

export PS1=’\e[0;31m[\u:\w]\$ \e[m ‘

Finding Changes with Timestamps

Timestamps are important in terms of diagnostics because they provide you with information about when an event occurred. For example, when a file was last changed. This information alone is invaluable for troubleshooting. The timestamp represents the last time the file was modified. As you look at these examples, you can see they all have different modification dates.
Dates. The file training was modified 2000-07-05 at 19.01 and the file squid.rtf was modified 2008-05-27 at 16:24 so you can see both date and time are available.
-rw-r–r– 1 mike mike 30722 2008-07-05 19:01 training
-rw-r–r– 1 mike mike 997 2008-05-27 16:24 squid.rtf

In these examples you see a directory, notice the “d” at the start of the line. The dates of this same directory are different because a sub-directory was changed in test so the second example reflects that change.
drwxr-xr-x 3 mike mike 4096 2008-08-13 16:47 test
drwxr-xr-x 4 mike mike 4096 2008-08-14 09:21 test

A powerful utility for locating changes is the find command. With the Linux find utility, you can perform powerful searches on just about any criterion you can think of, and then–from the same command-line entry–invoke another utility to do whatever you need to do with the results.
In order to perform the most basic of searches, you’ll need to specify two things:
The search path–You can perform a search in either a specific path, or the entire filesystem. Since find is inherently recursive, the search will automatically extend to all of the subdirectories beneath of the directory that you specify.
What you’re searching for–There are a lot of ways that you can specify this. You can search for files of a specific name, and decide whether to make the search case-sensitive. You can also use wildcards, or search for files with certain characteristics or that are of a certain age. Or, you can combine multiple criteria for even more specific searches. The main thing that limits you is your own imagination.

So now, for example if you want to search the entire filesystem for all files whose names end in “.conf”. You’ll want to use either the “-name” or the “-iname” switch in front of the file description that you want to search for. Otherwise, you’ll get a jumbled up mess of every directory listing that you’ve searched, with the information you’re looking for mixed in. For case-sensitive searches, use “-name”; for case-insensitive searches, use “-iname”. In this case, use “-iname”, since you want to make the search case-insensitive. If you include a wildcard character in with a search criterion, you’ll need to enclose that search criterion in quotes. That will keep the shell from interpreting the wildcard character as an ambiguous file reference.

sudo find / -iname ‘*.conf’
—cut—
/etc/vsftpd/vsftpd.conf
/root/vsftpd.conf
—cut—
In reference to timestamps what you are really interested in are two requirements, the name of the file and the time it was changed.

You can perform searches with more than one search criterion. If you separate the criteria with a space, it will be the same as placing an “and” operator between them. The “-mtime -7″ switch to find all of the “.conf” files that were modified within the last seven days.

sudo find / -iname ‘*.conf’ -mtime -7
/etc/mplayerplug-in.conf
/etc/awstats/awstats.model.conf
/etc/awstats/awstats.localhost.localdomain.conf
/etc/httpd/conf.d/awstats.conf
/etc/yumex.profiles.conf
/var/cache/yum/yumex-mirror-cache.conf
—cut—

There are several important parts to find. First you will need to use sudo to be able to access many files as they will be owned by root. Use the find command followed by the directory you want to search. If you want to search the whole server use “/”. If you want to limit your search to a specific directory indicate that. Using the -iname is the easiest option as it allows all files regardless of case.

The important part is looking for a text string which must be enclosed in single quotes. A common wildcard is to use the “*” indicating it will match anything. So ‘*.conf’ will match any file that ends with “.conf”. If you use ‘*.*’ it will be a wildcard for anything. The -mtime is a search for files modified within a time period.

Here are some practical examples:

Files on the system modified within the last 24 hours. Note this is looking for all types of files on the whole system.

sudo find / -iname ‘*.*’ -mtime -1

Files that have changed in the /var/www directory in the last week.

sudo find /var/www -iname ‘*.*’ -mtime -7

Files that have changed in the apache web server configuration directory in the last 14 days.

sudo find /etc/apache2 -iname ‘*.*’ -mtime -14

You can change your search with find to locate files that have been accessed within a time period. For example if you wanted to locate files that have been accessed in the /usr/share directory you could use this command:

find /usr/share -iname ‘*.*’ -atime -1

That would list files accessed by a user or the system within the last 24 hours in the /usr/share directory.

Locating Information from the Command Line

Specific searches for information can provide excellent resources for troubleshooting. This section will help you examine a number of ways to find the information that you need.

Search Packages

When Ubuntu updates packages it keeps a package cache of .deb files in /var/cache/apt/archives. This archive can be used to review recent changes on your server. Here are a series of examples to help with searching packages.

Search packages added in last week
find /var/cache/apt/archives -iname ‘*.deb’ -atime -7

Note that atime is used because packages in this directory are not modified they are only added.

Search for packages which have a specific name
Be sure to use the “-n” option as it will force the search to be used for file that have the text string, in this example “apache”, in the name. Otherwise it will include those who have that text string in the description.

apt-cache search -n apache

This search will provide very helpful information for what packages were changed on an update. The “reverse depends” list shows packages which require, recommend or suggest the package searched. The “dependencies” list shows which packages are required, recommended, or suggested for your searched package.

Search for Sizes

Find all files over 10 MB
find / -size +10000000c 2> /dev/null

Find all files over 50 MB
find / -size +50000000c 2> /dev/null

The “2> /dev/null” sends all error messages to the trash instead of the screen.

Search User Owned Files

If you want to find files that belong to only a certain user, you can do that with the “-user” switch. Add a second criterion to find only files of a certain type that belong to a certain user.

find / -user tom -iname ‘*.txt’

You can adjust this search by changing the text string which represents the file type. In the example, “.txt” is used but that could be changed to and file type, like; “.rtf”,”.conf”,”.jpg”,”.gif”, etc.

Managing Versions
Using the “-v” option you can show the version of many programs to verify which version is current. Here are a few examples.

apache2 -v
Server version: Apache/2.2.8 (Ubuntu)
Server built: Jun 25 2008 13:54:13

syslogd -v
syslogd 1.5.0

Using Aptitude to Locate Information

Aptitude is a text mode tool with a menu front end for apt. It can easily provide information about packages and the versions that you currently have installed as well as packages that are not installed. You can access aptitude with:

sudo aptitude

When you open aptitude you will see a menu bar at the top of the screen with two panes below the menu bar. The top pane lists package categories and the bottom pane contains information related to the packages and package categories that you select.

Caution: You can easily break your system using aptitude carelessly as you will be running as root and you can easily install or uninstall packages.

— Installed Packages
— Not Installed Packages
— Obsolete and Locally Create Packages
— Virtual Packages (do not exist but the names are required by other programs)
— Tasks (select packages by groups)

Select any of the five categories and it will expand to show groups related to software packages. For example if you select Installed Packages you will see a list of categories that starts like this:

— admin
— main (Fully supported software)
I grub 0.97-29ubu
— universe (Unsupported software)
— base
—comm

Select a specific category and you will see the individual repository that the packages come from. When you select a repository you will see a list of applications followed by the version that is used. If you see an “I” it indicates that it is installed on the system. In the bottom pane you will see a description of the package.

Whenever you list packages they will have one of these indicators in front of the package to indicate the status of the package.

i: Installed package
c: Package not installed, but package configuration remains on system
p: Purged from system
v: Virtual package -
B: Broken package
u: Unpacked files, but package not yet configured
C: Half-configured – Configuration failed and requires fix
H: Half-installed – Removal failed and requires fix

You can use the F10 key to access the menu across the top.

Actions Undo Package Resolver Search Options Views Help

Actions – install and uninstall options, clean cache
Undo – undo actions

Package – manage install, remove, purge, etc of packages
Resolver – try to resolve issues with conflicts
Find – locate packages
Options – display options
Views – quick access to various view options
Help – basic help

Using dpkg to Locate Information

The dpkg or Debian Package Management tool is an additional way to locate information about packages. If you use the “-l” option you can provide a topic and it will list the package version that is installed.

dpkg -l apache2
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-====================-====================-
ii apache2 2.2.8-1ubuntu0.3 Next generation, scalable, extendable web server

dpkg -l cron
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-====================-====================-
ii cron 3.0pl1-100ubuntu2 management of regular background processing

If you want to list all packages installed use “-l” alone. It will list the package name, version and brief description.

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==========================================

ii acl 2.2.45-1 Access control li
st utilities
ii acpi 0.09-3ubuntu1 displays information on ACPI devices
ii acpi-support 0.109 a collection of useful events for acpi
ii acpid 1.0.4-5ubuntu9 Utilities for using ACPI power management
ii adduser 3.105ubuntu1 add and remove users and groups

Beginners Guide to Command Line Part III

How to Acquire root Privileges
There are several ways to escalate the normal user privileges to the root user privileges. You may wonder why this needs to be done. There are many files and directories that cannot be modified by the normal user. If you are trying to fix problems and sometimes when you are trying locate problems you will need the privileges of root.

The su command allows you to “substitute user”. One of the major disadvantages of this process is that su does not record the commands executed as root. It does create a log entry for which user became root and when but not what they did with the power! Once logged in as a user you can switch to root with this command:
su root

The system will then ask for the root password. This will then provide the user with full control of the entire system and access to all files and directories on the system. One item of note for Ubuntu users. If the root account has not been configured to enable this feature you will not be able to become root with su.

su – root

This is an additional option that will place you in the root home directory when executed and provide you with the environment of the root users as well. Details of the root user environment will be discussed in the path explanation.

sudo
When Ubuntu is installed the first user to be installed on the system will be able use the sudo su command to administer the system. This is because the first user is placed in groups that allow these special privileges. Subsequent users that are added do not get these privileges by default. You can see in the example below that the first user mike is placed in a number of special groups providing these privileges while the users tom and diane do not have the same rights. This can be viewed when you open the /etc/group file with cat, short for catenate.

cat /etc/group

adm:x:4:mike
tty:x:5:
dialout:x:20:mike
cdrom:x:24:mike,tom
floppy:x:25:mike
audio:x:29:pulse,mike,tom
dip:x:30:mike
video:x:44:mike,tom
plugdev:x:46:mike,tom
fuse:x:107:mike
lpadmin:x:109:mike
admin:x:115:mike
pulse:x:116:mike
–cut–
mike:x:1000:
tom:x:1001:
diane:x:1002:

The advantage of using sudo is that there is better command logging for accountability, you can limit access, you do not have to reveal the root password, and sudo is faster

How to use the sudo command
The first user created on the system, because they are added to special groups, has the privileges to run administrative commands even though they are a normal user. If mike a normal user wanted to check the firewall configuration and executed the command, iptables -L, would only see a response that they did not have the correct privileges as you can see below.

mike@ub:/etc$ iptables -L
iptables v1.3.8: can’t initialize iptables table `filter’: Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Now if mike was a normal user that had been placed in the privileged groups he could use the sudo command to be able to execute that command. The sudo command precedes the command you want to run with root privileges.

Format → sudo command options

In the example below sudo precedes the command iptables which is followed by the option -L.

mike@ub:/etc$ sudo iptables -L
[sudo] password for mike:
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-input all — anywhere anywhere
ufw-after-input all — anywhere anywhere
—cut—

In Ubuntu the sudo command can be joined with su to create the privileges needed to execute administrative commands and to change users to root as long as you remained logged in.

sudo su

This will mean that the user will receive root privileges and be actually running as the root user which will be reflected in the prompt as you see below. Note that the “$” on the end which signifies a normal user has been replaced by the “#” which indicates that the user is now functioning as root in all of the commands they execute.

root@ub:/etc#

This is a dangerous thing to do because any mistake you make will be a permanent change, which no warning.