You will be introduced to Linux commands as entered through the Bash shell. You’ll use the Bash shell to navigate and manage the file system and to authorize and authenticate users. You’ll also learn where to go for help when working with new Linux commands.
Learning Objectives
- Navigate the file system using Linux commands via the Bash shell.
- Manage the file system using Linux commands via the Bash shell.
- Describe how Linux handles file permissions.
- Use Linux commands via the Bash shell to authenticate and authorize users.
- Use sudo to provide root user permissions.
- Access resources that provide support on using Linux commands.
- Navigate the Linux file system
- Manage file content in Bash
- Authenticate and authorize users
- Video: File permissions and ownership
- Video: Change permissions
- Reading: Permission commands
- Quiz: Portfolio Activity: Use Linux commands to manage file permissions
- Reading: Portfolio Activity Exemplar: Use Linux commands to manage file permissions
- Video: Add and delete users
- Reading: Responsible use of sudo
- Get help in Linux
- Review: Linux commands in the Bash shell
Navigate the Linux file system
Video: Welcome to module 3
This section of the course explores the excitement of learning new ways to communicate, particularly in the context of Linux. Just as one might remember the thrill of learning a new language or witnessing a child expanding their vocabulary, the author recalls their sense of wonder when they first began using the command line to communicate with their computer.
In this section, the focus is on gaining a deeper understanding of Linux and how to effectively communicate with the operating system through its shell. The content emphasizes the use of the command line to interact with the OS, covering core Linux commands that are particularly relevant for security analysts. Topics include file system navigation and management, as well as user authentication and authorization. This involves the ability to add and remove users from the system and control their access.
The section also encourages continuous learning and resource access for acquiring new Linux commands. The author highlights the transformative power of the command line, enabling tasks to be accomplished without the need for multiple screen clicks. While it may take some practice to become proficient, mastering the command line is a valuable tool for a security analyst. Upon completing this section, students will have gained practical experience in using Linux commands, a crucial skill for their role.
Learning to communicate in
a new way can be exciting. Maybe you’ve learned
a new language and can remember this feeling. Perhaps a lot of us share
this excitement with young children as they are
expanding their vocabulary. Others, including me, remember
a sense of wonder when we first used a specialized language to communicate with
their computer. In this section, we’ll
continue to learn more about Linux and how to communicate with the
OS through its shell. You’ll utilize
the command line to communicate with the OS. You’ll learn how to input commands in the shell
and learn about some of the core Linux
commands that you’ll use as a security analyst. Specifically, this includes navigating and managing
the file system. You’ll also focus on authenticating and
authorizing users. This means you’ll be able to use a command line to add and delete users from the system and to control what they
have access to. Finally, there’s
always more to learn. We’ll cover accessing
resources that support learning
new Linux commands. I remember when I first
learned about the command line and was shocked at the
capabilities it provided. I didn’t need to click through multiple screens
to get tasks done. Although it took some practice
and time to get used to, it has been one of the
biggest tools at my disposal. After this section, you’ll have a practical
experience in an area important to the work of a security analyst:
using Linux commands.
Video: Linux commands via the Bash shell
This article is about the basics of communicating with the Linux OS through the Bash shell. It covers what the shell is, why it is important for security analysts to have command line skills, and how to write basic Bash commands. The article also discusses the concept of arguments, which are specific pieces of information that are needed by some commands. Finally, the article emphasizes the importance of case sensitivity in Linux.
Linux commands via the Bash shell
The Bash shell is a command-line interface (CLI) for Linux and other Unix-like operating systems. It is the default shell on most Linux distributions. The Bash shell allows you to interact with the operating system by typing commands. Commands can be used to perform a variety of tasks, such as navigating the filesystem, managing files and directories, running programs, and configuring the system.
Getting started
To start the Bash shell, open a terminal emulator. Terminal emulators are programs that provide a text-based interface to the operating system. Some common terminal emulators include:
- GNOME Terminal (GNOME)
- Konsole (KDE Plasma)
- xterm
- Terminal (macOS)
Once you have opened a terminal emulator, you will see a prompt. The prompt is a symbol or sequence of symbols that indicates that the shell is ready for you to enter a command. The default prompt in the Bash shell is a dollar sign ($
).
To enter a command, simply type it at the prompt and press Enter. The shell will then execute the command. For example, to list the contents of the current directory, you would type the following command:
ls
Pressing Enter will execute the command and list the contents of the directory.
Basic commands
Here is a list of some of the most common Bash commands:
ls
: List the contents of a directory.cd
: Change directory.pwd
: Print the current working directory.mkdir
: Create a new directory.rmdir
: Remove a directory.touch
: Create a new file.rm
: Remove a file.cp
: Copy a file or directory.mv
: Move or rename a file or directory.cat
: Concatenate and print the contents of a file.grep
: Search for a pattern in a file.chmod
: Change the permissions of a file or directory.sudo
: Run a command with administrative privileges.
Arguments
Some commands take arguments. Arguments are specific pieces of information that are needed by the command. For example, the ls
command takes an argument to specify the directory that you want to list the contents of. To list the contents of the home directory, you would type the following command:
ls ~
The ~
symbol represents the home directory.
Command pipes
Command pipes allow you to chain together multiple commands so that the output of one command is used as the input to the next command. For example, to list all of the files in the current directory that have the .txt
extension, you could use the following command:
ls | grep \.txt
The ls
command will list the contents of the current directory and the grep
command will search for the .txt
extension. The output of the ls
command is piped to the grep
command so that the grep
command can search the output of the ls
command.
Conclusion
This is just a basic introduction to Linux commands via the Bash shell. There are many other commands and concepts that you can learn. For more information, please consult the Bash shell documentation or other online resources.
What is a Linux command?
An instruction telling the computer to do something
A Linux command is an instruction telling the computer to do something.
Welcome back. Before we get into specific Linux
commands, let’s explore in more
detail the basics of communicating with the
OS through the shell. Being able to utilize
Linux commands is a foundational skill for
all security professionals. As a security analyst,
you will work with server logs and you’ll need
to know how to navigate, manage and analyze files remotely without a
graphical user interface. In addition, you’ll
need to know how to verify and configure
users and group access. You’ll also need to
give authorization and set file permissions. That means that developing
skills with the command line is essential for your work
as a security analyst. When we learned about the Linux architecture, we learned that the shell is one of
the main components of an operating system. We also learned that there
are different shells. In this section, we’ll
utilize the Bash shell. Bash is the default shell in
most Linux distributions. For the most part, the key
Linux commands that you’ll be learning in this section
are the same across shells. Now that you know
what shell you’ll be using, let’s go into
how to write in Bash. As we discussed in
a previous section, communicating with your OS
is like a conversation. You type in commands, and the OS responds with an answer
to your command. A command is an instruction telling the computer
to do something. We’ll try out a command in Bash. Notice a dollar sign
before the cursor. This is your prompt to
enter a new command. Some commands might
tell the computer to find something like
a specific file. Others might tell it
to launch a program. Or, it might be to output a
specific string of text. In the last section, when we discussed input and output, we explored how the
echo command did this. Let’s input the
echo command again. You may notice that the command we just input is not complete. If we’re going to
use the echo command to output a specific string of texts, we need to specify
what the string of text is. This is what arguments are for. An argument is specific
information needed by a command. Some commands take
multiple arguments. So now let’s complete the echo
command with an argument. We’re learning some
pretty technical stuff, so how about we output the
words: “You are doing great!” We’ll add this argument, and then we’ll press enter
to get the output. In this example, our argument
was a string of text. Arguments can provide other
types of information as well. One thing that is really
important in Linux is that all commands and arguments
are case sensitive. This includes file
and directory names. Keep that in mind as you
learn more about how to use Linux in your day-to-day
tasks as a security analyst. Okay, now that we’ve
covered the basics of entering Linux
commands and arguments through the Bash
shell, we’re ready to learn some specific commands. This is exciting, so let’s
get to our next video!
Video: Core commands for navigation and reading files
This tutorial introduces the Linux file system and the basic commands for navigating it. The Linux file system is a hierarchical system, with the root directory at the top and subdirectories branching off from it. To navigate the file system, you can use the following commands:
pwd
: prints the working directoryls
: displays the names of files and directories in the current working directorycd
: changes directory
To read file content, you can use the following commands:
cat
: displays the content of a filehead
: displays the first few lines of a file
These commands are essential for security analysts, as they need to be able to navigate the file system to locate and analyze logs and other files.
Core commands for navigation and reading files in Linux
The Linux file system is a hierarchical system, with the root directory at the top and subdirectories branching off from it. To navigate the file system, you can use the following commands:
- pwd: prints the working directory
- ls: displays the names of files and directories in the current working directory
- cd: changes directory
To read file content, you can use the following commands:
- cat: displays the content of a file
- head: displays the first few lines of a file
- tail: displays the last few lines of a file
Examples:
- To print the working directory, type the following command:
” pwd “
- To display the names of files and directories in the current working directory, type the following command:
” ls “
- To change to the
logs
directory, type the following command:
” cd logs “
- To display the contents of the
access.txt
file, type the following command:
” cat access.txt “
- To display the first 10 lines of the
access.txt
file, type the following command:
” head access.txt “
- To display the last 10 lines of the
access.txt
file, type the following command:
” tail access.txt “
Other useful commands:
- mkdir: creates a new directory
- rmdir: removes an empty directory
- cp: copies a file or directory
- mv: moves or renames a file or directory
- touch: creates a new empty file
Example:
- To create a new directory called
new_dir
, type the following command:
” mkdir new_dir “
- To remove the
new_dir
directory, type the following command:
” rmdir new_dir “
- To copy the
access.txt
file to thenew_dir
directory, type the following command:
” cp access.txt new_dir “
- To move the
access.txt
file to thenew_dir
directory, type the following command:
” mv access.txt new_dir “
- To create a new empty file called
new_file.txt
, type the following command:
” touch new_file.txt “
Conclusion:
These are just a few of the core commands for navigation and reading files in Linux. By learning these commands, you will be able to move around the file system and access the files you need.
What does the ls command do?
It displays the names of files and directories in the current working directory.
The ls command displays the names of files and directories in the current working directory.
Welcome back. I hope
you’re learning a lot about how to communicate
with the Linux OS. As we continue our journey into utilizing the Linux
command line, we’ll focus on how to navigate
the Linux file system. Now, I want you to
imagine a tree. What did you notice
first about the tree? Would you say the
trunk or the branches? These might definitely
get your attention, but what about its roots? Everything about a tree
starts in the roots. Something similar
happens when we think about the
Linux file system. Previously, we learned about the components of the
Linux architecture. The Filesystem
Hierarchy Standard, or FHS, is the component of the Linux
OS that organizes data. This file system is a very important part
of Linux because everything we do in
Linux is considered a file somewhere in
the system’s directory. The FHS is a hierarchical system, and just like with a tree, everything grows and
branches out from the root. The root directory is the highest-level
directory in Linux. It’s designated by a single slash. Subdirectories branch off
from the root directory. The subdirectories branch out further and further away
from the root directory. When describing the directory
structure in Linux, slashes are used when tracing back through these
branches to the root. For example, here, the first slash indicates
the root directory. Then it branches out a level
into the home subdirectory. Another slash indicates it
is branching out again. This time it’s to the analyst subdirectory
that is located within home. When working in security, it is essential that
you learn to navigate a file system to locate
and analyze logs, such as log files. You’ll analyze
these log files for application usage
and authentication. With that background,
we’re now ready to learn the commands commonly used for navigating the file system. First, pwd prints the working
directory onto the screen. When you use this command, the output tells you which
directory you’re currently in. Next, ls displays the
names of files and directories in the current
working directory. And finally, cd navigates between
directories. This is the command you’ll use when you want to
change directories. Let’s use these
commands in Bash. First, we’ll type the command pwd to display the current
location and then press enter. The output is the path to the analyst directory where
we’re currently working. Next, let’s input ls to display the files and directories
within the analyst directory. The output is the name of four directories:
logs, oldreports, projects, and reports, and one
file named updates.txt. So let’s say we now want to go into the logs directory to check
for unauthorized access. We’ll input: cd logs to change directories. We won’t get any output on the screen from
the cd command, but if we enter pwd again, its output indicates that the
working directory is logs. Logs is a subdirectory of
the analyst directory. As a security analyst, you’ll also need
to know how to read file content in Linux. For example, you may need to read files that contain
configuration settings to identify potential
vulnerabilities. Or, you might look at user access reports while investigating
unauthorized access. When reading file content, there are some commands
that will help you. First, cat displays the
content of a file. This is useful,
but sometimes you won’t want the full
contents of a large file. In these cases, you can
use the head command. It displays just
the beginning of a file, by default ten lines. Let’s try out these commands. Imagine that we want to
read the contents of access.txt, and we’re already in the working
directory where it’s located. First, we input the cat command and then follow it with
the name of the file, access.txt. And Bash returns the full
contents of this file. Let’s compare that
to the head command. When we input the head command
followed by our file name, only the first 10 lines of
this file are displayed. Wow, this section had lots of action, and it’s
just the beginning! I’m glad you learned how
security analysts can use essential commands to
navigate the system. Next, we’ll explore how
to manage the system.
Reading: Navigate Linux and read file content
Reading
In this reading, you’ll review how to navigate the file system using Linux commands in Bash. You’ll further explore the organization of the Linux Filesystem Hierarchy Standard, review several common Linux commands for navigation and reading file content, and learn a couple of new commands.
Filesystem Hierarchy Standard (FHS)
Previously, you learned that the Filesystem Hierarchy Standard (FHS) is the component of Linux that organizes data. The FHS is important because it defines how directories, directory contents, and other storage is organized in the operating system.
This diagram illustrates the hierarchy of relationships under the FHS:
Under the FHS, a file’s location can be described by a file path. A file path is the location of a file or directory. In the file path, the different levels of the hierarchy are separated by a forward slash (/).
Root directory
The root directory is the highest-level directory in Linux, and it’s always represented with a forward slash (/). All subdirectories branch off the root directory. Subdirectories can continue branching out to as many levels as necessary.
Standard FHS directories
Directly below the root directory, you’ll find standard FHS directories. In the diagram, home, bin, and etc are standard FHS directories. Here are a few examples of what standard directories contain:
- /home: Each user in the system gets their own home directory.
- /bin: This directory stands for “binary” and contains binary files and other executables. Executables are files that contain a series of commands a computer needs to follow to run programs and perform other functions.
- /etc: This directory stores the system’s configuration files.
- /tmp: This directory stores many temporary files. The /tmp directory is commonly used by attackers because anyone in the system can modify data in these files.
- /mnt: This directory stands for “mount” and stores media, such as USB drives and hard drives.
Pro Tip: You can use the man hier command to learn more about the FHS and its standard directories.
User-specific subdirectories
Under home are subdirectories for specific users. In the diagram, these users are analyst and analyst2. Each user has their own personal subdirectories, such as projects, logs, or reports.
Note: When the path leads to a subdirectory below the user’s home directory, the user’s home directory can be represented as the tilde (~). For example, /home/analyst/logs can also be represented as ~/logs.
You can navigate to specific subdirectories using their absolute or relative file paths. The absolute file path is the full file path, which starts from the root. For example, /home/analyst/projects is an absolute file path. The relative file path is the file path that starts from a user’s current directory.
Note: Relative file paths can use a dot (.) to represent the current directory, or two dots (..) to represent the parent of the current directory. An example of a relative file path could be ../projects.
Key commands for navigating the file system
The following Linux commands can be used to navigate the file system: pwd, ls, and cd.
pwd
The pwd command prints the working directory to the screen. Or in other words, it returns the directory that you’re currently in.
The output gives you the absolute path to this directory. For example, if you’re in your home directory and your username is analyst, entering pwd returns /home/analyst.
Pro Tip: To learn what your username is, use the whoami command. The whoami command returns the username of the current user. For example, if your username is analyst, entering whoami returns analyst.
ls
The ls command displays the names of the files and directories in the current working directory. For example, in the video, ls returned directories such as logs, and a file called updates.txt.
Note: If you want to return the contents of a directory that’s not your current working directory, you can add an argument after ls with the absolute or relative file path to the desired directory. For example, if you’re in the /home/analyst directory but want to list the contents of its projects subdirectory, you can enter ls /home/analyst/projects or just ls projects.
cd
The cd command navigates between directories. When you need to change directories, you should use this command.
To navigate to a subdirectory of the current directory, you can add an argument after cd with the subdirectory name. For example, if you’re in the /home/analyst directory and want to navigate to its projects subdirectory, you can enter cd projects.
You can also navigate to any specific directory by entering the absolute file path. For example, if you’re in /home/analyst/projects, entering cd /home/analyst/logs changes your current directory to /home/analyst/logs.
Pro Tip: You can use the relative file path and enter cd .. to go up one level in the file structure. For example, if the current directory is /home/analyst/projects, entering cd .. would change your working directory to /home/analyst.
Common commands for reading file content
The following Linux commands are useful for reading file content: cat, head, tail, and less.
cat
The cat command displays the content of a file. For example, entering cat updates.txt returns everything in the updates.txt file.
head
The head command displays just the beginning of a file, by default 10 lines. The head command can be useful when you want to know the basic contents of a file but don’t need the full contents. Entering head updates.txt returns only the first 10 lines of the updates.txt file.
Pro Tip: If you want to change the number of lines returned by head, you can specify the number of lines by including -n. For example, if you only want to display the first five lines of the updates.txt file, enter head -n 5 updates.txt.
tail
The tail command does the opposite of head. This command can be used to display just the end of a file, by default 10 lines. Entering tail updates.txt returns only the last 10 lines of the updates.txt file.
Pro Tip: You can use tail to read the most recent information in a log file.
less
The less command returns the content of a file one page at a time. For example, entering less updates.txt changes the terminal window to display the contents of updates.txt one page at a time. This allows you to easily move forward and backward through the content.
Once you’ve accessed your content with the less command, you can use several keyboard controls to move through the file:
- Space bar: Move forward one page
- b: Move back one page
- Down arrow: Move forward one line
- Up arrow: Move back one line
- q: Quit and return to the previous terminal window
Key takeaways
It’s important for security analysts to be able to navigate Linux and the file system of the FHS. Some key commands for navigating the file system include pwd, ls, and cd. Reading file content is also an important skill in the security profession. This can be done with commands such as cat, head, tail, and less.
Practice Quiz: Test your knowledge: Navigate the Linux file system in Bash
What is a command?
An instruction that tells a computer to do something
A command is an instruction that tells a computer to do something.
Which of the following commands prints the working directory to the screen?
pwd
The pwd command prints the working directory to the screen.
What does the cd command do?
Navigates between directories
The cd command navigates between directories.
A security professional enters head access.txt into a shell. What are they telling the operating system to do?
Display the first 10 lines of access.txt
They are telling the operating system to display the first 10 lines of access.txt. The head command displays just the beginning of a file, by default 10 lines.
What is the difference between an absolute file path and a relative file path?
An absolute file path starts from the root, and a relative file path starts from the current directory.
An absolute file path is the full file path that starts from the root, and a relative file path is a shorter file path that starts from the current directory.
Manage file content in Bash
Video: Find what you need with Linux
The video teaches two ways to filter data in Linux: using the grep command and piping.
Using the grep command
The grep command searches a specified file and returns all lines in the file containing a specified string. For example, to search for all lines in the file updates.txt that contain the word “OS”, you would type the following command:
grep OS updates.txt
Using piping
Piping is a Linux command that can be used to send the output of one command as input to another command. This can be used to filter data by sending the output of one command as input to the grep command. For example, to return all files and directories in the reports directory that contain the word “users”, you would type the following command:
ls reports | grep users
The ls
command outputs the contents of the reports directory, which is then piped to the grep command. The grep command searches the output of the ls
command for all lines that contain the word “users”.
Conclusion
This video teaches two basic ways to filter data in Linux: using the grep command and piping. These are essential skills for security analysts, who often need to filter through large amounts of data to find specific information.
Tutorial on “Find what you need with Linux”
Linux is a powerful operating system that offers a variety of tools for finding and managing files. In this tutorial, we will learn some of the most basic and useful commands for finding files in Linux.
1. The find
command
The find
command is a versatile tool for finding files in Linux. It can be used to search for files by name, size, date, permissions, and other criteria.
To use the find
command, simply type the following syntax:
find [search path] [search criteria]
For example, to find all files in the current directory with the name “myfile.txt”, you would type the following command:
find . -name myfile.txt
You can also use the find
command to search for files in subdirectories. To do this, simply specify the path to the subdirectory in the search path.
For example, to find all files in the reports
directory with the name “myfile.txt”, you would type the following command:
find reports -name myfile.txt
The find
command also supports a variety of other search criteria, such as size, date, and permissions. For more information, please see the man
page for the find
command.
2. The grep
command
The grep
command is a powerful tool for searching for text within files. It can be used to find specific words, phrases, or regular expressions.
To use the grep
command, simply type the following syntax:
grep [search string] [file]
For example, to find all lines in the file “myfile.txt” that contain the word “hello”, you would type the following command:
grep hello myfile.txt
The grep
command can also be used to search for text within multiple files. To do this, simply specify the paths to the files in the file argument.
For example, to find all lines in the files “myfile.txt” and “myfile2.txt” that contain the word “hello”, you would type the following command:
grep hello myfile.txt myfile2.txt
The grep
command also supports a variety of other options, such as case sensitivity and regular expressions. For more information, please see the man
page for the grep
command.
3. The locate
command
The locate
command is a fast way to find files on your system. It works by searching a database of file locations that is updated regularly.
To use the locate
command, simply type the following syntax:
locate [search string]
For example, to find all files on your system with the name “myfile.txt”, you would type the following command:
locate myfile.txt
The locate
command is very fast, but it is important to note that it does not search in real time. This means that if you have recently created or moved a file, it may not show up in the results of the locate
command.
Conclusion
These are just a few of the many ways to find files in Linux. With a little practice, you will be able to find the files you need quickly and easily.
What command can you enter to search the log.txt file for all lines containing the string error?
grep error log.txt
You can enter grep error log.txt. The grep command searches a specified file and returns all lines in the file containing a specified string. Its first argument is the string you are searching for. Its second argument is the file you are searching through.
Now that we covered: pwd, ls, and cd and are familiar with these basic commands for navigating the
Linux file system, let’s look at a
couple of ways to find what you need
within this system. As a security analyst, your work will likely involve filtering for the
information you need. Filtering means searching
your system for specific information that can help you solve complex problems. For example, imagine
that your team determines a piece of malware contains a
string of characters. You might be tasked with
finding other files with the same string to determine if those files contain
the same malware. Later, we’ll learn
more about how you can use SQL to
filter a database, but Linux is a good place
to start basic filtering. First, we’ll start with grep. The grep command searches
a specified file and returns all lines in the file containing
a specified string. Here’s an example of this. Let’s say we have a file
called updates.txt, and we’re currently
looking for lines that contain the word: OS. If the file is large, it would take a long time
to visually scan for this. Instead, after navigating to the directory that
contains updates.txt, we’ll type the command: grep OS updates.txt into the shell. Notice how the grep command
is followed by two arguments. The first argument is the
string we’re searching for; in this case, OS. The second argument is
the name of the file we’re searching
through, updates.txt. When we press enter, Bash returns all lines
containing the word OS. Now let’s talk about piping. Piping is a Linux command that can be used for a
variety of purposes. In a moment, we’ll focus on how it can be used
for filtering. But first, let’s talk about
the general idea of piping. The piping command sends
a standard output of one command as standard input into another command
for further processing. It’s represented by the
vertical bar character. In our context, we can refer to this
as the pipe character. Take a moment and
imagine a physical pipe. Physical pipes have two ends. On one end, for example, water might enter the pipe
from a hot water tank. Then, it travels
through the pipe and comes out on the
other end in a sink. Similarly, in Linux, piping also involves
redirection. Output from one command
is sent through the pipe and then is used on
the other side of the pipe. Earlier in this video, I explained how grep can
be used to filter for strings of characters
within a file. Grep can also be
incorporated after a pipe. Let’s focus on this example. The first command, ls, instructs the operating
system to output the file and directory contents of
their reports subdirectory. But because the command
is followed by the pipe, the output isn’t
returned to the screen. Instead, it’s sent
to the next command. As we just learned, grep searches for a specified
string of characters; in this case, it’s users. But where is it searching? Since grep follows a pipe, the output of the
previous command indicates where to search. In this case, that
output is a list of files and directories within
the reports subdirectory. It will return all files and directories that
contain the word: users. Let’s explore this in Bash. So we can better understand
how the filter works, let’s first output everything
in the reports directory. If we were already
in the directory, we would just need to input ls. But since we’re not, we’ll also specify the path
to this directory. When we press enter, the output indicates there are seven files in the
reports directory. Because we want to return only the files that
contain the word users, we’ll combine this ls command with piping and
the grep command. As the output demonstrates, Linux has been
instructed to return only files that contain
the word users. The two files that don’t contain this string no longer appear. So now you have two different
ways that you can filter in Linux while
working as an analyst. Navigating through files and filtering are just part
of what you need to know. Let’s keep exploring
the Linux command line.
Reading: Filter content in Linux
Reading
In this reading, you’ll continue exploring Linux commands, which can help you filter for the information you need. You’ll learn a new Linux command, find, which can help you search files and directories for specific information.
Filtering for information
You previously explored how filtering for information is an important skill for security analysts. Filtering is selecting data that match a certain condition. For example, if you had a virus in your system that only affected the .txt files, you could use filtering to find these files quickly. Filtering allows you to search based on specific criteria, such as file extension or a string of text.
grep
The grep command searches a specified file and returns all lines in the file containing a specified string. The grep command commonly takes two arguments: a specific string to search for and a specific file to search through.
For example, entering grep OS updates.txt returns all lines containing OS in the updates.txt file. In this example, OS is the specific string to search for, and updates.txt is the specific file to search through.
Piping
The pipe command is accessed using the pipe character (|). Piping sends the standard output of one command as standard input to another command for further processing. As a reminder, standard output is information returned by the OS through the shell, and standard input is information received by the OS via the command line.
The pipe character (|) is located in various places on a keyboard. On many keyboards, it’s located on the same key as the backslash character (\). On some keyboards, the | can look different and have a small space through the middle of the line. If you can’t find the |, search online for its location on your particular keyboard.
When used with grep, the pipe can help you find directories and files containing a specific word in their names. For example, ls /home/analyst/reports | grep users returns the file and directory names in the reports directory that contain users. Before the pipe, ls indicates to list the names of the files and directories in reports. Then, it sends this output to the command after the pipe. In this case, grep users returns all of the file or directory names containing users from the input it received.
Note: Piping is a general form of redirection in Linux and can be used for multiple tasks other than filtering. You can think of piping as a general tool that you can use whenever you want the output of one command to become the input of another command.
find
The find command searches for directories and files that meet specified criteria. There’s a wide range of criteria that can be specified with find. For example, you can search for files and directories that
- Contain a specific string in the name,
- Are a certain file size, or
- Were last modified within a certain time frame.
When using find, the first argument after find indicates where to start searching. For example, entering find /home/analyst/projects searches for everything starting at the projects directory.
After this first argument, you need to indicate your criteria for the search. If you don’t include a specific search criteria with your second argument, your search will likely return a lot of directories and files.
Specifying criteria involves options. Options modify the behavior of a command and commonly begin with a hyphen (–).
-name and -iname
One key criteria analysts might use with find is to find file or directory names that contain a specific string. The specific string you’re searching for must be entered in quotes after the -name or -iname options. The difference between these two options is that -name is case-sensitive, and -iname is not.
For example, you might want to find all files in the projects directory that contain the word “log” in the file name. To do this, you’d enter find /home/analyst/projects -name “*log*”. You could also enter find /home/analyst/projects -iname “*log*”.
In these examples, the output would be all files in the projects directory that contain log surrounded by zero or more characters. The “*log*” portion of the command is the search criteria that indicates to search for the string “log”. When -name is the option, files with names that include Log or LOG, for example, wouldn’t be returned because this option is case-sensitive. However, they would be returned when -iname is the option.
Note: An asterisk (*) is used as a wildcard to represent zero or more unknown characters.
-mtime
Security analysts might also use find to find files or directories last modified within a certain time frame. The -mtime option can be used for this search. For example, entering find /home/analyst/projects -mtime -3 returns all files and directories in the projects directory that have been modified within the past three days.
The -mtime option search is based on days, so entering -mtime +1 indicates all files or directories last modified more than one day ago, and entering -mtime -1 indicates all files or directories last modified less than one day ago.
Note: The option -mmin can be used instead of -mtime if you want to base the search on minutes rather than days.
Key takeaways
Filtering for information using Linux commands is an important skill for security analysts so that they can customize data to fit their needs. Three key Linux commands for this are grep, piping (|), and find. These commands can be used to navigate and filter for information in the file system.
Video: Create and modify directories and files
In this video, you will learn about directories and files in Linux. You will also learn how to create, remove, copy, and move directories and files. Additionally, you will learn how to edit files using the nano file editor.
Here are some of the key takeaways from this video:
- Directories are used to organize files and subdirectories.
- The mkdir command creates a new directory.
- The rmdir command removes an empty directory.
- The touch command creates a new file.
- The rm command removes a file.
- The mv command moves a file or directory to a new location.
- The cp command copies a file or directory to a new location.
- The nano file editor is a popular text editor for beginners.
By learning these basic commands, you will be able to manage your directories and files more effectively.
Tutorial on creating and modifying directories and files in Linux:
Creating directories
To create a new directory in Linux, use the mkdir
command. The syntax for the mkdir
command is as follows:
mkdir directory_name
For example, to create a new directory called my_directory
, you would use the following command:
mkdir my_directory
You can create directories anywhere in the Linux filesystem, but it is generally a good practice to create them in a logical location. For example, you might want to create a directory for all of your work-related files in your home directory.
Creating files
To create a new file in Linux, use the touch
command. The syntax for the touch
command is as follows:
touch file_name
For example, to create a new file called myfile.txt
, you would use the following command:
touch myfile.txt
You can create files anywhere in the Linux filesystem, but it is generally a good practice to create them in a logical location. For example, you might want to create a file for all of your notes on a particular project in the directory for that project.
Removing directories
To remove a directory in Linux, use the rmdir
command. The syntax for the rmdir
command is as follows:
rmdir directory_name
For example, to remove the directory my_directory
, you would use the following command:
rmdir my_directory
You can only remove empty directories. If the directory contains any files or subdirectories, you will need to remove them first.
Removing files
To remove a file in Linux, use the rm
command. The syntax for the rm
command is as follows:
rm file_name
For example, to remove the file myfile.txt
, you would use the following command:
rm myfile.txt
Copying and moving files and directories
To copy a file or directory in Linux, use the cp
command. The syntax for the cp
command is as follows:
cp source_file/directory destination_file/directory
For example, to copy the file myfile.txt
to the directory /tmp
, you would use the following command:
cp myfile.txt /tmp
To move a file or directory in Linux, use the mv
command. The syntax for the mv
command is the same as the cp
command.
Editing files
To edit a file in Linux, you can use a text editor such as nano
or vim
. To open a file for editing in nano
, use the following command:
nano file_name
Once the file is open in nano
, you can make your changes and then save the file by pressing Ctrl
+O
. To exit nano
, press Ctrl
+X
.
Conclusion
These are just a few of the basic commands for creating, modifying, and removing directories and files in Linux. For more information, please consult the Linux man pages.
Which of the following commands can you use to create a new file?
touch
You can use the touch command to create a new file.
Let’s make some branches! What do I mean by that? Well, in a previous video, we discussed root
directories and how other subdirectories branch off of the root directory. Let’s think again about the file directory
system as a tree. The subdirectories are
the branches of the tree. They’re all connected
from the same root but can grow to make
a complex tree. In this video, we’ll create directories and files and
learn how to modify them. When it comes to
working with data in security, organization is key. If we know where
information is located, it makes it easier to detect issues and keep
information safe. In a previous video, we’ve already discussed
navigating between directories, but let’s take a moment to examine directories
more closely. It’s possible you’re
familiar with the concept of folders for
organizing information. In Linux, we have directories. Directories help organize
files and subdirectories. For example, within a
directory for reports, an analyst may need to
create two subdirectories: one for drafts and one
for final reports. Now that we know why
we need directories, let’s take a look at some essential
Linux commands for managing directories and files. First, let’s take note of commands for creating and
removing directories. The mkdir command
creates a new directory. In contrast, rmdir removes
or deletes a directory. A helpful feature
of this command is its built-in warning
that lets you know a directory is not empty. This saves you from
accidentally deleting files. Next, you’ll use other commands for creating
and removing files. The touch command
creates a new file, and then the rm command
removes or deletes a file. And last, we have our
commands for copying and moving files or directories. The mv command moves a file
or directory to new location, and cp copies a file or
directory into a new location. Now, we’re ready to try
out these commands. First, let’s use
the pwd command, and then let’s display the
names of the files and directories in the analyst
directory with the ls command. Imagine that we no longer need the oldreports directory that appears among the file contents. Let’s take a look at
how to remove it. We input the rmdir command
and follow it with the name of the directory we
want to remove: oldreports. We can use the ls
command to confirm that oldreports has been deleted and no longer appears
among the contents. Now, let’s make another change. We want a new directory
for drafts of reports. We need to use the command: mkdir and specify a name for
this directory: drafts. If we input ls again, we’ll notice the new
directory drafts included among the contents
of the analyst directory. Let’s change into
this new directory by entering: cd drafts. If we run ls, it doesn’t return any output, indicating that this
directory is currently empty. But next, we’ll add
some files to it. Let’s say we want to
draft new reports on recently installed
email and OS patches. To create these files, we input: touch email_patches.txt and then: touch OS_patches.txt. Running ls indicates that these files are now in
the drafts directory. What if we realize that we
only need a new report on OS patches and we want to delete the email
patches report? To do this, we input the rm
command and specify the file to delete as: email_patches.txt. Running ls confirms
that it’s been deleted. Now, let’s focus on our commands
for moving and copying. We realized that we have
a file called email policy in the reports folder that is currently
in draft format. We want to move it into the
newly created drafts folder. To do this, we need to change into the directory that
currently has that file. Running ls in that directory
indicates that it contains several files, including
email_policy.txt. Then to move that file, we’ll enter the mv command
followed by two arguments. The first argument after mv identifies
the file to be moved. The second argument
indicates where to move it. If we change directories into drafts and then
display its contents, we’ll notice that the
email policy file has been moved to
this directory. We’ll change back into reports. Displaying the file
contents confirms that email_policy is no longer there. Okay, one more thing.
vulnerabilities.txt is a file that we want to keep
in the reports directory. But since it affects
an upcoming project, we also want to copy it into
the project’s directory. Since we’re already in the
directory that has this file, we’ll use the cp command to copy it into the
projects directory. Notice that the first argument indicates which file to copy, and the second argument provides the path to the directory
that it will be copied into. When we press Enter, this copies the
vulnerabilities file into the projects
directory while also leaving the original
within reports. Isn’t it cool what we can
do with these commands? Now, let’s focus on one more concept related
to modifying files. In addition to using commands, you can also use applications
to help you edit files. As a security analyst, file editors are
often necessary for your daily tasks, like
writing or editing reports. A popular file editor is nano. It’s good for beginners. You can access this tool
through the nano command. Let’s get familiar
with nano together. We’ll add a title to our new draft report:
OS_patches.txt. First, we change into the directory
containing that file, then we input nano followed by the name
of the file we want to edit: OS_patches.txt. This brings up the nano file
editor with that file open. For now, we’ll just enter the title OS Patches by
typing this into the editor. We need to save this before returning to the command
line, and to do so, we press Ctrl+O and then enter to save it
with the current file name. Then to exit, we
press Ctrl+X. Great work! We’ve covered a lot
of topics here—from creating and removing
directories and files to copying or moving them, and just now, we’ve added editing files. You’re well on your way to
learning Linux commands!
Reading: Manage directories and files
Reading
Previously, you explored how to manage the file system using Linux commands. The following commands were introduced: mkdir, rmdir, touch, rm, mv, and cp. In this reading, you’ll review these commands, the nano text editor, and learn another way to write to files.
Creating and modifying directories
mkdir
The mkdir command creates a new directory. Like all of the commands presented in this reading, you can either provide the new directory as the absolute file path, which starts from the root, or as a relative file path, which starts from your current directory.
For example, if you want to create a new directory called network in your /home/analyst/logs directory, you can enter mkdir /home/analyst/logs/network to create this new directory. If you’re already in the /home/analyst/logs directory, you can also create this new directory by entering mkdir network.
Pro Tip: You can use the ls command to confirm the new directory was added.
rmdir
The rmdir command removes, or deletes, a directory. For example, entering rmdir /home/analyst/logs/network would remove this empty directory from the file system.
Note: The rmdir command cannot delete directories with files or subdirectories inside. For example, entering rmdir /home/analyst returns an error message.
Creating and modifying files
touch and rm
The touch command creates a new file. This file won’t have any content inside. If your current directory is /home/analyst/reports, entering touch permissions.txt creates a new file in the reports subdirectory called permissions.txt.
The rm command removes, or deletes, a file. This command should be used carefully because it’s not easy to recover files deleted with rm. To remove the permissions file you just created, enter rm permissions.txt.
Pro Tip: You can verify that permissions.txt was successfully created or removed by entering ls.
mv and cp
You can also use mv and cp when working with files. The mv command moves a file or directory to a new location, and the cp command copies a file or directory into a new location. The first argument after mv or cp is the file or directory you want to move or copy, and the second argument is the location you want to move or copy it to.
To move permissions.txt into the logs subdirectory, enter mv permissions.txt /home/analyst/logs. Moving a file removes the file from its original location. However, copying a file doesn’t remove it from its original location. To copy permissions.txt into the logs subdirectory while also keeping it in its original location, enter cp permissions.txt /home/analyst/logs.
Note: The mv command can also be used to rename files. To rename a file, pass the new name in as the second argument instead of the new location. For example, entering mv permissions.txt perm.txt renames the permissions.txt file to perm.txt.
nano text editor
nano is a command-line file editor that is available by default in many Linux distributions. Many beginners find it easy to use, and it’s widely used in the security profession. You can perform multiple basic tasks in nano, such as creating new files and modifying file contents.
To open an existing file in nano from the directory that contains it, enter nano followed by the file name. For example, entering nano permissions.txt from the /home/analyst/reports directory opens a new nano editing window with the permissions.txt file open for editing. You can also provide the absolute file path to the file if you’re not in the directory that contains it.
You can also create a new file in nano by entering nano followed by a new file name. For example, entering nano authorized_users.txt from the /home/analyst/reports directory creates the authorized_users.txt file within that directory and opens it in a new nano editing window.
Since there isn’t an auto-saving feature in nano, it’s important to save your work before exiting. To save a file in nano, use the keyboard shortcut Ctrl + O. You’ll be prompted to confirm the file name before saving. To exit out of nano, use the keyboard shortcut Ctrl + X.
Note: Vim and Emacs are also popular command-line text editors.
Standard output redirection
There’s an additional way you can write to files. Previously, you learned about standard input and standard output. Standard input is information received by the OS via the command line, and standard output is information returned by the OS through the shell.
You’ve also learned about piping. Piping sends the standard output of one command as standard input to another command for further processing. It uses the pipe character (|).
In addition to the pipe (|), you can also use the right angle bracket (>) and double right angle bracket (>>) operators to redirect standard output.
When used with echo, the > and >> operators can be used to send the output of echo to a specified file rather than the screen. The difference between the two is that > overwrites your existing file, and >> adds your content to the end of the existing file instead of overwriting it. The > operator should be used carefully, because it’s not easy to recover overwritten files.
When you’re inside the directory containing the permissions.txt file, entering echo “last updated date” >> permissions.txt adds the string “last updated date” to the file contents. Entering echo “time” > permissions.txt after this command overwrites the entire file contents of permissions.txt with the string “time”.
Note: Both the > and >> operators will create a new file if one doesn’t already exist with your specified name.
Key takeaways
Knowing how to manage the file system in Linux is an important skill for security analysts. Useful commands for this include: mkdir, rmdir, touch, rm, mv, and cp. When security analysts need to write to files, they can use the nano text editor, or the > and >> operators.
Practice Quiz: Test your knowledge: Manage file content in Bash
What two arguments commonly follow the grep command?
The string to search for and the file to search through
The grep command is commonly followed by the string to search for and the file to search through. It is used to search files for specified strings.
In Linux, what does the piping command (|) do?
It sends the standard output of one command as standard input to another command for further processing.
The piping command (|) sends the standard output of one command as standard input to another command for further processing.
A security professional enters cp vulnerabilities.txt /home/analyst/projects into the command line. What do they want the operating system to do?
Copy the vulnerabilities.txt file into the projects directory
They want the operating system to copy the vulnerabilities.txt file into the projects directory. The original version of the file or directory will also remain in its original location.
What command creates a new file called failed_logins.txt?
touch failed_logins.txt
The command touch failed_logins.txt creates a new file called failed_logins.txt. The touch command is used to create a new file.
Authenticate and authorize users
Video: File permissions and ownership
- Permissions: The type of access granted for a file or directory.
- Authorization: Granting access to specific resources in a system.
- Three types of permissions in Linux: Read, write, and execute.
- Three types of owners: User, group, and other.
- File permissions are represented with a 10-character string: First character is file type, second, third, and fourth characters indicate permissions for the user, fifth, sixth, and seventh characters indicate permissions for the group, eighth through tenth characters indicate permissions for other.
- Ensuring files and directories have appropriate access permissions is critical to protecting sensitive files.
- Checking permissions:
- ls -l: Displays permissions to files and directories.
- ls -a: Displays hidden files and identifies their permissions.
- ls -la: Displays permissions to files and directories, including hidden files.
Examples
- If someone outside of the payroll group could read the payroll file, this would be a privacy concern.
- If the user, the group, and other can all write to a file, this is considered a world-writable file. World-writable files can pose significant security risks.
Conclusion
This video provided an overview of file and directory permissions in Linux, including their importance for security. It also demonstrated how to check permissions using the ls command.
File permissions and ownership in Linux
What are file permissions?
File permissions in Linux control who can access and modify files and directories. There are three types of permissions: read, write, and execute.
- Read: Allows users to view the contents of a file or directory.
- Write: Allows users to modify the contents of a file or directory.
- Execute: Allows users to run a file as a program.
Who are the owners of a file or directory?
Files and directories in Linux have two types of owners: user and group.
- User: The user who created the file or directory.
- Group: The group that the user belongs to.
How are file permissions represented?
File permissions in Linux are represented by a string of characters. The first character indicates the type of file (regular file, directory, symbolic link, etc.). The remaining characters indicate the permissions for the user, group, and other (all other users on the system).
How to check file permissions
To check the permissions of a file or directory, use the ls -l
command. This will list all of the files and directories in the current directory, along with their permissions.
For example, to check the permissions of the file myfile.txt
, you would use the following command:
ls -l myfile.txt
This would output something like the following:
-rw-r--r-- 1 user group 1024 Oct 11 10:00 myfile.txt
The first character (-
) indicates that this is a regular file. The next three characters (rw-
) indicate the permissions for the user: read and write. The next three characters (r--
) indicate the permissions for the group: read only. The next three characters (r--
) indicate the permissions for other: read only.
How to change file permissions
To change the permissions of a file or directory, use the chmod
command. The chmod
command takes a permission string as its argument. The permission string can be in symbolic format (e.g. rwxr-xr-x
) or in octal format (e.g. 755
).
For example, to change the permissions of the file myfile.txt
so that everyone can read and write to it, you would use the following command:
chmod 777 myfile.txt
How to change file ownership
To change the ownership of a file or directory, use the chown
command. The chown
command takes a username and a group name as its arguments.
For example, to change the ownership of the file myfile.txt
to the user newuser
and the group newgroup
, you would use the following command:
chown newuser:newgroup myfile.txt
Best practices for file permissions
- Use the least restrictive permissions possible. For example, if you only need to read a file, give yourself read permission and remove the write and execute permissions.
- Don’t give world-writable permissions to any files unless absolutely necessary. World-writable files are a security risk because anyone can modify them.
- Use groups to manage file permissions for multiple users. This makes it easier to change the permissions for a group of users at once.
Conclusion
File permissions and ownership in Linux are important for protecting your data and ensuring that only authorized users have access to your files and directories. By understanding how file permissions work, you can configure your system to be more secure.
Hi there. It’s great
to have you back! Let’s continue to learn
more about how to work in Linux as a
security analyst. In this video, we’ll explore file and directory
permissions. We’ll learn how Linux
represents permissions and how you can check
for the permissions associated with files
and directories. Permissions are the type of access granted for a
file or directory. Permissions are related
to authorization. Authorization is the
concept of granting access to specific
resources in a system. Authorization
allows you to limit access to specified
files or directories. A good rule to follow is that data access is on a
need-to-know basis. You can imagine
the security risk it would impose if anyone could access or modify anything they wanted
to on a system. There are three types
of permissions in Linux that an authorized
user can have. The first type of
permission is read. On a file, read permissions means contents on the
file can be read. On a directory, this permission
means you can read all files in that directory. Next are write permissions. Write permissions
on a file allow modifications of
contents of the file. On a directory, write
permissions indicate that new files can be created
in that directory. Finally, there are also
execute permissions. Execute permissions
on files mean that the file can be executed if
it’s an executable file. Execute permissions on
directories allow users to enter into a directory
and access its files. Permissions are granted for three different types of owners. The first type is the user. The user is the
owner of the file. When you create a file, you become the
owner of the file, but the ownership
can be changed. Group is the next type. Every user is a part
of a certain group. A group consists
of several users, and this is one way to manage
a multi-user environment. Finally, there is other. Other can be considered all
other users on the system. Basically, anyone
else with access to the system belongs
to this group. In Linux, file permissions are represented with a
10-character string. For a directory with full
permissions for the user group, this string would be: drwxrwxrwx. Let’s examine what this
means more closely. The first character
indicates the file type. As shown in this example, d is used to indicate
it is a directory. If this character contains
a hyphen instead, it would be a regular file. The second, third, and fourth characters indicate
the permissions for the user. In this example, r indicates the user
has read permissions, w indicates the user
has write permissions, and x indicates the user
has execute permissions. If one of these
permissions was missing, there would be a hyphen
instead of the letter. In the same way,
the fifth, sixth, and seventh characters indicate permissions for the
next owner type group. As it shows here, the type group also has read, write, and execute permissions. There are no hyphens
to indicate that any of these permissions
haven’t been granted. Finally, the eighth through tenth characters indicate permissions for
the last owner type: other. They also have read, write, and execute permissions
in this example. Ensuring files and
directories are set with their appropriate
access permissions is critical to protecting
sensitive files and maintaining the overall
security of a system. For example, payroll departments handle sensitive information. If someone outside of the payroll group
could read this file, this would be a privacy concern. Another example
is when the user, the group, and other can
all write to a file. This type of file is considered
a world-writable file. World-writable files can pose
significant security risks. So how do we check permissions? First, we need to understand
what options are. Options modify the
behavior of the command. The options for a command can be a single letter
or a full word. Checking permissions
involves adding options to the ls command. First, ls -l displays permissions to files
and directories. You might also want to display hidden files and identify
their permissions. Hidden files, which begin with a period before their name, don’t normally appear when you use
ls to display file contents. Entering ls -a
displays hidden files. Then you can combine these
two options to do both. Entering ls -la
displays permissions to files and directories,
including hidden files. Let’s get into Bash and
try out these options. Right now, we’re in the
project subdirectory. First, let’s use the ls command
to display its contents. The output displays the
files in this directory, but we don’t know anything
about their permissions. By using ls -l instead, we get expanded information on these files. Let’s do this. The file names are now on
the right side of each row. The first piece of
information in each row shows the permissions in the format that we
discussed earlier. Since these are all files
and not directories, notice how the first
character is a hyphen. Let’s focus on one specific
file: project1.txt. The second through fourth
characters of its permissions show us the user has both read and
write permissions but lacks execute permissions. In both the fifth through seventh characters and eighth
through tenth characters, the sequence is r–. This means group and other
have only read privileges. After the permissions, ls -l
first displays the username. Here, that’s us, analyst. Next comes the group name; in our case, the security group. Now let’s use ls -a The output includes
two more files—hidden files with the
names: .hidden1.txt and .hidden2.txt Finally, we can also use ls -la to show the
permissions for all files, including these hidden files. I thought that was pretty
interesting. Did you? You now know a little more about file permissions and ownership. This will be helpful
when working in security because monitoring and setting correct permissions is essential for
protecting information. Take a small break and
meet me in the next video.
When working with a directory, what do write permissions allow users to do?
Create new files in that directory
When working with a directory, write permissions allow users to create new files in that directory.
Video: Change permissions
This video discusses how to use the chmod command to change permissions for files and directories in Linux. The chmod command uses symbolic mode, which identifies the owner type (user, group, or other) and the type of permission (read, write, or execute) to be changed. Additionally, mathematical operators are used to indicate whether to add or remove permissions.
The example provided in the video demonstrates how to add write permissions for the group and remove read permissions for others for a file named access.txt. This is done using the following command:
chmod g+w,o-r access.txt
The video concludes by encouraging viewers to practice using chmod in order to become more comfortable with the command.
Introduction to Changing Permissions in Linux
Permissions are a crucial aspect of Linux security, allowing you to control who can access, modify, or execute files and directories. Understanding how to change permissions is essential for managing your system effectively.
Understanding Permission Syntax
Linux permissions are represented by a string of characters, typically three sets of three characters each. Each set represents the permissions for a specific user group:
- u: User (the file owner)
- g: Group (the file group)
- o: Others (all users not belonging to the file owner’s group)
Each character within a set represents a specific permission:
- r: Read permission (ability to read file contents)
- w: Write permission (ability to modify file contents)
- x: Execute permission (ability to run a file as a program)
The absence of a permission is indicated by a hyphen (-
).
Using the chmod Command
The chmod
command is used to modify file and directory permissions. Its syntax is as follows:
chmod <options> <file/directory>
Where:
<options>
: Permission changes to apply<file/directory>
: Path to the file or directory to modify permissions for
Changing Permissions with Symbolic Mode
Symbolic mode provides a user-friendly way to modify permissions. It allows you to specify which user group and permission types to add or remove.
Adding Permissions
To add permissions, use a plus sign (+
) followed by the permission characters. For example, to add write permission for the group and read permission for others to a file named myfile.txt
, use the following command:
chmod g+w,o+r myfile.txt
Removing Permissions
To remove permissions, use a minus sign (-
) followed by the permission characters. For example, to remove write permission for the user and execute permission for others from a file named myfile.txt
, use the following command:
chmod u-w,o-x myfile.txt
Setting Absolute Permissions
Absolute mode allows you to specify the exact permissions for each user group. Use three sets of three characters, each representing the permissions for the user, group, and others, respectively.
For instance, to set the permissions for a file named myfile.txt
to allow read and execute permission for the user, read and write permission for the group, and no permissions for others, use the following command:
chmod 750 myfile.txt
Changing Permissions Recursively
To change permissions for a directory and all files and subdirectories within it, use the -R
option. For example, to add write permission for the group to all files and subdirectories within the mydirectory
directory, use the following command:
chmod -R g+w mydirectory
Conclusion
Changing permissions is an essential task for managing file and directory access in Linux. By understanding the permission syntax and using the chmod
command effectively, you can control who can access, modify, or execute your files and directories, ensuring the security and integrity of your system.
Hi there! In the previous video, you learned how to check
permissions for a user. In this video, we’re going to learn about
changing permissions. When working as a
security analyst, there may be many reasons to change permissions for a user. A user may have
changed departments or been assigned to a
different work group. A user might simply no
longer be working on a project that requires
certain permissions. These changes are necessary
in order to protect system files from being accidentally or deliberately
altered or deleted. Let’s explore a related command that helps control this access. In this video, we’ll
learn about chmod. chmod changes permissions
on files and directories. The command chmod
stands for change mode. There are two modes for
changing permissions, but we’ll focus on
symbolic. The best way to learn about how chmod works
is through an example. I know this has a
lot of details, but we’ll break this down. Also, please keep in mind that,
like many Linux commands, you don’t have to memorize the information and can
always find a reference. With chmod, you need
to identify which file or directory you want
to adjust permissions for. This is the final argument, in this case, a file
named: access.txt. The first argument,
added directly after the chmod command, indicates
how to change permissions. Right now, this might
seem hard to interpret, but soon we’ll understand why this is called symbolic mode. Previously, we learned
about the three types of owners: user,
group, and other. To identify these with chmod, we use u to represent the user, g to represent the group, and o to represent other. In this particular example, g indicates we will make some changes to
group permissions, and o to permissions for other. These owner types are separated by a comma in this argument. But do we want to add or
take away permissions? Well, for this, we use
mathematical operators. So, the plus sign after g means we want to add
permissions for group. The minus sign after o means we want to take
them away from other. And the last question
is: what kind of changes? We’ve already learned that r
represents read permissions, w represents write permissions, and x represents
execute permissions. So in this case, the w indicates that we’re adding write
permissions to the group, and r indicates
that we are taking away read permissions
from other. This is still very complex. But now that we’ve
broken it down, perhaps it doesn’t seem quite so much like a foreign language. And remember, you don’t have
to memorize this all. Let’s give this
new command a try. We’ll start out in the
logs sub-directory. If we use the ls -l command, it will output the
permissions for the file. It shows the permissions
for the only file in this directory: access.txt. Previously, we learned how
to read these permissions. The second through
fourth characters indicate that the user has
read and write permissions. The fifth through
seventh characters show the group only
has read permissions. And the eighth to tenth
characters show that other only has
read permissions. We need to adjust
these permissions. We want to ensure analysts in the security group
have write permission, but takeaway read permissions
from the owner-type other, so we add write permissions for group and remove read
permissions for other. Let’s run ls -l again. This shows a change in the
permissions for access.txt. Notice how in the middle segment of permissions for the group, w has been added to
give write permissions. And another change is that the r has been removed
in the last segment, indicating that read permissions for other have been removed. As mentioned earlier,
these hyphens indicate a lack of permissions. Now, other is lacking
all permissions. Though it requires practice, working in Linux becomes
more natural with time. I’m glad you’re
learning a little more about how to use Linux.
If you want to change the permissions on an approved_users.txt file, which command can you use?
chmod
If you want to change the permissions on an approved_users.txt file, you can use chmod. The chmod command changes permissions on files and directories.
Reading: Permission commands
Reading
Previously, you explored file permissions and the commands that you can use to display and change them. In this reading, you’ll review these concepts and also focus on an example of how these commands work together when putting the principle of least privilege into practice.
Reading permissions
In Linux, permissions are represented with a 10-character string. Permissions include:
- read: for files, this is the ability to read the file contents; for directories, this is the ability to read all contents in the directory including both files and subdirectories
- write: for files, this is the ability to make modifications on the file contents; for directories, this is the ability to create new files in the directory
- execute: for files, this is the ability to execute the file if it’s a program; for directories, this is the ability to enter the directory and access its files
These permissions are given to these types of owners:
- user: the owner of the file
- group: a larger group that the owner is a part of
- other: all other users on the system
Each character in the 10-character string conveys different information about these permissions. The following table describes the purpose of each character:
Character | Example | Meaning |
---|---|---|
1st | drwxrwxrwx | file typed for directory– for a regular file |
2nd | drwxrwxrwx | read permissions for the userr if the user has read permissions– if the user lacks read permissions |
3rd | drwxrwxrwx | write permissions for the userw if the user has write permissions– if the user lacks write permissions |
4th | drwxrwxrwx | execute permissions for the userx if the user has execute permissions– if the user lacks execute permissions |
5th | drwxrwxrwx | read permissions for the groupr if the group has read permissions– if the group lacks read permissions |
6th | drwxrwxrwx | write permissions for the groupw if the group has write permissions– if the group lacks write permissions |
7th | drwxrwxrwx | execute permissions for the groupx if the group has execute permissions– if the group lacks execute permissions |
8th | drwxrwxrwx | read permissions for otherr if the other owner type has read permissions– if the other owner type lacks read permissions |
9th | drwxrwxrwx | write permissions for otherw if the other owner type has write permissions– if the other owner type lacks write permissions |
10th | drwxrwxrwx | execute permissions for otherx if the other owner type has execute permissions– if the other owner type lacks execute permissions |
Exploring existing permissions
You can use the ls command to investigate who has permissions on files and directories. Previously, you learned that ls displays the names of files in directories in the current working directory.
There are additional options you can add to the ls command to make your command more specific. Some of these options provide details about permissions. Here are a few important ls options for security analysts:
- ls -a: Displays hidden files. Hidden files start with a period (.) at the beginning.
- ls -l: Displays permissions to files and directories. Also displays other additional information, including owner name, group, file size, and the time of last modification.
- ls -la: Displays permissions to files and directories, including hidden files. This is a combination of the other two options.
Changing permissions
The principle of least privilege is the concept of granting only the minimal access and authorization required to complete a task or function. In other words, users should not have privileges that are beyond what is necessary. Not following the principle of least privilege can create security risks.
The chmod command can help you manage this authorization. The chmod command changes permissions on files and directories.
Using chmod
The chmod command requires two arguments. The first argument indicates how to change permissions, and the second argument indicates the file or directory that you want to change permissions for. For example, the following command would add all permissions to login_sessions.txt:
chmod u+rwx,g+rwx,o+rwx login_sessions.txt
If you wanted to take all the permissions away, you could use
chmod u-rwx,g-rwx,o-rwx login_sessions.txt
Another way to assign these permissions is to use the equals sign (=) in this first argument. Using = with chmod sets, or assigns, the permissions exactly as specified. For example, the following command would set read permissions for login_sessions.txt for user, group, and other:
chmod u=r,g=r,o=r login_sessions.txt
This command overwrites existing permissions. For instance, if the user previously had write permissions, these write permissions are removed after you specify only read permissions with =.
The following table reviews how each character is used within the first argument of chmod:
Character | Description |
---|---|
u | indicates changes will be made to user permissions |
g | indicates changes will be made to group permissions |
o | indicates changes will be made to other permissions |
+ | adds permissions to the user, group, or other |
– | removes permissions from the user, group, or other |
= | assigns permissions for the user, group, or other |
Note: When there are permission changes to more than one owner type, commas are needed to separate changes for each owner type. You should not add spaces after those commas.
The principle of least privilege in action
As a security analyst, you may encounter a situation like this one: There’s a file called bonuses.txt within a compensation directory. The owner of this file is a member of the Human Resources department with a username of hrrep1. It has been decided that hrrep1 needs access to this file. But, since this file contains confidential information, no one else in the hr group needs access.
You run ls -l to check the permissions of files in the compensation directory and discover that the permissions for bonuses.txt are -rw-rw—-. The group owner type has read and write permissions that do not align with the principle of least privilege.
To remedy the situation, you input chmod g-rw bonuses.txt. Now, only the user who needs to access this file to carry out their job responsibilities can access this file.
Key takeaways
Managing directory and file permissions may be a part of your work as a security analyst. Using ls with the -l and -la options allows you to investigate directory and file permissions. Using chmod allows you to change user permissions and ensure they are aligned with the principle of least privilege.
Quiz: Portfolio Activity: Use Linux commands to manage file permissions
Reading
Activity Overview
In this activity, you will create a new portfolio document to demonstrate your experience using Linux commands to manage file permissions. You can add this document to your cybersecurity portfolio, which you can share with prospective employers or recruiters. To review the importance of building a professional portfolio and options for creating your portfolio, read Create a cybersecurity portfolio.
To create your portfolio document, you will review a scenario and follow a series of steps. This scenario is connected to the lab you have just completed about how to examine and manage file permissions. You will explain the commands you used in that lab, and this will help you prepare for future job interviews and other steps in the hiring process.
Be sure to complete this activity and answer the questions that follow before moving on. The next course item will provide you with a completed exemplar to compare to your own work.
Scenario
Review the scenario below. Then, complete the step-by-step instructions.
You are a security professional at a large organization. You mainly work with their research team. Part of your job is to ensure users on this team are authorized with the appropriate permissions. This helps keep the system secure.
Your task is to examine existing permissions on the file system. You’ll need to determine if the permissions match the authorization that should be given. If they do not match, you’ll need to modify the permissions to authorize the appropriate users and remove any unauthorized access.
Note: This scenario involves investigating and updating the same file permissions as the ones in the Manage authorization lab. You can revisit the lab to get screenshots to include in your portfolio document. If you choose, it’s also possible to complete this activity without revisiting the lab by typing your commands in the template.
Step-By-Step Instructions
Follow the instructions to complete each step of the activity. Then, answer the 8 questions at the end of the activity before going to the next course item to compare your work to a completed exemplar.
Step 1: Access the template
To use the template for this course item, click the following link and select Use Template. (In this step, you will just open the template. More instructions for how to use the template will be included in later steps.)
Link to template: File permissions in Linux
Step 2: Access supporting materials
The following supporting materials will help you complete this activity. Keep them open as you proceed to the next steps.
To use the supporting materials for this course item, click the links.
The Instructions for including Linux commands document provides instructions and best practices for including samples of Linux commands in your portfolio activity.
Link to supporting material: Instructions for including Linux commands
The Current file permissions document demonstrates how the file structure is built for this portfolio activity. The file permissions for each file or directory are also provided.
Link to supporting material: Current file permissions
Note: It is recommended that you use the Manage authorization lab to complete this portfolio activity. If you’re revisiting the lab, using the Current file permissions document is optional because this file structure has already been created for you.
Step 3: Check file and directory details
In the Manage authorization lab, check the permissions set for files and subdirectories in the projects directory. Make sure you display all permissions, including hidden files. Or, use the content of Current file permissions document to determine the current permissions.
Describe the command you can use to check permissions in the Check file and directory details section of the File permissions in Linux template. From the lab, take a screenshot of the Linux command you used. Or, type this command directly into the template.
Then, use either the output of this command in the lab or the content or the Current file permissions document to indicate the current permissions. If using the Current file permissions document, write these in the 10-character string that would be part of the command’s output.
Step 5: Change file permissions
The organization does not allow other to have write access to any files. Based on the permissions established in Step 3, identify which file needs to have its permissions modified. Use a Linux command to modify these permissions.
Describe the command you used and its output in the Change file permissions section of the File permissions in Linux template. In the Manage authorization lab, take a screenshot of the Linux command you used. Or, type this command directly into the template.
Step 6: Change file permissions on a hidden file
The research team has archived .project_x.txt, which is why it’s a hidden file. This file should not have write permissions for anyone, but the user and group should be able to read the file. Use a Linux command to assign .project_x.txt the appropriate authorization.
Describe the command you used and its output in the Change file permissions on a hidden file section of the File permissions in Linux template. In the Manage authorization lab, take a screenshot of the Linux command you used. Or, type this command directly into the template.
Step 7: Change directory permissions
The files and directories in the projects directory belong to the researcher2 user. Only researcher2 should be allowed to access the drafts directory and its contents. Use a Linux command to modify the permissions accordingly.
Describe the command you used and its output in the Change directory permissions section of the File permissions in Linux template. In the Manage authorization lab, take a screenshot of the Linux command you used. Or, type this command directly into the template.
Step 8: Finalize your document
To finalize the document and make its purpose clear to potential employers, be sure to complete the Project description and Summary sections of the File permissions in Linux template.
In the Project description section, give a general overview of the scenario and what you accomplish through Linux. Write two to four sentences.
In the Summary section, provide a short summary of the previous tasks and connect them to the scenario. Write approximately two to four sentences.
What to Include in Your Response
Be sure to include the following in your completed activity:
- Screenshots of your commands or typed versions of the commands
- Explanations of your commands
- A project description at the beginning
- A summary at the end
- Details on using chmod to update file permissions
- Details on checking file permissions with ls -la
- Details on interpreting the 10-character string that represents file permissions
- Details on hidden files and directories
Reading: Portfolio Activity Exemplar: Use Linux commands to manage file permissions
Reading
Completed Exemplar
To review the exemplar for this course item, click the following link and select Use Template.
Link to exemplar: File permissions in Linux
Assessment of Exemplar
Compare the exemplar to your completed activity. Review your work using each of the criteria in the exemplar. What did you do well? Where can you improve? Use your answers to these questions to revise your project as needed and guide you as you continue to progress through the certificate program.
Note: The exemplar represents one possible way to complete the Use Linux commands to manage file permissions portfolio activity. Yours will likely differ in certain ways. What’s important is that you understand how to use Linux commands to manage file permissions.
The exemplar uses details from the given scenario and includes the following:
- Screenshots of commands or typed versions of the commands
- Explanations of commands
- A project description at the beginning
- A summary at the end
- Details on using chmod to update file permissions
- Details on checking file permissions with ls -la
- Details on interpreting the 10-character string that represents file permissions
- Details on hidden files and directories
Video: Add and delete users
Why add and delete users?
- To allow new users to access the system
- To remove access from users who leave the organization or change groups
- To maintain security and accountability
What is a root user?
A root user, or superuser, has elevated privileges to modify the system. Regular users have limitations, while the root does not.
Why is running commands as a root user problematic?
- Security risks: Malicious actors will try to breach the root account.
- Irreversible mistakes: It is easy to type the wrong command in the CLI and accidentally delete important files or directories.
- Accountability: In a multi-user environment, it is difficult to track who ran a command if the user is running as root.
What is sudo?
Sudo is a command that temporarily grants elevated permissions to specific users. This provides a more controlled approach compared to root, which runs every command with root privileges.
How to add users with sudo and useradd
To add a user with sudo and useradd:
- Use the sudo command.
- Use the useradd command.
- Specify the username of the user you want to add.
How to delete users with sudo and userdel
To delete a user with sudo and userdel:
- Use the sudo command.
- Use the userdel command.
- Specify the username of the user you want to delete.
Best practices for using sudo
- Use sudo sparingly and only when necessary.
- Be careful when running commands with sudo, as it is easy to make irreversible mistakes.
- Only grant sudo privileges to users who need them.
Conclusion
Adding and deleting users is an important part of system administration. By following the best practices outlined in this video, you can help to ensure a secure and efficient system.
Tutorial on Adding and Deleting Users in Linux
Prerequisites:
- A Linux operating system
- A user account with sudo privileges
Adding a user
To add a new user to your Linux system, use the useradd
command. This command requires sudo privileges, so you will need to prefix it with the sudo
command.
For example, to add a new user named newuser
, you would use the following command:
sudo useradd newuser
This will create a new user account with the default settings. You can customize the settings by passing additional options to the useradd
command. For example, to create a user account with the home directory /home/newuser
and the primary group newusers
, you would use the following command:
sudo useradd -d /home/newuser -g newusers newuser
Deleting a user
To delete a user from your Linux system, use the userdel
command. This command also requires sudo privileges.
For example, to delete the user newuser
, you would use the following command:
sudo userdel newuser
This will delete the user account, but not the user’s home directory or any files in that directory. To delete the user’s home directory and all files in it, you can use the rm -rf
command. However, be careful when using the rm -rf
command, as it is irreversible.
Example
The following example shows how to add and delete a user in Linux:
# Add a new user named `newuser`
sudo useradd newuser
# Set the password for the new user
sudo passwd newuser
# Delete the user `newuser`
sudo userdel newuser
Conclusion
Adding and deleting users is an important part of system administration. By following the steps outlined in this tutorial, you can easily add and delete users on your Linux system.
Welcome back! In
this video, we are going to discuss adding
and deleting users. This is related to the
concept of authentication. Authentication is the
process of a user proving that they
are who they say they are in the system. Just like in a
physical building, not all users should
be allowed in. Not all users should get
access to the system. But we also want to
make sure everyone who should have access
to the system has it. That’s why we need to add users. New users can be new to the organization
or new to a group. This could be related
to a change in organizational structure
or simply a directive from management to move someone. And also, when users leave
the organization, they need to be deleted. They should no longer have access to any part
of the system. Or if they simply
changed groups, they should be
deleted from groups that they are no
longer a part of. Now that we’ve
sorted out why it’s important to add
and delete users, let’s discuss a different
type of user, the root user. A root user, or superuser, is a user with elevated
privileges to modify the system. Regular users have limitations, where the root does not. Individuals who need to perform specific tasks can be temporarily
added as root users. Root users can create, modify, or delete any file
and run any program. Only root users or accounts with root privileges
can add new users. So you may be wondering how
you become a superuser. Well, one way is logging
in as the root user, but running commands
as the root user is considered to be bad
practice when using Linux. Why is running commands as a root user
potentially problematic? The first problem
with logging in as root is the security risks. Malicious actors will try
to breach the root account. Since it’s the most powerful
account, to stay safe, the root account should
have logins disabled. Another problem
is that it’s very easy to make
irreversible mistakes. It’s very easy to type the
wrong command in the CLI, and if you’re running
as the root user, you run a higher risk of
making an irreversible mistake, such as permanently
deleting a directory. Finally, there’s the
concern of accountability. In a multi-user
environment like Linux, there are many users. If a user is running as root, there is no way to track
who exactly ran a command. One solution to help solve
this problem is sudo. sudo is a command that
temporarily grants elevated permissions
to specific users. This provides more of a controlled approach
compared to root, which runs every command
with root privileges. sudo solves lots of problems associated
with running as root. sudo comes from super-user-do and lets you execute commands as an elevated user without having to sign in and out
of another account. Running sudo will
prompt you to enter the password for the user
you’re currently logged in as. Not all users on a system
can become a superuser. Users must be granted
sudo access through a configuration file
called the sudoers file. Now that we’ve
learned about sudo, let’s learn how we
can use it with another command to add users. This command is useradd. useradd adds a user
to the system. Only root or users with sudo privileges can
use a useradd command. Let’s look at a specific example in which we need to add a user. We’ll imagine a new
representative is joining the sales department
and will be given the username of salesrep7. We’re tasked with adding
them to the system. Let’s try adding the new user. First, we need to use
the sudo command, followed by the useradd command, and then last, the username
we want to add, in this case, salesrep7. This command doesn’t display
anything on the screen. But since we get
a new Bash cursor and not an error message, we can feel confident that the command worked successfully. If it didn’t, an error
message would have appeared. Sometimes an error
has to do with something simple like
misspelling useradd. Or, it might be because we
didn’t have sudo privileges. Now let’s learn how
to do the opposite. Let’s learn how to delete
a user with userdel. userdel deletes a
user from the system. Similarly, we need root
permissions that we’ll access through sudo
to use userdel. Let’s go back to our example
of the user we added. Let’s imagine two months later, the sales representative that we just added to the system
leaves the company. That user should no longer
have access to the system. Let’s delete that
user from the system. Again, the sudo
command is used first, then we add the userdel command. Last, we add the name of
the user we want to delete. Again, we know it ran
successfully because there is a new Bash cursor
and not an error message. Now, we’ve covered
how to add and delete users and how these
actions require sudo. When using sudo, we have
to use our best judgment. These special
privileges must be used responsibly to ensure
a secure system.
What is the purpose of the sudo command?
It temporarily grants elevated permissions to specific users.
The sudo command temporarily grants elevated permissions to specific users. Elevated permissions are necessary to run certain commands such as useradd and userdel.
Reading: Responsible use of sudo
Reading
Previously, you explored authorization, authentication, and Linux commands with sudo, useradd, and userdel. The sudo command is important for security analysts because it allows users to have elevated permissions without risking the system by running commands as the root user. You’ll continue exploring authorization, authentication, and Linux commands in this reading and learn two more commands that can be used with sudo: usermod and chown.
Responsible use of sudo
To manage authorization and authentication, you need to be a root user, or a user with elevated privileges to modify the system. The root user can also be called the “super user.” You become a root user by logging in as the root user. However, running commands as the root user is not recommended in Linux because it can create security risks if malicious actors compromise that account. It’s also easy to make irreversible mistakes, and the system can’t track who ran a command. For these reasons, rather than logging in as the root user, it’s recommended you use sudo in Linux when you need elevated privileges.
The sudo command temporarily grants elevated permissions to specific users. The name of this command comes from “super user do.” Users must be given access in a configuration file to use sudo. This file is called the “sudoers file.” Although using sudo is preferable to logging in as the root user, it’s important to be aware that users with the elevated permissions to use sudo might be more at risk in the event of an attack.
You can compare this to a hotel with a master key. The master key can be used to access any room in the hotel. There are some workers at the hotel who need this key to perform their work. For example, to clean all the rooms, the janitor would scan their ID badge and then use this master key. However, if someone outside the hotel’s network gained access to the janitor’s ID badge and master key, they could access any room in the hotel. In this example, the janitor with the master key represents a user using sudo for elevated privileges. Because of the dangers of sudo, only users who really need to use it should have these permissions.
Additionally, even if you need access to sudo, you should be careful about using it with only the commands you need and nothing more. Running commands with sudo allows users to bypass the typical security controls that are in place to prevent elevated access to an attacker.
Note: Be aware of sudo if copying commands from an online source. It’s important you don’t use sudo accidentally.
Authentication and authorization with sudo
You can use sudo with many authentication and authorization management tasks. As a reminder, authentication is the process of verifying who someone is, and authorization is the concept of granting access to specific resources in a system. Some of the key commands used for these tasks include the following:
useradd
The useradd command adds a user to the system. To add a user with the username of fgarcia with sudo, enter sudo useradd fgarcia. There are additional options you can use with useradd:
- -g: Sets the user’s default group, also called their primary group
- -G: Adds the user to additional groups, also called supplemental or secondary groups
To use the -g option, the primary group must be specified after -g. For example, entering sudo useradd -g security fgarcia adds fgarcia as a new user and assigns their primary group to be security.
To use the -G option, the supplemental group must be passed into the command after -G. You can add more than one supplemental group at a time with the -G option. Entering sudo useradd -G finance,admin fgarcia adds fgarcia as a new user and adds them to the existing finance and admin groups.
usermod
The usermod command modifies existing user accounts. The same -g and -G options from the useradd command can be used with usermod if a user already exists.
To change the primary group of an existing user, you need the -g option. For example, entering sudo usermod -g executive fgarcia would change fgarcia’s primary group to the executive group.
To add a supplemental group for an existing user, you need the -G option. You also need a -a option, which appends the user to an existing group and is only used with the -G option. For example, entering sudo usermod -a -G marketing fgarcia would add the existing fgarcia user to the supplemental marketing group.
Note: When changing the supplemental group of an existing user, if you don’t include the -a option, -G will replace any existing supplemental groups with the groups specified after usermod. Using -a with -G ensures that the new groups are added but existing groups are not replaced.
There are other options you can use with usermod to specify how you want to modify the user, including:
- -d: Changes the user’s home directory.
- -l: Changes the user’s login name.
- -L: Locks the account so the user can’t log in.
The option always goes after the usermod command. For example, to change fgarcia’s home directory to /home/garcia_f, enter sudo usermod -d /home/garcia_f fgarcia. The option -d directly follows the command usermod before the other two needed arguments.
userdel
The userdel command deletes a user from the system. For example, entering sudo userdel fgarcia deletes fgarcia as a user. Be careful before you delete a user using this command.
The userdel command doesn’t delete the files in the user’s home directory unless you use the -r option. Entering sudo userdel -r fgarcia would delete fgarcia as a user and delete all files in their home directory. Before deleting any user files, you should ensure you have backups in case you need them later.
Note: Instead of deleting the user, you could consider deactivating their account with usermod -L. This prevents the user from logging in while still giving you access to their account and associated permissions. For example, if a user left an organization, this option would allow you to identify which files they have ownership over, so you could move this ownership to other users.
chown
The chown command changes ownership of a file or directory. You can use chown to change user or group ownership. To change the user owner of the access.txt file to fgarcia, enter sudo chown fgarcia access.txt. To change the group owner of access.txt to security, enter sudo chown :security access.txt. You must enter a colon (:) before security to designate it as a group name.
Similar to useradd, usermod, and userdel, there are additional options that can be used with chown.
Key takeaways
Authentication is the process of a user verifying their identity, and authorization is the process of determining what they have access to. You can use the sudo command to temporarily run commands with elevated privileges to complete authentication and authorization management tasks. Specifically, useradd, userdel, usermod, and chown can be used to manage users and file ownership.
What is authorization?
The concept of granting access to specific resources in a system
Authorization is the concept of granting access to specific resources in a system.
Which of the following statements correctly describe the file permissions string -rw-rw-rw-? Select two answers.
The user has write permissions. The group has read permissions.
The 3rd character of the file permissions string -rw-rw-rw- indicates that the user has write permissions, and the 5th character of the file permissions string -rw-rw-rw- indicates that the group has read permissions.
A security professional enters chmod g+w access.txt into the command line. What does this command tell the operating system to do?
Add write permissions to the group for the access.txt file
The command chmod g+w access.txt tells the operating system to add write permissions to the group.
Which of the following commands typically must be used with sudo? Select three answers.
useradd, userdel, chown
The useradd, userdel, and chown commands must typically be used with sudo. The useradd command adds a user to the system, userdel deletes a user from the system, and chown changes ownership of a file.
A security analyst is updating permissions on a directory named projects. The current permissions are drwxrw-r–. They want to add execute permissions for the group. What do they enter on the command line?
chmod g+x projects
They enter chmod g+x projects. This command adds execute permissions for the group.
Get help in Linux
Video: Damar: My journey into Linux commands
- Damar has always wanted to work in cybersecurity since he was a kid.
- He had a variety of jobs before coming to Google, including smoothie maker at Jamba Juice and IT technician at Geek Squad.
- He advises people interested in cybersecurity to start by learning Linux, which is widely used across most companies.
- Damar first got interested in learning Linux from the Jurassic Park movie, where the characters use a UNIX operating system to reactivate the electrical doors.
- He encourages people to not get discouraged by any small hiccups that come up when learning Linux, and to stick with it.
- There are a plethora of support resources available online, such as the discussion forum for the certificate course, Stack Overflow, and Reddit.
- Damar loves working in cybersecurity because it is satisfying to know that he is helping to protect people online from things they may not even know about.
[MUSIC] My name is Damar,
I’m a security engineer here at Google. I’ve always wanted to get into
cybersecurity since I was a kid. A lot of the cartoons I watched, they
had like floppy disks or flash drives, and they would put that in the computer and
kind of like cause havoc. [LAUGH] So
I always thought that was really cool. I’ve had quite a bit of jobs
before coming to Google. I originally started out making
smoothies at Jamba Juice. I got my first IT technological
kind of job at Geek Squad and then eventually came here and
became a security engineer. My advice to people trying to get into
cybersecurity is it may be a lot easier than you think. [LAUGH] It definitely was
a lot easier than I thought. Something that I learned jumping in myself
is that you’re not going to be able to learn everything all at once, and you’re not going to need to
know everything all at once. Linux is very important
because it’s broadly used across pretty much every company. You may use Linux to curate logs. It’s a very common practice
you may also use Linux to set up bash jobs that will help with
routine tasks within Linux. I first got interested in learning
Linux from the Jurassic Park movie. There’s a scene in the movie where they
need to reactivate the electrical doors, and they have to use a UNIX
operating system to do so. So later on, I learned what UNIX was and
how Linux came from it, and it inspired me to learn more about Linux. The best advice I can give someone
that’s trying to learn Linux and Linux commands is, don’t get discouraged
by any small hiccups that come up. Just keep with it. Stick with it. Think of it as when you first
learned to swim, right, you probably weren’t that great at it. [LAUGH] It was frustrating, and
you were probably a little scared, but you’re stuck with it and
I hope that you’re able to swim now. [LAUGH] There are a plethora of
support resources when learning Linux. One good example is the discussion
forum in the certificate course. Another avenue of support for learning
Linux is just googling answers using Stack Overflow,
maybe even making a Reddit post. I love working in cybersecurity. It’s pretty satisfying to know that me and
my team and then like all the other security teams
here at Google are helping protect people online from things they
may not even know about. [SOUND]
Video: The Linux community
There is a large online community of Linux users who are constantly publishing information to help others learn how to use the command line. This is because Linux is open-source and has become a global community of users that contribute frequently. This global community is a huge resource for all Linux users, and users can find answers to their questions for everyday tasks by simply searching the internet.
One of the easiest ways to troubleshoot a task is to search and read about how someone else has done it. Looking for resources on how to execute a task is a good way for beginners to continue learning.
If you are unsure about a topic in Linux, there is a lot of support just a click away. You can search online for help, or use a reputable source such as the Unix & Linux Stack Exchange.
In the next video, you will learn how to get support from within the command line itself.
Introduction
The Linux community is a global network of people who use, develop, and support the Linux operating system. It is one of the largest and most active software communities in the world, with members from all walks of life and all levels of expertise.
The Linux community is open and inclusive, and anyone is welcome to join. It is a place where people can learn from each other, share ideas, and collaborate on projects. The community is also a valuable resource for troubleshooting problems and getting help with Linux.
Benefits of being a part of the Linux community
There are many benefits to being a part of the Linux community. Here are just a few:
- Access to knowledge and expertise: The Linux community is home to some of the most knowledgeable and experienced Linux users in the world. If you have a question or need help with something, you can be sure to find someone in the community who can help you.
- Opportunity to learn and grow: The Linux community is a great place to learn about Linux and other open source software. There are many resources available, such as tutorials, articles, and forums, where you can learn at your own pace.
- Chance to contribute to the development of Linux: The Linux community is very active in the development of Linux. If you have an idea or want to help fix a bug, you can contribute to the Linux kernel or one of the many Linux distributions.
- Sense of community: The Linux community is a friendly and welcoming place. You can connect with other Linux users from all over the world and share your passion for Linux.
How to get involved in the Linux community
There are many ways to get involved in the Linux community. Here are a few ideas:
- Join a Linux forum or mailing list: There are many online forums and mailing lists where you can connect with other Linux users and ask questions.
- Attend a Linux meetup or conference: There are many Linux meetups and conferences held all over the world. These events are a great way to meet other Linux users and learn from experts.
- Contribute to a Linux project: There are many Linux projects that you can contribute to, such as the Linux kernel, Linux distributions, and open source applications.
- Write a blog or article about Linux: If you have knowledge about Linux, you can share it with the community by writing a blog or article.
- Help other Linux users: If you see someone asking a question about Linux online, offer to help them.
Conclusion
The Linux community is a great resource for anyone interested in Linux. It is a place where people can learn, grow, and contribute to the development of Linux. If you are not already a part of the Linux community, I encourage you to get involved. You will not be disappointed.
Here are some additional resources for getting involved in the Linux community:
- Linux.org: https://www.linux.org/
- Linux Foundation: https://www.linuxfoundation.org/
- Linux Users’ Group Directory: https://devconnected.com/how-to-list-users-and-groups-on-linux/
- Linux Journal: https://www.linuxjournal.com/
- Linux Weekly News: https://lwn.net/
- #linux on IRC: https://en.wikipedia.org/wiki/Internet_Relay_Chat
- Linux subreddit: https://www.reddit.com/r/linux/
I hope this tutorial has been helpful. If you have any questions, please feel free to ask me in the comments.
There are so many
others just like you who will be using
the command line. Linux’s popularity
and ease of use has created a large
online community that constantly
publishes information to help users learn how
to operate Linux. Since Linux is open-source, it has become a
global community of users that contribute
frequently. This global community
is a huge resource for all Linux users because users can find answers
for everyday tasks. Just searching on the internet
will provide many answers. The easiest way to troubleshoot
a task is to search and read about how someone
else has done it. Looking for resources
on how to execute a task is a good way for
beginners to continue learning. So far, you’ve learned
how to add users, but imagine if later you
want to add a new group. One way to learn how to do
this is to search online. Let’s give this a try
through a Google search. The search results give us many options for adding
a group in Linux. Another reputable source is a Unix & Linux Stack Exchange. Their answers are ranked with points to display
high-quality answers. Many questions relate to more advanced users and are geared towards
troubleshooting. Well, now you know where
to get some extra support whenever in doubt
about topics in Linux. There is a lot of support
just a click away. Coming up, we’ll learn
how to get support from within the command
line itself. Join me.
Video: Man pages within the shell
- man: Displays information on other commands and how they work.
- whatis: Displays a description of a command on a single line.
- apropos: Searches the manual page descriptions for a specified string.
These commands can be used to quickly find information about commands, even if you don’t know the exact name of the command you’re looking for.
How can you use the man command?
To display information on what other commands are and how they work
You can use the man command to display information on what other commands are and how they work. For example, if you want information on the chown command and how it works, you can enter man chown.
Welcome back! In this video, we’re going to discuss some
resources that are available directly through
the shell and can help you while working in Linux. One of the great
things about Linux is that you can get help right
through the command line. The first command that can
help you in this way is: man. man displays information on other commands and
how they work. The name of this command
comes from the word manual. Let’s examine this
more closely by using man to get information
about the usermod command. After man, we type the
name of this command. The information that man returns includes a
general description. It also contains information about each of usermod’s options. For example, the
option -d can be added to usermod to change
a user’s home directory. man provides a lot
of information, but sometimes we just need a quick reference on
what a command does. In that case, you use whatis. whatis displays a description of a command on a single line. Let’s say you heard
a co-worker mention a command like tail. You’ve never heard of
this command before, but you can find
out what it does. Simply use the command, whatis tail, and learn that it outputs the last
part of files. Sometimes we might not even
know what command to look up. This is where
apropos can help us. apropos searches the
manual page descriptions for a specified string.
Let’s try it out. Let’s say you have a task that requires you to
change a password, but you’re not quite
sure how to do this. If we use the apropos command
with the string password, this will display a large number of commands with that word. This helps somewhat, but it still may be difficult
to find what we need. But we can filter this by adding the -a option and
an additional string. This option will return only the commands that
contain both strings. In our case, since we want
to change the password, let’s look for commands with
both: change and password. Now, the output has been limited to the most
relevant commands. These commands make it a lot easier to navigate the
Linux command line. As a new analyst, you won’t have all the
answers all the time, but you can learn
where to find them.
Reading: Linux resources
Reading
Previously, you were introduced to the Linux community and some resources that exist to help Linux users. Linux has many options available to give users the information they need. This reading will review these resources. When you’re aware of the resources available to you, you can continue to learn Linux independently. You can also discover even more ways that Linux can support your work as a security analyst.
Linux community
Linux has a large online community, and this is a huge resource for Linux users of all levels. You can likely find the answers to your questions with a simple online search. Troubleshooting issues by searching and reading online is an effective way to discover how others approached your issue. It’s also a great way for beginners to learn more about Linux.
The UNIX and Linux Stack Exchange is a trusted resource for troubleshooting Linux issues. The Unix and Linux Stack Exchange is a question and answer website where community members can ask and answer questions about Linux. Community members vote on answers, so the higher quality answers are displayed at the top. Many of the questions are related to specific topics from advanced users, and the topics might help you troubleshoot issues as you continue using Linux.
Integrated Linux support
Linux also has several commands that you can use for support.
man
The man command displays information on other commands and how they work. It’s short for “manual.” To search for information on a command, enter the command after man. For example, entering man chown returns detailed information about chown, including the various options you can use with it. The output of the man command is also called a “man page.”
apropos
The apropos command searches the man page descriptions for a specified string. Man pages can be lengthy and difficult to search through if you’re looking for a specific keyword. To use apropos, enter the keyword after apropos.
You can also include the -a option to search for multiple words. For example, entering apropos -a graph editor outputs man pages that contain both the words “graph” and “editor” in their descriptions.
whatis
The whatis command displays a description of a command on a single line. For example, entering whatis nano outputs the description of nano. This command is useful when you don’t need a detailed description, just a general idea of the command. This might be as a reminder. Or, it might be after you discover a new command through a colleague or online resource and want to know more.
Key takeaways
There are many resources available for troubleshooting issues or getting support for Linux. Linux has a large global community of users who ask and answer questions on online resources, such as the Unix and Linux Stack Exchange. You can also use integrated support commands in Linux, such as man, apropos, and whatis.
Resources for more information
There are many resources available online that can help you learn new Linux concepts, review topics, or ask and answer questions with the global Linux community. The Unix and Linux Stack Exchange is one example, and you can search online to find others.
Practice Quiz: Test your knowledge: Get help in Linux
Which of the following statements accurately describe Linux’s online global community? Select three answers.
Because Linux is open-source, the community can easily contribute.
The community publishes online information to help users learn how to operate Linux.
Linux users can find support from the community for everyday tasks.
Linux’s online global community enables users to find support for everyday tasks. Information is published online to help users learn how to operate Linux. In addition, because Linux is open-source, members of the community can easily contribute.
What does the man command do?
Display information on other commands and how they work
The man command displays information on other commands and how they work. For more information about a specific command, enter this other command after man.
What does the whatis command do?
Display a description of a command on a single line
The whatis command displays a description of a command on a single line. It is useful if you do not need the additional details found in the entire man page.
What is an advantage of the apropos command?
Users can search for a command even if they do not know the specific command name.
Users can use apropos to search for a command even if they do not know the specific command name. The apropos command searches the manual page descriptions for a specified string.
Review: Linux commands in the Bash shell
Video: Wrap-up
The speaker congratulates the learner on completing another section of the course and summarizes the key takeaways:
- Using commands for navigating and managing the file system.
- Using commands for authenticating and authorizing users.
- Accessing resources that support learning new Linux commands. The speaker emphasizes the importance of these skills for a career as a security analyst and encourages the learner to continue learning more about using the command line.
Congratulations! You completed
another section in this course. Take a minute to think
about what you’ve achieved. You learned a lot in this section.
Let’s recap what we covered. In this section, you utilized the command
line to communicate with the OS. Part of this was using commands for
navigating and managing the file system. And you used other commands for
authenticating and authorizing users. These are all tasks that a security
analyst is likely to encounter. Finally, you learned about
accessing resources that support learning new Linux commands. With this knowledge, you’ll be
able to continue learning more and more about using the command line. We did it!
we learned how to communicate with Linux. That’s a great accomplishment, and one that will be very useful to you
in your career as a security analyst. You should be proud of the work
that you’ve done so far.
Reading: Reference guide: Linux
Reading: Glossary terms from module 3
Terms and definitions from Course 4, Module 3
Absolute file path: The full file path, which starts from the root
Argument (Linux): Specific information needed by a command
Authentication: The process of verifying who someone is
Authorization: The concept of granting access to specific resources in a system
Bash: The default shell in most Linux distributions
Command: An instruction telling the computer to do something
File path: The location of a file or directory
Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data
Filtering: Selecting data that match a certain condition
nano: A command-line file editor that is available by default in many Linux distributions
Options: Input that modifies the behavior of a command
Permissions: The type of access granted for a file or directory
Principle of least privilege: The concept of granting only the minimal access and authorization required to complete a task or function
Relative file path: A file path that starts from the user’s current directory
Root directory: The highest-level directory in Linux
Root user (or superuser): A user with elevated privileges to modify the system
Standard input: Information received by the OS via the command line
Standard output: Information returned by the OS through the shell
Quiz: Module 3 challenge
What are the arguments in grep bmoreno Q4users.txt? Select two answers.
bmoreno, Q4users.txt
Which of the following items represents the root directory?
/
What does the grep command do?
Searches a specified file and returns all lines in the file containing a specified string
A security analyst enters touch updates.txt into the command line. What does this tell the operating system to do?
Create a new file named updates.txt in their current directory
What are the three types of permissions?
Read, write, and execute
A security analyst enters chmod u+w,g-r access.txt into the command line. What does this command tell the operating system to do? Select all that apply.
- Add write permissions to the user for the access.txt file
- Remove read permissions from the group for the access.txt file
A user is not a root user, but needs elevated privileges to use certain commands. What should they do?
Use the sudo command
What should you specify in the argument following the cd command?
The directory you want to navigate to
What does the apropos command do?
Searches the manual page descriptions for a specified string
Given the following permissions drw-rw-r–, what does the fourth character represent?
The user does not have execute permissions for this directory