A lot of new hackers even after having obtained the access will not be able to grab the information they need because of the lack of file and directory permissions. Kali Linux uses complex file structures and directory management philosophy to counter the loopholes that usual Linux distros may face. In this post, we will discuss a lot of these scenarios with concrete examples. Follow along!
WHAT ARE USERS AND GROUPS IN LINUX?
Every operating system uses the concept of users to determine who uses what. For example, windows uses something called administrator account to access the system files. If you are not an administrator, then there is no chance that you can access the C program and system files that are important for hackers.
In the same manner, Linux uses a much more complex user management system for easier access and advanced security functions.
Users – Users are individuals who can access a particular area of the system
Groups – Groups are a bundle of users who can access particular resources combinely.
We will now discuss about different types of users in Linux in much more detail.
1) First, you need to know about the head of the Linux system. That is, the most powerful one of all. It is usually called as a root user. Root user is the most powerful and can do anything in a system. He can add users , groups and delete them whenever he wants to. Usually, root access is given to the system administrators in an enterprise. As a hacker, your main motto should be to attain root access because with it you can do anything you want to.
2) The next is simple. Normal users are the users who doesn’t have permissions to have root access. What they can access is completely decided by the root user. If there is a service company, developers will only get access to coding resources, whereas management employees will only get access to management files. Every enterprise uses their own ways to decide what the users should access.
HOW TO GRANT PERMISSIONS?
Linux’s administrators usually use permissions to control how users can interact with the system files and directories. There are commonly three type of permissions namely : read, write and execute.
A) Read
This is permission too just to read the files. You cannot in any way modify or delete them. These permissions are usually given to the entry level users of an enterprise. It is represented by “r” in Linux command terminology.
B) Write
This is permission that can make the users to write the file. To write means to modify the content of the file. However, even after writing the file, it is not guaranteed that you can execute the newly written file. For example, git branches contributors are given written permissions to a file in the repository but are executed only after it is accepted by the administrator of the git branch. It is represented by “w” in Linux command terminology.
C) Execute
This is the high level permission that root users have. If a user gets execute permissions, then he can not only read and write files, but can also execute them to change the system files and directories. When a hacker tries to attack a system, he often looks forward to gain executing permissions. However, remember that sometimes root administrators only provide execute permissions without giving read and write permissions. It is represented by “x” according to Linux command terminology.
With this, we have completed a brief introduction to permissions. In the next section, we will talk about how to give permissions for an individual user or a group from the command line.
HOW TO GRANT PERMISSIONS TO AN USER?
When you grant permission to an individual user, he can interact with the file or directory without any errors.
Chown command is used for granting permissions for an individual user in Linux.
Here is the command :
root@server : chown sample /home/pictures
In the above command “chown” is the default command that tells the Linux kernel to provide permissions. “Sample” stands for the name of the user and the “/home/pictures” is the directory that is being given access to.
HOW TO GRANT PERMISSIONS TO A GROUP?
Just like how a root user allocates a permission to an individual user, he can do it for a group.
chgroup is the command that is used in Linux to allocate permission to a particular group. In enterprises, creating and managing groups is an absolute necessity. While doing projects that are short term, allocating permissions solves a lot of problems.
Here is a command:
root@server : chgroup hackers /home
In the above command, chgroup is the default identifier that allows groups to allocate permissions. Hackers is the group name, whereas /home is the directory that the permission is being given to.
In the next section, we will learn how to view the current permissions for a file or directory.
HOW TO CHECK PERMISSIONS IN LINUX?
If you are unaware of what permissions you are currently holding then you can check using the following command in Linux
root@server : ls -l /var/games
This command will display an output information saying about your current user status and whether or not you have access to this directory. You will also get information about the owner of the file. Another significant option is details about the time when it was modified. If you are a system administrator, you should be constantly checking the file modification status to be safe from attackers who try to gain the system permissions at any cost to steal sensitive information.
If you are a hacker trying to gain control over the system, you should know a way to modify permissions in linux. This is where the “chmod” command comes into use.
HOW TO MODIFY PERMISSIONS?
Permissions are generally changed in linux using the chmod command. All you have to do is add the permission that you are willing to change with chmod as a root user to change it.
For example:
root@server : chmod +x sum.img
// This will give the current user the permission to execute the image file
Advanced hackers use SUID to grant temporary permissions for the file they are going to execute. If you are interested, we suggest you to learn about SUID and Umask before jumping into it.
