## Linux Basic Permissions

In Linux, file and directory permissions play a critical role in controlling access to resources and ensuring system security. Each file and directory has associated permission settings that determine who can read, write, or execute them.
Understanding these basic permissions is fundamental to managing user access and protecting sensitive data on a Linux system. This lab focuses on explaining the essential concepts of Linux file permissions, including how to view, interpret, and modify them effectively. By mastering these basics, you'll gain the knowledge needed to manage permissions confidently and securely in various Linux environments.

Execute "/etc/shadow" command below, it is used to display the contents of the /etc/shadow file in Linux. This file stores encrypted password information for user accounts on the system. 

In [None]:
!cat /etc/shadow

cat: /etc/shadow: Permission denied


In Linux, some commands (like: cat /etc/shadow) require enhanced privileges to execute successfully. These commands often involve system-level operations, such as modifying system configurations, accessing sensitive files, or installing software. Without elevated privileges, users may encounter "Permission denied" errors when attempting to execute these commands.

To overcome permission restrictions and execute commands that require elevated privileges, Linux provides the sudo **(superuser do)** command. Sudo allows users to perform administrative tasks by temporarily escalating their privileges to that of the superuser or another specified user.

In [None]:
!sudo cat /etc/shadow

[sudo] password for cyberforge: 


When using sudo with the cat /etc/shadow command, the user will be prompted to enter their password (if required by the system's configuration). Once authenticated, sudo grants temporary superuser privileges, enabling the user to read the contents of the /etc/shadow file.

### Sudoers File

Sudoers file, located typically at /etc/sudoers, is a crucial configuration file in Linux systems governing the sudo command's behavior. It defines which users or groups are granted permission to execute specific commands with elevated privileges using sudo.

In [None]:
! echo "employee03"| sudo -S cat /etc/sudoers

[sudo] password for cyberforge: #
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults	use_pty

# This preserves proxy settings from user environments of root
# equivalent users (group sudo)
#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"

# This allows running arbitrary commands, but so does ALL, and it means
# different sudoers have their choice of editor respected.
#Defaults:%sudo env_keep += "EDITOR"

# Completely harmless preservation of a user preference.
#Defaults:%sudo env_keep += "GREP_COLOR"

# While you shouldn't normally run git as root, you need to with etckeeper
#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"



### Defaults Section
- `env_reset`: Resets the environment to a default state.
- `mail_badpass`: Sends mail to the mailto user if the user running `sudo` enters an incorrect password.
- `secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"`: Sets the PATH environment variable for commands run with `sudo` to a secure default value.
- `use_pty`: Forces `sudo` to use a pseudo-terminal (PTY) for password prompts.

### User Privilege Specification
- `root ALL=(ALL:ALL) ALL`: Allows the root user to execute any command from any host as any user.
- `%admin ALL=(ALL) ALL`: Grants members of the admin group the same privileges as the root user.
- `%sudo ALL=(ALL:ALL) ALL`: Allows members of the sudo group to execute any command as any user from any host.

### Custom User Entry
- `coder ALL=(ALL) NOPASSWD:ALL`: Grants the user `coder` the ability to execute any command as any user without entering a password (`NOPASSWD`).

### @includedir Directive
- `@includedir /etc/sudoers.d`: Specifies a directory (`/etc/sudoers.d`) from which additional sudoers configuration files can be included. This allows for modular configuration and organization of sudoers rules.


### Understanding File Permissions

In Linux and other Unix-like operating systems, file permissions determine who can read, write, or execute a file. Permissions are represented by three sets of characters: owner permissions, group permissions, and other permissions.

### Symbolic Representation

- **r (Read)**: Allows a user to view the contents of a file. If a directory has read permission, a user can list its contents.
- **w (Write)**: Allows a user to modify the contents of a file or create new files in a directory.
- **x (Execute)**: Allows a user to execute a file if it is a program or script, or traverse a directory if it is executable.

### Numeric Representation

Each permission is assigned a numeric value:
- **Read (r)**: 4
- **Write (w)**: 2
- **Execute (x)**: 1

To calculate the numeric representation of file permissions, add the values of the permissions:
- **No permission (---)**: 0
- **Execute only (--x)**: 1
- **Write only (-w-)**: 2
- **Write and execute (-wx)**: 3
- **Read only (r--)**: 4
- **Read and execute (r-x)**: 5
- **Read and write (rw-)**: 6
- **Read, write, and execute (rwx)**: 7

For example, if a file has permissions `-rwxr-xr--`, the numeric representation for the owner would be `7` (read, write, execute), for the group would be `5` (read, execute), and for others would be `4` (read only).

To understand file permissions better, let's create simple text file in our root directory named 'sample.txt' using the following command.


In [None]:
!echo "This is a sample file" > sample.txt && ls

first.ipynb  sample.txt  script.sh  typescript


### `ls -l` Command

The `ls` command is used in Unix-like operating systems to list directory contents. When used with the `-l` option, it displays detailed information about files and directories in a long listing format.

### Long Listing Format (`-l`)

- **Column 1**: File type and permissions:
  - The first character represents the file type:
    - `-` for a regular file.
    - `d` for a directory.

  - The next nine characters represent file permissions:
    - The first three characters represent permissions for the **Owner** of the file.
    - The next three characters represent permissions for the **Group** that owns the file.
    - The last three characters represent permissions for **Others** (users not in the owner group).
    - Each set of three characters can be one of the following:
      - `r` for read permission.
      - `w` for write permission.
      - `x` for execute permission.
      - `-` if the corresponding permission is not granted.

- **Column 2**: Number of links to the file or directory.

- **Column 3**: Owner of the file or directory.

- **Column 4**: Group associated with the file or directory.

- **Column 5**: File size in bytes.

- **Column 6-8**: Last modification date and time of the file or directory.

- **Column 9**: Name of the file or directory.


In [None]:
ls -l

total 56
-rw-r--r-- 1 cyberforge cyberforge 13121 Apr 17 15:02 first.ipynb
-rw-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
-rwsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 [0m[37;41mscript.sh[0m*
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


### `chmod` Command

The `chmod` command is used in Unix-like operating systems to change the permissions (mode) of a file or directory. It stands for "change mode".

### Basic Syntax

The basic syntax of the `chmod` command is: chmod [options] mode filename

In symbolic notation, the `chmod` command allows you to specify permissions symbolically using letters and symbols. Here are the key symbols used:

- `u`: User (owner of the file)
- `g`: Group
- `o`: Other (users not in the owner group)
- `a`: All (equivalent to `ugo`)
- `+`: Adds the specified permissions
- `-`: Removes the specified permissions
- `=`: Sets the specified permissions explicitly, overriding existing permissions

For example:
- `chmod u+x file.txt`: Adds execute permission for the owner of `file.txt`.
- `chmod go-rw file.txt`: Removes read and write permissions for the group and others on `file.txt`.
- `chmod a=rw file.txt`: Sets read and write permissions for all users on `file.txt`.

### Numeric Notation

In numeric notation, each permission is represented by a digit:
- `4`: Read permission
- `2`: Write permission
- `1`: Execute permission

To set permissions numerically, you calculate the sum of the permissions you want to assign:
- `0`: No permissions
- `1`: Execute permission
- `2`: Write permission
- `3`: Write and execute permissions
- `4`: Read permission
- `5`: Read and execute permissions
- `6`: Read and write permissions
- `7`: Read, write, and execute permissions

For example:
- `chmod 644 file.txt`: Sets read and write permissions for the owner, and read-only permissions for the group and others on `file.txt`.
- `chmod 755 directory`: Sets read, write, and execute permissions for the owner, and read and execute permissions for the group and others on `directory`.




In [None]:
!chmod u-r sample.txt && ls -l

total 56
-rw-r--r-- 1 cyberforge cyberforge 16161 Apr 17 15:07 first.ipynb
--w-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
--wsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 script.sh
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


Here we removed read permission of this file for the owner. Now try to read the contents of the file using the given command.

In [None]:
!cat sample.txt

cat: sample.txt: Permission denied


### `chown` Command

The `chown` command changes the owner and/or group of a file or directory in Unix-like systems.

### Basic Syntax

chown [options] new_owner[:new_group] file...


### Usage Examples

- Change only the owner: `chown new_owner file.txt`
- Change only the group: `chown :new_group file.txt`
- Change both owner and group: `chown new_owner:new_group file.txt`

### Options

- `-R`: Recursive mode, changes ownership of a directory and its contents.

### Numeric Representation

You can specify the owner and group using numeric user and group IDs.

In [None]:
! sudo chown root sample.txt && ls -l

[sudo] password for cyberforge: 


### SetUID (Set User ID)

SetUID is a special permission in Unix-like operating systems that allows a user to execute a file with the permissions of the file's owner rather than the user who runs it.

When a SetUID permission is set on an executable file, it allows any user to execute the file with the permissions of the file's owner. This is particularly useful for executable files that require elevated privileges to perform certain operations.

### Symbolic Representation

The SetUID permission is represented by the letter `s` in the user permission field of the file's mode:

- `s`: SetUID is set for the owner of the file.

### Usage

To set SetUID permission: chmod u+s file

To drop SetUID permission: chmod u-s file

The following C program demonstrates how SetUID works by retrieving the real and effective user IDs of a process. It prints the real (UID of the user who started the process) and effective user ID (UID with which the process started), creates a file named `test.txt` in the `/tmp` directory, writes "Hello, world!" to the file, and then closes the file.

In [None]:
%%writefile uid_demo.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    printf("Real user ID: %d\n", getuid());
    printf("Effective user ID: %d\n", geteuid());
    
    FILE *file;
    file = fopen("/tmp/test.txt", "w");
    if (file == NULL) {
        perror("Error creating file");
        return 1;
    }
    fprintf(file, "Hello, world!\n");
    fclose(file);

    return 0;
}


Overwriting uid_demo.c


The following command compiles the C program "uid_demo.c" using the GNU Compiler Collection (GCC) and generates an executable file named uid_demo.

In [None]:
!gcc uid_demo.c -o uid_demo

Now, change transfer ownership of **uid_demo** to root and then set SetUID on the binary. 

In [None]:
!sudo chown root:root uid_demo && chmod u+s uid_demo

In [None]:
!./uid_demo

Real user ID: 1000
Effective user ID: 1000


Notice the Effective UID is **0** that of root.

## SetGID (Set Group ID)

SetGID is a special permission in Unix-like systems that allows files or directories to inherit the group ownership of their parent directory.

### Basic Concept

When SetGID is set on a directory, newly created files inherit the group ownership of the directory instead of the user's default group.

### Symbolic Representation

The SetGID permission is represented by the letter `s` in the group permission field of the file's mode.

### Usage

To set SetGID permission: chmod g+s directory

To remove SetGID permission: chmod g-s directory



Create a directory **documents** and set its GID bit.

In [None]:
!mkdir documents && chmod g+s documents && ls -l

total 64
drwxr-sr-x 2 cyberforge cyberforge  4096 Apr 17 15:21 documents
-rw-r--r-- 1 cyberforge cyberforge 19245 Apr 17 15:21 first.ipynb
--w-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
--wsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 script.sh
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


Change the owner and group of the directory to root. Now when you will create files in this directory they should be created with root as owner as they will inherit group ownership from its parent directory.

In [None]:
! sudo chown root:root documents

[sudo] password for cyberforge: 


In [None]:
! cd documents | sudo touch bankDetails.txt && ls -l

[sudo] password for cyberforge: 


Notice that the newly created file **bankDetails.txt** although created by user 'coder' still its owner group is root since its inheriting these properties.

In [27]:
!cat /etc/shadow

cat: /etc/shadow: Permission denied


In Linux, some commands (like: cat /etc/shadow) require enhanced privileges to execute successfully. These commands often involve system-level operations, such as modifying system configurations, accessing sensitive files, or installing software. Without elevated privileges, users may encounter "Permission denied" errors when attempting to execute these commands.

To overcome permission restrictions and execute commands that require elevated privileges, Linux provides the sudo **(superuser do)** command. Sudo allows users to perform administrative tasks by temporarily escalating their privileges to that of the superuser or another specified user.

In [26]:
!sudo cat /etc/shadow

[sudo] password for cyberforge: 


When using sudo with the cat /etc/shadow command, the user will be prompted to enter their password (if required by the system's configuration). Once authenticated, sudo grants temporary superuser privileges, enabling the user to read the contents of the /etc/shadow file.

### Sudoers File

Sudoers file, located typically at /etc/sudoers, is a crucial configuration file in Linux systems governing the sudo command's behavior. It defines which users or groups are granted permission to execute specific commands with elevated privileges using sudo.

In [29]:
! echo "employee03"| sudo -S cat /etc/sudoers

[sudo] password for cyberforge: #
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults	use_pty

# This preserves proxy settings from user environments of root
# equivalent users (group sudo)
#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"

# This allows running arbitrary commands, but so does ALL, and it means
# different sudoers have their choice of editor respected.
#Defaults:%sudo env_keep += "EDITOR"

# Completely harmless preservation of a user preference.
#Defaults:%sudo env_keep += "GREP_COLOR"

# While you shouldn't normally run git as root, you need to with etckeeper
#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"



### Defaults Section
- `env_reset`: Resets the environment to a default state.
- `mail_badpass`: Sends mail to the mailto user if the user running `sudo` enters an incorrect password.
- `secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"`: Sets the PATH environment variable for commands run with `sudo` to a secure default value.
- `use_pty`: Forces `sudo` to use a pseudo-terminal (PTY) for password prompts.

### User Privilege Specification
- `root ALL=(ALL:ALL) ALL`: Allows the root user to execute any command from any host as any user.
- `%admin ALL=(ALL) ALL`: Grants members of the admin group the same privileges as the root user.
- `%sudo ALL=(ALL:ALL) ALL`: Allows members of the sudo group to execute any command as any user from any host.

### Custom User Entry
- `coder ALL=(ALL) NOPASSWD:ALL`: Grants the user `coder` the ability to execute any command as any user without entering a password (`NOPASSWD`).

### @includedir Directive
- `@includedir /etc/sudoers.d`: Specifies a directory (`/etc/sudoers.d`) from which additional sudoers configuration files can be included. This allows for modular configuration and organization of sudoers rules.


### Understanding File Permissions

In Linux and other Unix-like operating systems, file permissions determine who can read, write, or execute a file. Permissions are represented by three sets of characters: owner permissions, group permissions, and other permissions.

### Symbolic Representation

- **r (Read)**: Allows a user to view the contents of a file. If a directory has read permission, a user can list its contents.
- **w (Write)**: Allows a user to modify the contents of a file or create new files in a directory.
- **x (Execute)**: Allows a user to execute a file if it is a program or script, or traverse a directory if it is executable.

### Numeric Representation

Each permission is assigned a numeric value:
- **Read (r)**: 4
- **Write (w)**: 2
- **Execute (x)**: 1

To calculate the numeric representation of file permissions, add the values of the permissions:
- **No permission (---)**: 0
- **Execute only (--x)**: 1
- **Write only (-w-)**: 2
- **Write and execute (-wx)**: 3
- **Read only (r--)**: 4
- **Read and execute (r-x)**: 5
- **Read and write (rw-)**: 6
- **Read, write, and execute (rwx)**: 7

For example, if a file has permissions `-rwxr-xr--`, the numeric representation for the owner would be `7` (read, write, execute), for the group would be `5` (read, execute), and for others would be `4` (read only).

To understand file permissions better, let's create simple text file in our root directory named 'sample.txt' using the following command.


In [30]:
!echo "This is a sample file" > sample.txt && ls

first.ipynb  sample.txt  script.sh  typescript


### `ls -l` Command

The `ls` command is used in Unix-like operating systems to list directory contents. When used with the `-l` option, it displays detailed information about files and directories in a long listing format.

### Long Listing Format (`-l`)

- **Column 1**: File type and permissions:
  - The first character represents the file type:
    - `-` for a regular file.
    - `d` for a directory.

  - The next nine characters represent file permissions:
    - The first three characters represent permissions for the **Owner** of the file.
    - The next three characters represent permissions for the **Group** that owns the file.
    - The last three characters represent permissions for **Others** (users not in the owner group).
    - Each set of three characters can be one of the following:
      - `r` for read permission.
      - `w` for write permission.
      - `x` for execute permission.
      - `-` if the corresponding permission is not granted.

- **Column 2**: Number of links to the file or directory.

- **Column 3**: Owner of the file or directory.

- **Column 4**: Group associated with the file or directory.

- **Column 5**: File size in bytes.

- **Column 6-8**: Last modification date and time of the file or directory.

- **Column 9**: Name of the file or directory.


In [31]:
ls -l

total 56
-rw-r--r-- 1 cyberforge cyberforge 13121 Apr 17 15:02 first.ipynb
-rw-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
-rwsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 [0m[37;41mscript.sh[0m*
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


### `chmod` Command

The `chmod` command is used in Unix-like operating systems to change the permissions (mode) of a file or directory. It stands for "change mode".

### Basic Syntax

The basic syntax of the `chmod` command is: chmod [options] mode filename

In symbolic notation, the `chmod` command allows you to specify permissions symbolically using letters and symbols. Here are the key symbols used:

- `u`: User (owner of the file)
- `g`: Group
- `o`: Other (users not in the owner group)
- `a`: All (equivalent to `ugo`)
- `+`: Adds the specified permissions
- `-`: Removes the specified permissions
- `=`: Sets the specified permissions explicitly, overriding existing permissions

For example:
- `chmod u+x file.txt`: Adds execute permission for the owner of `file.txt`.
- `chmod go-rw file.txt`: Removes read and write permissions for the group and others on `file.txt`.
- `chmod a=rw file.txt`: Sets read and write permissions for all users on `file.txt`.

### Numeric Notation

In numeric notation, each permission is represented by a digit:
- `4`: Read permission
- `2`: Write permission
- `1`: Execute permission

To set permissions numerically, you calculate the sum of the permissions you want to assign:
- `0`: No permissions
- `1`: Execute permission
- `2`: Write permission
- `3`: Write and execute permissions
- `4`: Read permission
- `5`: Read and execute permissions
- `6`: Read and write permissions
- `7`: Read, write, and execute permissions

For example:
- `chmod 644 file.txt`: Sets read and write permissions for the owner, and read-only permissions for the group and others on `file.txt`.
- `chmod 755 directory`: Sets read, write, and execute permissions for the owner, and read and execute permissions for the group and others on `directory`.




In [35]:
!chmod u-r sample.txt && ls -l

total 56
-rw-r--r-- 1 cyberforge cyberforge 16161 Apr 17 15:07 first.ipynb
--w-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
--wsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 script.sh
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


Here we removed read permission of this file for the owner. Now try to read the contents of the file using the given command.

In [36]:
!cat sample.txt

cat: sample.txt: Permission denied


### `chown` Command

The `chown` command changes the owner and/or group of a file or directory in Unix-like systems.

### Basic Syntax

chown [options] new_owner[:new_group] file...


### Usage Examples

- Change only the owner: `chown new_owner file.txt`
- Change only the group: `chown :new_group file.txt`
- Change both owner and group: `chown new_owner:new_group file.txt`

### Options

- `-R`: Recursive mode, changes ownership of a directory and its contents.

### Numeric Representation

You can specify the owner and group using numeric user and group IDs.

In [38]:
! sudo chown root sample.txt && ls -l

[sudo] password for cyberforge: 


### SetUID (Set User ID)

SetUID is a special permission in Unix-like operating systems that allows a user to execute a file with the permissions of the file's owner rather than the user who runs it.

When a SetUID permission is set on an executable file, it allows any user to execute the file with the permissions of the file's owner. This is particularly useful for executable files that require elevated privileges to perform certain operations.

### Symbolic Representation

The SetUID permission is represented by the letter `s` in the user permission field of the file's mode:

- `s`: SetUID is set for the owner of the file.

### Usage

To set SetUID permission: chmod u+s file

To drop SetUID permission: chmod u-s file

The following C program demonstrates how SetUID works by retrieving the real and effective user IDs of a process. It prints the real (UID of the user who started the process) and effective user ID (UID with which the process started), creates a file named `test.txt` in the `/tmp` directory, writes "Hello, world!" to the file, and then closes the file.

In [68]:
%%writefile uid_demo.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    printf("Real user ID: %d\n", getuid());
    printf("Effective user ID: %d\n", geteuid());
    
    FILE *file;
    file = fopen("/tmp/test.txt", "w");
    if (file == NULL) {
        perror("Error creating file");
        return 1;
    }
    fprintf(file, "Hello, world!\n");
    fclose(file);

    return 0;
}


Overwriting uid_demo.c


The following command compiles the C program "uid_demo.c" using the GNU Compiler Collection (GCC) and generates an executable file named uid_demo.

In [66]:
!gcc uid_demo.c -o uid_demo

Now, change transfer ownership of **uid_demo** to root and then set SetUID on the binary. 

In [63]:
!sudo chown root:root uid_demo && chmod u+s uid_demo

In [69]:
!./uid_demo

Real user ID: 1000
Effective user ID: 1000


Notice the Effective UID is **0** that of root.

## SetGID (Set Group ID)

SetGID is a special permission in Unix-like systems that allows files or directories to inherit the group ownership of their parent directory.

### Basic Concept

When SetGID is set on a directory, newly created files inherit the group ownership of the directory instead of the user's default group.

### Symbolic Representation

The SetGID permission is represented by the letter `s` in the group permission field of the file's mode.

### Usage

To set SetGID permission: chmod g+s directory

To remove SetGID permission: chmod g-s directory



Create a directory **documents** and set its GID bit.

In [43]:
!mkdir documents && chmod g+s documents && ls -l

total 64
drwxr-sr-x 2 cyberforge cyberforge  4096 Apr 17 15:21 documents
-rw-r--r-- 1 cyberforge cyberforge 19245 Apr 17 15:21 first.ipynb
--w-r--r-- 1 cyberforge cyberforge    22 Apr 17 14:32 sample.txt
--wsr-xr-x 1 cyberforge cyberforge   186 Apr 17 14:32 script.sh
-rw-rw-r-- 1 cyberforge cyberforge 32311 Apr 17 12:59 typescript


Change the owner and group of the directory to root. Now when you will create files in this directory they should be created with root as owner as they will inherit group ownership from its parent directory.

In [44]:
! sudo chown root:root documents

[sudo] password for cyberforge: 


In [45]:
! cd documents | sudo touch bankDetails.txt && ls -l

[sudo] password for cyberforge: 


Notice that the newly created file **bankDetails.txt** although created by user 'coder' still its owner group is root since its inheriting these properties.