<a href="https://colab.research.google.com/github/cwaskom/FSND/blob/master/11_permissions.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# File Permissions

### Introduction

In linux, operating systems can not only perform multiple tasks but also multiple users.  In other words, more than one user can use the computer at a single time.  

Think about ssh-ing into a remote computer.  As you might imagine, different remote users can ssh into the same computer.  And linux might grant different kinds of access to different users depending on this access.  

In this lesson, we'll learn how to manage users in the shell.

### Exploring 

To begin, everytime we login to the shell, we login as a user.  We can see this user, if we type in `id` in the shell.

In [None]:
!id

# uid=501(jeff) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr)
# ,80(admin),81(_appserveradm),98(_lpadmin),701(com.apple.sharepoint.group.1),33(_appstore)
# ,100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),
# 398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

uid=0(root) gid=0(root) groups=0(root)


As we can see, our logged in user is asssigned a user id (`uid`) followed by the associated name.  And various groups, along with the related group ids.  As this user, and as members of these groups, the user has access to different files.

### Viewing Permissions

We can see these different levels of access or permissions our loggedin user has with respect to a file (or directory of files), by adding the `-l` flag to our `ls` command.

```bash
ls -l index.py
# -rw-r--r--  1 jeff  staff  0 Jan  6 18:54 index.py
```

The different letters available are `r` for read, `w` for write, and `x` to allow the execution of a file.  

Why so many dashes?  Well the dashes specify the values at the usere, group, and others level (in that order).  So above we can see that the user can read and write but not execute, that the group level and global permissions are both for reading.  

> But who is that user, and what is the group?  Well, we can also see that in our output to `ls -l`.  The owner of the file is `jeff` (as that was the user who created it) and the group is `staff`.

> Also, if we look at the output from `ls -l` above, we can see that there is one dash before our first `r`.  This dash is used to indicate whether the file is a directory.  If it is, we'll see the letter `d`.

Take a look at the output below.  We can see that `.ipynb_checkpoints` and `sample_folder` are directories and preceded with a `d`.

<img src="https://github.com/jigsawlabs-student/permissions-reading/blob/main/ls_l.png?raw=1" width="60%">

> Also notice above that both the files and folders have different levels of permissions defined.

### Changing Permissions

Now to change the permissions of a file or directory, we need to use the change mode or `chmod` command.  

`chmod 600 index.py` 

The different codes each correspond to different permissions.  Here are some of the more popular ones below.

<img src="https://github.com/jigsawlabs-student/permissions-reading/blob/main/permissions.png?raw=1" width="80%">

So if we run `chmod 600 index.py` we'll change the permissions to only allow the owner to read and write a file, and prevent read access from anyone else.

In [None]:
!chmod 600 index.py

In [None]:
!ls -l index.py
# -rw-------  1 jeff  staff  0 Jan  6 18:54 index.py

-rw-------  1 jeff  staff  0 Jan  6 18:54 index.py


Instead of remembering the different codes, we can also use characters to add or remove the permissions of a file.

So if we want to remove the write permissison from the user and group, we can do the following:

In [None]:
!chmod ug-w index.py

In [None]:
ls -l index.py

-r-----r--  1 jeff  staff  0 Jan 11 14:00 index.py


And if we want to add the write and execute permissions to the user, group and others, we can do so like so:

In [None]:
!chmod ugo+wx index.py

In [None]:
ls -l index.py

-rwx-wxrwx  1 jeff  staff  0 Jan 11 14:00 [31mindex.py[m[m*


### When do we need to know this?

With all of these details about permissions, perhaps it's surprising that this doesn't come up more often.  The main reason permissions don't come up too often is that when we login to our computer, we are assigned a user.  

And then we create files as that user thus becoming the owner, and given read and write permissions.  

There are times that we need to change the permissions, however.  One is when logging into an external machine with `ssh`.  When we do so, we use a .pem file to login, which essentially contains a really long password.

<img src="https://github.com/jigsawlabs-student/permissions-reading/blob/main/pem-file.png?raw=1" width="60%">

Because we don't want any user (including ourselves) the ability to change this file, and we don't want any other user but ourselves seeing this file.  So if we use this pem file, AWS will ask us to make the permissions more restrictive than the default.  

<img src="https://github.com/jigsawlabs-student/permissions-reading/blob/main/permissions_open.png?raw=1" width="60%">

Typical is to use `chmod 400` on the file.  Let's use this on our `index.py` file to see what this does.

In [None]:
!chmod 400 index.py

In [None]:
ls -l index.py

-r--------  1 jeff  staff  0 Jan  6 18:54 index.py


We can see that now the owner can only read the file, and no one else even has read access.

### Summary

In this lesson, we learned about viewing and changing the permissions for different files in linux.  As we saw, when we accesss the shell, we are logged in as a user.

```bash
id

# uid=501(jeff) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),
# 79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),701(com.apple.sharepoint.group.1),
# 33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),
# 398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
```

And we can view the permissions that we have as that user, for a file or group of files using `ls -l`.

```bash
!ls -l index.py
# -rw-------  1 jeff  staff  0 Jan  6 18:54 index.py
```

The output indicates whether, as the user we have read write or execute level permissions, both at the individual, group, and global level.  And the first dash is to indicate whether or not we are viewing a file or directory.

We then saw that we can change the permissions with something like:

```bash
chmod 400 index.py
```

Where we use *change mode* to change the permissions on the `index.py` file.

### Resources

[Limit use of Root](howtogeek.com/124950/htg-explains-why-you-shouldnt-log-into-your-linux-system-as-root/)

[Don't use sudo with pip](https://dev.to/elabftw/stop-using-sudo-pip-install-52mn)