# Linux Command Line: Permissions

## User & Group IDs

When a new user account is made, it is assigned a user ID. The user is also assigned a group ID. We can use the `id` command to view user and group ids. These user ids are stored in /etc/passwd, and the group ids are stored in /etc/group.

## File Attributes

The first 10 characters we see printed out first after running `ls -l` are the file attributes. These characters tell us the type of the file, the read, write, and execute permissions for the file's owner, the file's owner group, and everyone else.

### File Type

The very first character indicates the type of the file. Some of the more common types and their corresponding attributes are:

- `-` regular file
- `d` directory
- `c` character special file
- `l` symbolic link

## The `chmod` Command

To change the permissions of a file or directory, we can use the chmod command (change mode). To use chmod to alter permissions, we need to tell it:

- Who we are changing permissions for?
- What change are we making?
- Which permissions are we setting?

The basic syntax is `chmod mode file`.

### Who

When specifying permission with chmod, we use a special syntax to write permission statements. First, we specify the "who" using the following values:

- `u`: user (the owner of the file)
- `g`: group (members of the group the file belongs to)
- `o`: others (aka the world)
- `a`: all of the above

### What

Next, we will tell chmod "what" we are doing using the following characters:

- `-` removes the permission
- `+` grants the permission
- `=` set a permission and remove others

### Which

Finally, the "which" values are:

- `r`: the read permission
- `w`: the write permission
- `x`: the execute permission

### Examples

`chmod g+w file.txt` adds write permission to the group.

`chmod a-w file.txt` removes write permission from all.

`chmod u+x file.txt` add executable permission for owner.

`chmod a=r file.txt` set permissions to read only for all.

## `chmod` Octals

The chmod command also supports another way of representing permission patterns: octal numbers (base 8). Each digit in an octal number represents 3 binary digits.

- Octal (0) - Binary (000) - File Mode (---)
- Octal (1) - Binary (001) - File Mode (--x)
- Octal (2) - Binary (010) - File Mode (-w-)
- Octal (3) - Binary (011) - File Mode (-wx)
- Octal (4) - Binary (100) - File Mode (r--)
- Octal (5) - Binary (101) - File Mode (r-x)
- Octal (6) - Binary (110) - File Mode (rw-)
- Octal (7) - Binary (111) - File Mode (rwx)

For example, `chmod 755 file.txt` would set the file mode as `rwxr-xr-x`, meaning the user has all permissions, whilst the group and others cannot write.

## The `su` Command

There may be times we want to start a shell as another user, from within our own shell session. We can use the `su` command to do that. For example, `su - hermione` would create a new login shell for the (substitute) user hermione. We would need to enter Hermione's password. To leave the session, type `exit`. If you leave out the minus in front of su, you will remain in the same current directory. It is recommended to use `su --login user`.

## The Root User

In Linux systems, there is a super user called root. The root user can run any command and access any file on the machine, regardless of the file's actual owner. The root user has a lot of power and could easily damage or even destroy the system by running the wrong commands. For this reason, Ubuntu locks the root user by default.

## The `sudo` Command

Even if the root user is locked by default, we can still run specific commands as the root user by using the `sudo` command (superuser do). Individual users are granted an "allowed" list of commands they can run as the super user. Run `sudo -l` to see the permitted commands for your particular user. 

By default, Ubuntu disables logins to the root user account. Instead, the initial user is granted full access to all superuser privileges. Subsequent users will not have full sudo privileges by default, but the original user can grant them.

To run a command as the root user, prefix it with `sudo`. You will then need to enter the password for your account. For example, to update Ubuntu, you would need to run `apt update`. However, you cannot do this as the regular user as it is something that impacts all users. So you would run `sudo apt update`.

## The `chown` Command

The chown command is used to change the owner and/or the group of a specific file or directory. To make bojack the owner of file.txt, we would run `chown bojack file.txt`.

To change the owner of a file and the file group owner at once, we can provide both using `chown user:group file`. For example, `chown bojack:horses file.txt` will change the owner of file.txt to bojack and changes the file group owner to the group horses.

To only change the group owner of a file, we can run `chown :group file`.

TO change ownership for a root-owned folder type `sudo chown user:group file`.

## The `groups` Command

To view the groups that a given user belongs to, run `groups username`.

## The `addgroup` Command

We can create new groups using the addgroup command. To create a new group called friends, we would run `addgroup friends`.

## The `adduser` Command

To add a user to a group, use the adduser command by writing `adduser user group`. To add hermione to friends, we would run `adduser hermione friends`.