diff --git a/essential/introduction_to_administration.md b/essential/introduction_to_administration.md index 3d83e75..91488ce 100644 --- a/essential/introduction_to_administration.md +++ b/essential/introduction_to_administration.md @@ -503,10 +503,80 @@ More information of the sections can be found via `man man` where the table belo |8 | System administration commands (usually only for root) | |9 | Kernel routines [Non standard] | +## Changing ownership + +Each file or folder in Linux has one **owner** and one **group**. +When you create a new file or folder, the owner will be you and the group will be your [primary group](https://www.cyberciti.biz/faq/howto-linux-add-user-to-group/). +*Most* of the time this will default to your username for both user and group. +We can however change the owner and the group of a file of folder. +This is done with `chown`, ch(ange)own(ership). +Let's try this out. + +``` +waldek@debian:~$ touch waldek_file +waldek@debian:~$ ls -l +total 0 +-rw-r--r-- 1 waldek waldek 0 May 16 14:37 waldek_file +waldek@debian:~$ tail -1 /etc/passwd +ilies:x:1002:1002:,,,:/home/ilies:/bin/bash +waldek@debian:~$ chown ilies:ilies waldek_file +chown: changing ownership of 'waldek_file': Operation not permitted +waldek@debian:~$ su - ilies +Password: +ilies@debian:~$ cd /home/waldek/ +ilies@debian:/home/waldek$ ls +waldek_file +ilies@debian:/home/waldek$ chown ilies:ilies waldek_file +chown: changing ownership of 'waldek_file': Operation not permitted +ilies@debian:/home/waldek$ exit +logout +waldek@debian:~$ +``` + +No matter *who* we are we can't change the ownership of this file! +We can however perform this action **as administrator**. +[Why](https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file) is this so? +It would be a pretty big security issue if *I* could just claim files owned by `ilies` or vice versa. +So, with `sudo` we can do it as follows. + +``` +waldek@debian:~$ ls -l +total 0 +-rw-r--r-- 1 waldek waldek 0 May 16 14:37 waldek_file +waldek@debian:~$ sudo chown ilies:ilies waldek_file +waldek@debian:~$ ls -l +total 0 +-rw-r--r-- 1 ilies ilies 0 May 16 14:37 waldek_file +waldek@debian:~$ echo "hello world" > waldek_file +-bash: waldek_file: Permission denied +waldek@debian:~$ sudo chown ilies:waldek waldek_file +waldek@debian:~$ ls -l +total 0 +-rw-r--r-- 1 ilies waldek 0 May 16 14:37 waldek_file +waldek@debian:~$ echo "hello world" > waldek_file +-bash: waldek_file: Permission denied +waldek@debian:~$ sudo chmod 660 waldek_file +waldek@debian:~$ ls -l +total 0 +-rw-rw---- 1 ilies waldek 0 May 16 14:37 waldek_file +waldek@debian:~$ echo "hello world" > waldek_file +waldek@debian:~$ cat waldek_file +hello world +waldek@debian:~$ su steve +Password: +steve@debian:/home/waldek$ cat waldek_file +cat: waldek_file: Permission denied +steve@debian:/home/waldek$ +``` + +## `umask` + +TODO + ## Essential programs Below is a small list of often used programs when dealing with file permissions. -We'll go a into detail on some of them right after. +I highly recommend you to read the manuals of each one. | name | description | | --- | --- | @@ -519,10 +589,10 @@ We'll go a into detail on some of them right after. | `su` | run a command with substitute user and group ID | | `sudo` | execute a command as another user | -## Changing ownership - # Remote control of a server +TODO + ## History [Here](https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access) you have a nice article on the history of remote shells. @@ -536,5 +606,25 @@ We use [ssh](https://en.wikipedia.org/wiki/Secure_Shell) now! ## SSH and SFTP +TODO + # Bandit +You now have enough comprehension of Linux to play a [wargame](https://en.wikipedia.org/wiki/Wargame_(hacking)). +Over at [over the wire](https://overthewire.org/wargames/) there are quite a few very good wargames to solidify your knowledge of the command line, the Linux kernel, web exploits, among others. +We'll start off with [bandit](https://overthewire.org/wargames/bandit/). + +> The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know! + +It's a game you play over `ssh` which drops you in a `bash` shell where the goal is to find the password for the next level. +Once you find the password you can log out and back in as the next user. +The entire game revolves around permissions. + +This is the cycle: + +1. log **in** as user `banditX` to the server +1. **find** the hidden password for the user `banditX+1` +1. log **out** of the server +1. **save** the password locally in a text file +1. log **in** as user `banditX+1` to the server +1. rinse, repeat and *enjoy*