User permissions determine all file access

Most everything in Linux is a file, and gaining access to them requires understanding how file ownership and permissions relate to users. I am going to focus on ownership in this case and how it relates to your system user, and how this can be changed.

Files have two owners: a user and group

When you ls -l in a directory it shows all the files and directories, their ownership and permissions. The user / group in this example are where the user and group would be listed out.

drwxr-xr-x    6 user group   4096 Feb 16 12:02 dir
-rw-r--r--    1 user group    213 Mar 11 11:00 gatsby-browser.js
-rw-r--r--    1 user group   2881 Mar 30 20:31 gatsby-config.js

The permissions for the user are the values 2-4 (rw-) in the permissions entry (first entry), 5-7 (r—) for the group, then 8-10 (r—) for all others. You need to know which categories your user will fall into to determine the permissions you have on the file. If it falls into more than one, you get the highest level of access granted.

The briefest into to permissions

There are three values, in this order: r - read
w - write
x - execute
That determine if your user can read, write to, or execute a file. Read allows looking at/reading a file, but nothing else. Write allows modifying the file, and x allows executing it as a program. If the position of one of these is occupied by a blank (-) it means that permission is not granted for that user or group.

You need to know your user, and what groups it belongs to

In order to determine whether you will be able to access files or not, you need to know what your user and its groups are.

Determining your current user

There are a several different ways. These three get current user name. It is useful to know a couple different ways to do this, because depending on the system you may not be able to use certain methods.

echo $USER  
whoami  
id -u -n

Increasing amount of info about the current user.

who
w

Determining what groups the user belongs to

Once you know the username, you can get info about the groups it belongs to.

# for the current user
groups      
# for the user specified
groups user
# Also for a porvided username
id username

Using the user and group information

Once you know the username and groups it belongs to, you can determine what access a user will have to a file. Permissions are grouped by user, group, and all others. You will be able to use the most permissive setting that your user has access to, which is usually in descending order of having direct user ownership, being in a group that owns the file, and then any other user.

Using sudo to elevate permissions

Sudo allows you to issue commands as if you were the root user, granting access to just about anything on the system. A user must be listed in the in the /etc/sudoers file in order to do this, and their ability to use sudo will depend on the configuration in that file.

Run a command with sudo

Installing to the system is a common case that many users will encounter.

sudo apt install packagename

Run command as user

You may not want to issue a command as the root user with sudo, and instead become another user for security purposes. Using the -u flag with sudo you can do this.

sudo -u ${USERNAME} normal_command_1  

Become a certain user

It is also possible to become a user as opposed to issue a single command.

sudo -i -u amanda  

Become root user without root pass

sudo su - This invokes the super user through sudo. If your user is allowed to do this in the sudoers config, you will now have a shell as the root user.

Why become root

Usually I do this when the file and directory permissions are very restrictive and I can’t do the work effeciently without lots of tricks to manipulate sudo into doing what I need it to, which I will demonstrate next.

Gotchas with sudo

The one I run into most frequently is that sudo does not apply the expected way to certain commands. A common example is running a command and directing its output to a file your user does not have permissions to access.
In this case the command is run by sudo, but the redirect is your users permissions, so it will fail to open the file.

# Will fail if your user cannot write to the file
sudo command > file

To apply sudo to all the commands, use it to run a subshell.

sudo bash -c ' command > file'  

Or run sudo on a command that can do the job of the pipe:

command | sudo tee file/path/and/name  

The file system; there is a distinct organization, mostly

A linux system will probably seem to have a bunch of nonsensical directory structures to new users that will not make much sense. There is however a distinct organization that repeats in some cases at several levels, with certain names that should immediately cue you in to what goes in a location.

bin (binary / executables)

binaries; this is where all executables should go, at one level or another.
/bin – system critical binaries.
/usr/bin – User applications, mostly installed by package manager.
/sbin – system administration binaries; meaning they require root.
/usr/local/bin – Programs installed outside scope of package manager.

lib (library) – Library files are stored here.

/lib – essential libraries for /bin and /sbin.
/usr/lib – these will correspond to the executables in /usr/bin.
/usr/local/lib – Libraries for programs outside package manager scope.

/etc – system configuration files,

Think of it as an analog to control panel, it stores configurations for things. Unlike bin and lib everything tends to get put in the single main /etc, although subsidiary ones will sometimes exist.

/var (variable files) – Variable files

In this context variable means files whose content is expected to change during the operation of the system. This includes logs, state files.
/var/lib – state information. Persistent data modified by programs as they run.
/var/lock – Lock files that keep track of resources currently in use.
/var/log – log output from programs as they run.
/var/run – run-time variable data. Has been relocated to /run, but should link here for backward compatibility.

Backing up disks, partitions, and whole systems

There are many ways to do this, but I will show a few that are readily usable with most systems.

Considering permissions

Backing up parts or the whole of a system means you will need permissions to access all the files so they can be copied. This means that backups will typically be run as root either with sudo or the root user.

dd (data duplicator or bit stream duplicator)

The old disk copy tool. It is really for any writing between block devices. Best for copying whole disks/partitions or specific blocks within them.

Terms:

bs= - block size option. Usually a power of 2, but it does not need to be.
of= - This means output file, it is where you will be writing to.
if= - This is the input file. If pipe used to get data that is the input.

Flashing an image to USB disk with dd

This is just a useful facet of dd anytime you need to make a bootable usb. Make sure the destination drive is unmounted.

## Examples for gparted, debian
sudo dd if=/path/to/gparted-live-0.17.0-4-amd64.iso of=/dev/sde1 bs=4M; sync   
sudo dd if=/your/path/debian-7.5.0-i386-netinst.iso of=/dev/sdX bs=4M  

Full disk backup with dd

backup entire copy of hard disk and restore it.

dd if=/dev/sdx of=/location/for/file.backup
dd if=/location/for/file.backup of=/dev/sdx

Clone a partition with dd

Specify the disk and partition, otherwise the process is the same as disk cloning.

# first command backs up, second restores
dd if=/dev/hda1 of=~/partition1.img
dd if=~/partition1.img of=/dev/hda1  

Other uses; block, byte level copies, file creation

This first one backs up the Mbr, assuming it is first 512

dd if=/dev/sdX of=/path/to/mbr_file.img bs=512 count=1  

Creating a file of arbitrary size:

# exactly 10MB (not MiB) file
dd if=/dev/zero of=file1 bs=10485760 count=1

Extracting specific bytes from a file. This would skip 102567 bytes and then grab 253. Not that I have any use case for that, but other utilites certainly won’t do this.

dd skip=102567 count=253 if=input.binary of=output.binary bs=1  

tar

It can compress a set of files, but is often better suited to doing whole folders to grant some sort of organization. It is an archive creator and extractor generally, but can do this for entire drives and file systems as well.

Example system backup with tar

Two versions of this:

tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz \--exclude=/mnt --exclude=/sys /  

The second uses —one-file-system to restrict what the backup grabs.

tar -cpzf backup.tar.gz --exclude=/backup.tar.gz --one-file-system /   

The —one-file-system flag backs up only a single file system. Based on information I see, this seems to mean not just other partitions, but also the virtual file systems (/proc, /sys), and the tmpfs (/dev, /run) will not be included, which is the desired effect.

Rsync

This is the tool that it might be best to jump directly to, because it has a lot of features for copying files and can do incremental backups more easily than tar.

Some useful rsync options

-a - archive format, preserves most ownership/permission
-x - don’t cross file systems
—exclude - do not copy these locations or files. Patterns are relative to copy source and can use globbing.
—delete-excluded - if something that should be excluded is found in the destination, it is removed.
—delete - files that are removed from the source get removed from the

Full system backup, not specifically bootable

This is the generic backup command command:

rsync -aAXv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"}  / /path/to/backup/folder  

Then the restore command matches, but locations are reversed:

rsync -aAXv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"}  /path/to/backup/folder  /  

You want to exclude the location of the backup as well, if it falls into a location that would be copied.

Rsync incremental backups

The Strategy I usually see is to create daily, weekly backup folders, and have rsync update the correct backup each day/time. This is of course if you are not using a more sophisticated backup program.

Why bother with dd,tar,rsync

There are many backup options for any system, and if you just want backups for your personal machine these are probably not something you need. The advantage of the base utilities in Linux however is that they are packaged with many systems and kwowing how to use the basic tools allows the same tasks to be completed on everything from embedded to server to regular desktop machines without needing to install and work with other tools. I use back-in-time on Ubuntu along with a remote backup service, but frequently pull out these other tools for various tasks.