Linux Basics

Learn the basics of operating a Linux-based operating system (OS) and take your first steps in exploitation in a Linux environment!

Easy

Linux Basics

Users and Permissions

Linux_Basics::Users_and_Permissions

If you've done an introductory operating systems (OS) class before, you may know that one responsibility of a modern multi-user operating system is to handle security boundaries between different users. Such features are required so that multiple users can work harmoniously with a single device, like a family sharing a home computer or a large organisation sharing a complex cloud server.

Amongst Linux-based OSes, the security implementations are similar, and it's crucial that we understand them to secure our systems, and circumvent these protections >:).

id

One core concept of Linux security is that of the id. There are multiple types of ids (group/user, real/effective), but the general idea is that ids are numerical values that represent a user or group of users.

We can view the various ids of our current user using the self-explanatory id command.

$ id
uid=1000(omu) gid=1000(omu) groups=1000(omu),4(adm)

uid (User ID)

The uid (user id) is a unique integer that represents the user. Being unique, no other user would be represented by the same number. This is similar to passport numbers in the real-world, the number represents the passport that is tied with your identity, and no other person should share the passport number with you.

gid (Group ID)

The gid (group id) is the identifying integer that represents the user's primary group. Groups are just a collection of users, that can then be assigned permissions to perform certain actions. This way, each individual user of the group does not need to be given the permissions separately.

groups

The groups field will list all groups that the user belongs to, not just the primary group of the user. The secondary (non-primary) groups are usually assigned to a user after creation, but function simiarly.

Effective VS Real

On top of this, rarely the id command may mention the effective id of a user. This is in cases where the user was granted the effective id of another user, in order to perform operations that only the other user is able to perform.

This can be done through using the setuid bit, which will be explained shortly.

root

The root user is a special user in most Linux operating systems. This user has a uid of 0. The root user is meant to be the power-user/admin, and should be able perform the most operations out of all the users.

In general, most users will not be logging in to the root user (with exception of distros like Kali). Instead, if we wish to perform administrative actions with the power of root, we use the sudo command instead, which allows us to run commands as if we were root.

The syntax is as follows:

sudo <command to run>

For example:

$ id
uid=1000(omu) gid=1000(omu) groups=1000(omu),27(sudo)

$ sudo id
uid=0(root) gid=0(root) groups=0(root)

As this is a powerful capability which allows any user to elevate to root permissions, only users belonging to the sudoers (sudo) group will be allowed to use the sudo command to run commands. Furthermore, even users that are allowed to use sudo could be granted fine-grain permissions on what exact commands they are allowed to run with sudo.

Permissions

Now that we understand how users can be identified by their uid and groups, let's understand how permissions are given to them. First, we can create a simple text file.

$ echo "Hello, World" > hello.txt

To view permissions, we can use the ls command with the -l (list) flag.

$ ls -l hello.txt
-rw-rw-r-- 1 omu omu 13 Jul 30 14:26 hello.txt

Let's draw our attention to the omu omu section of the output. The first omu is the name of the owner of the file. Since we created this file, it makes sense that the owner is our user, omu.

The second omu refers to the primary group of the owner. As we've shown earlier, our user's primary group is named omu as well, and this is reflected in the output.

Understanding this, we can move on to the most important part of the output, the front section.

-rw-rw-r--

This output should be split into groups of 1-3-3-3 to be understood.

File Type	User	Group	Others
`-`	`rw-`	`rw-`	`r--`

File Type

The file type can either be a regular file (-), a directory (d) or a link (i). We have covered files and directories before, and links are a special type of file that link to another file.

User/Group/Others

These three sections represent the permissions that 3 different groups have for the current file. The user/owner permissions to the file, the permissions that members of the owner's group has, and the permissions that all other users will have.

Each permission is represented by three characters, representing the read, write and execute permissions for the file. The read and write permissions are self-explanatory, and determine whether there is permission to read the contents of the file, or to write to the file.

The execute permission determines whether the file is an exectuable, and whether the user has permissions to execute the file. Simple text data should not be made executable, while scripts or binary executables (like /bin/ls) should be made executable for the allowed users.

In the case of our hello.txt file, it has been automatically created with these permissions.

Owner/Members of the owner's group can read and write to the file, but cannot execute it
All other users can read the file, but cannot write or execute the file

In tabular form, the file's permissions are like so.

File Type	User/Owner	Group	Others
Regular file	READ-WRITE-NO EXECUTE	READ-WRITE-NO EXECUTE	READ-NO WRITE-NO EXECUTE

Quiz

Given the following permissions:


    -rwxrwxr-x

can a non-owner modify the executable?

Modifying Permissions

The easiest way to change permissions is to add or remove them for everybody. The command to use is chmod.

The syntax is as follows

chmod <permission change> <file>

Showing some examples will be better than explaining. So here are a few examples:

# Check current permissions
$ ls -l hello.txt
-rw-rw-r-- 1 omu omu 13 Jul 30 14:26 hello.txt

# Disallow ALL from reading (r)
$ chmod -r hello.txt
$ ls -l hello.txt
--w--w---- 1 omu omu 13 Jul 30 14:26 hello.txt
$ cat hello.txt
cat: hello.txt: Permission denied

# Allow ALL to read (r)
$ chmod +r hello.txt
$ ls -l hello.txt
-rw-rw-r-- 1 omu omu 13 Jul 30 14:26 hello.txt
$ cat hello.txt
Hello, World

To do the same for write(w) and execute(x) permissions, the +r/-r just needs to replaced accordingly.

Changing permissions for specific subgroup

However, sometimes more fine-grained control is required. For example, we may only want to allow the owner to read and write to the file, while disallowing others from reading or writing.

To do so, we can prepend the group in front of the + or - in chmod's command-line syntax.

$ ls -l hello.txt
-rw-rw-r-- 1 omu omu 13 Jul 30 14:26 hello.txt

$ chmod o-r hello.txt
$ ls -l hello.txt
-rw-rw---- 1 omu omu 13 Jul 30 14:26 hello.txt

As can be seen, we have removed (-) the read permissions from the others group (non-owners). If we want to further restrict it such that even users of the owner's group are unable to read or write to the file, we can do so too.

$ chmod g-r hello.txt
$ ls -l hello.txt
-rw--w---- 1 omu omu 13 Jul 30 14:26 hello.txt

$ chmod g-w hello.txt
$ ls -l hello.txt
-rw------- 1 omu omu 13 Jul 30 14:26 hello.txt

Now, only the owner themselves can read/write the file.

Numeric method

There is an additional numeric method to modify permissions. But we will not cover this as it is less intuitive to understand. However, this can be quite useful to learn if you wish to be a power-user, this will be a good reference to understand this method.

Here are some examples:

# Remove ALL permissions
$ chmod 0 hello.txt
$ ls -l hello.txt
---------- 1 omu omu 13 Jul 30 14:26 hello.txt

# Add ALL permissions for ALL users
$ chmod 777 hello.txt
$ ls -l hello.txt
-rwxrwxrwx 1 omu omu 13 Jul 30 14:26 hello.txt

# Figure this out!
$ chmod 664 hello.txt
$ ls -l hello.txt
-rw-rw-r-- 1 omu omu 13 Jul 30 14:26 hello.txt

setuid permissions

We mentioned this earlier, but setuid (set user ID on execution) permissions are a special type of permission. The group equivalent (setgid) exists as well.

Generally, when we run an executable (e.g. cat), the exectuable will be run with the permissions of the user running. Therefore even if the root (uid-0) created the cat binary, the files that can be read using cat are limited to those allowed for the current user. This makes sense as the user should not be able to have higher privileges than what's allowed to their user by default.

However, there are certain scenarios where the user may need elevated privileges to do useful work.

Done

Execution TCP and Pwntools

omu training

Lessons

Linux Basics

Linux_Basics::Users_and_Permissions

id

uid (User ID)

gid (Group ID)

groups

Effective VS Real

root

Permissions

File Type

User/Group/Others

Quiz

Given the following permissions:
`-rwxrwxr-x`
can a non-owner modify the executable?

Modifying Permissions

Changing permissions for specific subgroup

Numeric method

setuid permissions

Linux Basics

Linux_Basics::Users_and_Permissions

id

uid (User ID)

gid (Group ID)

groups

Effective VS Real

root

Permissions

File Type

User/Group/Others

Quiz

Given the following permissions: -rwxrwxr-x can a non-owner modify the executable?

Modifying Permissions

Changing permissions for specific subgroup

Numeric method

setuid permissions

Given the following permissions:
`-rwxrwxr-x`
can a non-owner modify the executable?