Lab: Rootly Powers.

Step3: The File System.

• To do this step:
  • You should have a running version of the RootlyPowers virtual machine, set up.
  • You should understand the basics of becoming other users.
  • If you have not completed the first two steps, please return to this step after you have done so.
• Log into the guest machine for this lab as bob.
  • Start a terminal.
  • Change to the step3 directory by typing cd step3
  • 
• Remember to keep notes on the commands introduced.
• ls
  • The ls command is used to show files on a system.
  • man ls will display an extremely large manual entry
    • ls has many flags
    • Check this out.
  • type ls
    • Notice that three files and three folders, or directories, are listed.
  • type ls -l
    • This lists the files in long format.
    • 
    • This shows
      • File permissions.
      • The number of "links" to the file.
      • The owner of the file
      • The group associated with the file
      • The size of the file
      • The date and time the file was last changed
      • The name of the file.
    • We will be back to this soon.
  • type ls -al
    • Notice two additional directories, . and .. , were displayed.
    • These files are not "hidden", but files starting with a . are not displayed by ls by default.
    • The -a flag says to list them.
  • Try ls -lrt
    • Notice the date/time is increasing.
    • Look at the man page and figure out what the -t and -r flags do.
  • In general ls -alrt is an effective tool for monitoring the system.
    • It displays all files.
    • But sorted by time.
    • So the most recently changed files will be listed last.
    • This allows you to see recent changes.
• touch
  • Unfortunately file time stamps are not reliable.
  • Read the manual page for touch
  • Try
    1. touch newFile
       • Using ls, what did this do?
       • How big is newFile?
       • When was newFile created?
       • date will tell you the system current time.
    2. touch -d "Jan 1 2022 00:00:00" oldFile
       • Using ls -l, what did this command do?
  • Can you trust file time stamps when performing a system audit?
• more (and less)
  • The command more filename will show you the contents of a file.
  • Try more open
  • There is a more powerful version of more installed on most *nix computers called less which can be used in place of more.
  • Use more to examine the contents of the files group, closed and open
  • You can use less anywhere you use more
    • Both come installed on most *nix systems.
    • less at one time was an addtion.
  • Other commands like more/less
    • More and less are pagers, or commands that will show you a file one page at a time.
    • cat will just dump the entire file to the screen.
    • head will show you the first few lines of a file.
    • tail will show you the last few lines of a file.
  • Take a moment to:
    • Record all five of these in your command list.
    • Read the man page on each of these.
    • Try each on the file charge.txt in the step3 directory.
• File Permissions
  • Once again list the files in long format
    • 
    • Note the contents and dates of files will change from the screen shot to the time you work through this lab.
  • Notice the first part of each line is a collection 10 characters.
    • drwxr-x---
    • The first letter indicates the file type.
      • A "-" (dash) indicates a regular file.
      • A "d" indicates a directory.
      • We will encounter more of these in the lab.
    • The next three sets of three indicate permissions.
      • The first set is for the file owner or the "user"
      • The second set is for the file group.
      • The third set is for everyone else on the system.
    • Each group can be interpret as follows for files:
      • The first letter is either "r" or "-"
        • If it is an r, the user, group or other can read the file.
        • If it is an -, the user group or other can not read the file.
        • Notice that bob has r for all of the files in this directory, and bob is the user (third field), so bob can read all of these files.
      • The second letter is either "w" or "-"
        • This tells us if the user, group, or other has write permission.
        • Or permission to change the file.
      • The final letter is an "x"
        • This indicates execute permission.
        • Notice the file hello has execute permission.
        • You can run this program by typing ./hello
  • Exploring File Permissions
    • Start another terminal
    • Become user alice ( su alice , password alice)
      • Use id and note that alice is a member of the shared group.
      • Based on this what files will alice be able to read?
      • Use a file reading command (more, less, ...) to try to read the files in Bob's directory as Alice. Was your prediction correct?
      • What files should you be able to change as Alice?
      • Use touch filename to try to change the files in this directory. Was your prediction correct?
      • Type exit to resume working as Bob.
    • Become the user john (su john, password john)
      • Notice that john is not in group shared.
      • Repeat the steps above.
    • Become root ( sudo -i)
      • When you do this, you will change directories. You will need to change to bob's step3 directory.
      • Do this with cd ~bob/step3
      • Note that root is not in the shared group.
      • Try all of the steps above.
    • Do file permissions apply to root?
  • Directory permissions
    • Use the accounts of alice and john, and the folders closedDir, groupDir and openDir to determine what read and execute permissions for directories do.
      • Try the commands ls and cd.
  • System configuration files
    • Many of the system configuration files are stored in the directory /etc
    • For example /etc/passwd and /etc/shadow.
      • We will discuss both of these in future labs.
      • But they are very important to the security of the system.
    • Do a long ls on each of these files to see the permissions.
    • As bob, try to edit /etc/passwd
      • vi or vim works fine ( vi /etc/passwd
      • nano and joe are also installed.
      • Or as bob, sudo leafpad and browse to the file (places -> filesystem ->etc -> passwd)
      • In any case, try to write this file. What happens?
    • Repeat the experiment with /etc/shadow
  • Other files.
    • For this last experiment, you will need two terminals.
      • In one, be logged in as bob.
      • In the second be logged in as alice.
        • Start a terminal as bob, su to alice.
    • A pseudo-terminal "acts like a terminal"
      • They interact with the os via a file.
      • In alice's window type tty
        • This will tell us the file alice is using for her pseudo terminal.
        • In my case it was /dev/pts/1
        • 
        • Use ls to examine the owner and permission on the pseudo terminal.
        • 
      • Bob owns this terminal, so bob can write to it.
        • In the terminal as bob (unused so far)
        • type cat > /dev/pts/1
          • then type some message
          • End with ctrl-d (the control key held down and a d)
        • Observe alice's terminal. What is happening?
        • Try
          • cat /dev/pts/1
          • When you are finished, type ctrl-c in bob's terminal.
          • type in alice's terminal.
          • What is happening now?
        • 
    • We now need alice to have a new pseudo terminal so
      • In the alice window type ssh alice@RootlyPowers
      • Log in with password alice.
      • Repeat the above experiment,
  • A second power of root is that they can
    • Read or write any file on the system.
      • This includes configuration files.
      • This includes files that are interfaces to hardware devices.
    • Access any directory on the system.