Permission Troubleshooting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there Cybrarians, welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz,
00:00
and in today's lesson we're going to be
00:00
talking about permission troubleshooting.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to identify
00:00
common permission issues that impact applications,
00:00
as well as use commands
00:00
to troubleshoot permission issues.
00:00
File directory permissions are a persistent issue.
00:00
We've seen these at a few modules and they impact
00:00
>> when users are trying to access applications,
00:00
>> as well as when they're trying to access objects
00:00
>> like files and directories.
00:00
>> We covered permissions in Module 21
00:00
>> when we were talking about user issues.
00:00
>> We talked about permissions in
00:00
more granularity all throughout Module 15 as well,
00:00
and here we are again talking about them in Module 24.
00:00
Pretty good chance they're going to be on the exam.
00:00
Anyway, permissions issues can involve a few things.
00:00
They could be talking about ownership,
00:00
group memberships, executables,
00:00
inheritance, and service accounts.
00:00
So we're going to take a look at
00:00
>> all of these in this lesson.
00:00
>> File directory ownership is
00:00
an important permissions concept
00:00
because the user can change permissions.
00:00
Remember, the user owner
00:00
>> has a separate set of permissions
00:00
>> there are the U in UGO and group owners
00:00
>> have a separate set of permissions as well.
00:00
>> For example, we can see here for this test file,
00:00
here's the user owner, rw,
00:00
here's a group owner, rw,
00:00
and here's the other, r.
00:00
>> Now most importantly,
00:00
>> incorrect ownership settings can
00:00
prevent an application from running.
00:00
An ownership permissions can be seen
00:00
>> in all cases by running ls -l or ls -al,
00:00
>> and then if we see the ownership permissions
00:00
need to be modified,
00:00
we can do that with the change owner or chown command.
00:00
Now, as we discussed in the previous slide,
00:00
group owners have a separate set of permissions,
00:00
and when we were running
00:00
into application permissions issues,
00:00
there's a few things we're going to want to check.
00:00
First of all, we're going to want to check and
00:00
see which groups the user belongs to,
00:00
so we can run that with the ID command,
00:00
we'll just to say ID,
00:00
and then the username, and it'll tell
00:00
us all of the groups that that user belongs to.
00:00
We can also check in a group ownership and
00:00
permissions of the application or the executable itself,
00:00
and make sure that that group and
00:00
that group owner has
00:00
the correct permissions to that application,
00:00
and if all of these seem to be okay,
00:00
maybe we need to check the files that are used by
00:00
the application and verify their permissions.
00:00
Because in some cases,
00:00
if the application is trying to access
00:00
a file or directory or an object,
00:00
and it can't access it,
00:00
you get a problem with the application.
00:00
In all cases, use
00:00
ls -l or ls -al to check
00:00
permissions and chown or chmod
00:00
>> to correct them as needed.
00:00
>> Now executables have their permission set
00:00
and those are set based on
00:00
the permissions bit for execute.
00:00
Execute is X,
00:00
the X in RWX.
00:00
This is also seen with the ls-l command,
00:00
and if we need to,
00:00
we can modify executable permissions
00:00
using the change mode or chmod command.
00:00
Now, in Linux, there's a concept of inheritance,
00:00
but this is generally tied to the use of
00:00
an Access Control List or an
00:00
ACL that set on the parent directory.
00:00
Now we talked about this previously in Module 15.
00:00
When we're troubleshooting inheritance issues,
00:00
we can view the ACL
00:00
>> by using the getfacl commander, getfacl.
00:00
>> Getfacl -d will display the default
00:00
ACL for the directory,
00:00
and if we see that default
00:00
ACL set incorrectly, guess what?
00:00
Subdirectories and files and directories
00:00
>> are also going to have the same incorrect permissions
00:00
>> and then we're going to need to correct those.
00:00
Well, lucky for us, we can correct
00:00
those using the setfacl command,
00:00
and if you need more information on
00:00
any of these ACL commands,
00:00
take a look at Module 15
00:00
where we covered them in a lot more depth.
00:00
Now finally, it's important to mention
00:00
>> that service accounts work pretty much
00:00
>> like any other account.
00:00
>> These accounts also have a user ID and group ID,
00:00
but typically these will be under 1,000
00:00
by the number for the user ID and group ID,
00:00
whereas user IDs will be at or above 1,000.
00:00
That's one way to differentiate service
00:00
>> versus user IDs.
00:00
>> But the only other major difference is that
00:00
service accounts generally can't log into any shell.
00:00
We can see this in the etc/password file,
00:00
because service accounts
00:00
>> will have sbin/nologin set for the shell.
00:00
>> Now, that isn't actually login, it's nologin,
00:00
which means they can't log into the system,
00:00
>> they have no shell.
00:00
>> That being said, service counts still run
00:00
>> into permissions issues because they work
00:00
>> just like any other account in every other way.
00:00
>> For example, if we need to look at the permissions,
00:00
we can use ls -l or getfacl to determine
00:00
>> if there are issues related to
00:00
>> the permissions or the ACL,
00:00
and then we can use chmod, chown or setfacl
00:00
>> to correct issues as needed,
00:00
>> just as we saw previously.
00:00
With that, in this lesson,
00:00
>> we covered the common types of permissions issues
00:00
>> that can impact an application,
00:00
>> and then we talked about
00:00
>> using commands to troubleshoot
00:00
>> and resolve application permissions issues
00:00
>> such as ls -l, getfacl and setfacl, chown and chmod.
00:00
>> Thanks so much for being here
00:00
>> and I look forward to seeing you in the next lesson.
Up Next