Basic Lesson 1: Identities and Permissions

By Ed Hurst | Posted at 4:25 PM
In this first article of Ed Hurst's Clueless Computer User's Guide to Open Source, Ed explores permissions and other basics of a multiuser system. If you are unfamiliar with these concepts or do not know why even a single user system should have multi-user principles applied to it, read on to find out.

Multi-user system. What does that sound like to you? Obviously, it implies that the computer in question was designed for more than one user. If you think about it a moment longer, it implies having to log in, and having an "account" on the machine. It implies making sure the machine recognizes you as someone who has a right to be there.

While I am aiming this guide at the desktop user of a computer not shared with others, that misses the point. A multi-user system is still the best choice for a single-user machine. There is a special power in the multi-user system -- the power to protect.

We've all heard countless times of someone "hacking" -- or more accurately, "cracking" -- into a commercial computer system and taking over control of it. We get the impression of secret knowledge of how to make the system obey. They go on the Internet and send secret messages to these commercial systems until they find a way to take control. If they have physical access to the system, or some part of it, it's even easier. Most folks who have used ordinary home PCs would think taking over a computer is no big deal. "Hey, that's easy. Just turn it on and start clicking the mouse and typing stuff."

On a commercial system, it's not that simple. Those systems are designed for mulitple users, and many people will have accounts, and have to log on and so forth. The various users will have differing levels of power over the system. Some can read mail and not much else. Others can use powerful software to play with information databases and such. One, or perhaps two, will have special permission to do anything they want. These last are usually the "Systems Admin," the "IT worker," or something similar.

On your home or small business PC, chances are if you bought it with the system installed and working, you have that special power. You can install what you want, uninstall, change settings, and so forth. That is, if you know how. If not, you are at the mercy of any program that knows how to install itself. That's how people get viruses and other bad things on their computers.

As the only user, you have the power to run any program you like. You are your own "Systems Admin." And any program you run has your power, your permission, to make drastic changes in your system, whether you understand them or not. Even if you have a modern home PC with the latest operating system, you still normally run as the "Super User" -- the one with all the power. You might give your kids an account, and log out so that they have to log in, and use it with less power. You will if you are smart. That way, they can't download something that appeals to them and ruin your system, because it happens to have a virus in it, or something equally bad.

What if you, as the Super User, download and open your mail. If you open an attachment, it has your power to run, if it's a program. By now, I hope you've heard enough times not to open attachments to your email. Well, there are plenty of viruses that don't wait for you to open them. As soon as they are on your system, they take control.

Or if you are surfing the Net, and stop at some new website you've never heard of, you can pick up viruses that way, too. Some programs are written to assume you have said "OK" and do their thing. So if you are the Super User, they have your power to completely change the system, to wipe your hard drive, and so forth.

Maybe it's not such a good idea to run as Super User. So you give yourself an account, and use it for the most part, so that all you can mess up is your personal stuff, not the whole machine. Good for you!

The problem is, you are probably running a system that is still wide open to viruses and crackers. That's because the whole thing is built in such a way that it's convenient. Convenient is not bothering to lock your doors when you leave the house, or it's driving through a high-crime neighborhood because it's shorter, or it's leaving the keys in your car. Your store-bought SOHO PC is just that wide open, by design. You don't have to know any special tricks; you just turn it on and use it. So any program you, as your less-powerful user, run on that system still accesses the very heart of your computer system, in a way that is terribly insecure.

So any user that your computer recognizes can still destroy it. That's because the files all have permissions built into them. Those permissions allow just about any user with a proper identity to run things with almost as much power as the Super User, and sometimes equal power. So why did they bother to make it seem like a genuine multi-user system? Convenience. And maybe -- just maybe -- to deceive you and give a false sense of security. That way, you won't worry about it; you'll just use the sytem and all the stuff they sell extra to go with it.

What a tough job it would be trying to go through your entire system changing permissions so that it was more secure! And then the system might not work, because the whole thing was designed to be convenient, not secure. That is, even if you knew what you were doing changing permissions.

The more you learn about computer security from viruses and crackers, the more you realize that what comes installed on most computers is wide open to attack, and always will be. Compared to that, Open Source computer systems are designed from the start with security in mind. If you give yourself a user account, you know that you can get all your normal work done, but you cannot destroy the system easily. The permissions on files are far more complex, yes, but that's because complexity is what works. Convenience is an invitation to disaster in today's world.

How Permissions Work

On Open Source systems, everything is a file. Memorize that. Even your mouse and keyboard are treated as files. That way, the system can control who does what. Initially, the whole system is owned by the Super User, called root -- get used to that term. Root can do anything with anything on the system. Somebody has to have the final say, and root is it.

There are other "users" on the system that are actually part of the system itself. We give them various nicknames based on what they do. Finally, there are ordinary users. When you first install an Open Source operating system, you will be required to give yourself a user account so that you protect the system from dumb mistakes. A simple typo can destroy the whole thing.

There are also groups on the system. A part of every user's identity is the list of groups to which they belong. It allows for a complex and powerful structure for who gets to do what. Since that's not really a concern for the stand-alone home system, it's more important to note that you will have to make sure your user is a member of all the right groups. On some Open Source systems, that's pretty much automatic when you install the system. On others, you have to do it manually.

If you create a file, you own that file. You are the owner. You can decide who gets to see that file, who gets to write in that file. If your file can do work (a program or a script) you can decide who gets to make it work. Some files are nobody else's business, and you should lock them up. Only root can still read, write and use everything on the computer, no matter who owns and what permissions they set.

These permissions really work. Consider this: while you are online surfing the Net, it's possible for someone on another computer to try and talk directly to your machine without you knowing it. It's very difficult if you are running an Open Source system, because they don't have an account, and the computer knows they are working from outside. You may have set things up to prevent that, like a firewall, but let's say they discover a way to do talk to your computer. At first, they have only as much power as any regular user. What can they destroy? Maybe your personal files in your personal part of the system. None of the rest of the computer is disturbed. They have whatever permissions you have, and no more, because they are using your user connection to the Internet.

It's just vaguely possible they could crack the root account, and get root's power, but that has become extremely difficult these days. Open Source systems are designed from the start to be very difficult to break into, because the permissions really work. Without getting the password for root, they are unlikely to do much. Trashing your personal files might be a hassle, or even ruin your job if you no backups, but it can't ruin your system. Most crackers and virus writers aren't interested in personal files, anyway.

It's very difficult to write viruses that really work in Linux, and even more difficult if you are running some versions of Unix. If you use a dialup connection, and run a firewall, your system is almost impossible to crack from the outside. You will lose the convenience of being able to do all the nifty things with regular PCs, especially on the Internet. In exchange for a little inconvenience, and at the cost of learning more about your computer, you gain security that is as good as it gets.



Ed Hurst is Associate Editor of Open for Business. Ed is also the Music Director for Grace Baptist Church of Kickapoo Creek, Texas. He loves computers, runs GNU/Linux and reads all sorts of things. You can reach Ed at ehurst@ofb.biz.