Twitter
Home Blog Page 443

How to Manage Your Cloud Identities

By
Kevin Korte
-

The need to securely authenticate and authorize users and services is not restricted to the traditional IT infrastructure. In the cloud, where it takes just a few clicks to sign up to a new service and roll it out for the whole company, staying in control of your own identities is of particular importance. Only centralized user accounts allow you to keep control of all passwords and policies and keep you solely responsible for preventing leaks of authentication data. Luckily, centrally managed accounts are one of the things users like as well. It gives them the option to log in to many cloud services with one single identity that they use for their workstations anyway.

Therefore, let us first explore the benefits of running your IdM before stepping into the technologies used to connect some of the favorite cloud services.

 

Why Stay in Control of Your Identities

Today many identity management systems are offered to big and small companies. Some are based on open source software while others are based on proprietary software. However, many of them have in common that you cannot easily migrate your identities to a different service, for example, if you are not any more happy with it. Only if you have access to the backend, as you have with UCS or other Open Source Solutions, in addition to the shiny interface, can you genuinely choose where you want to store your identities. Having access to the backend and platform and being able to determine where your IdM runs, gives you distinct advantages over a closed management system that only provides you with a frontend and some connectors.

Firstly, an open platform and a directory allow you to connect your identities to the services of your choice instead of connecting them to the services approved by your IdM vendor. While in many cases all will use the same underlying open protocols to facilitate the connection, it is all too easy for a provider to block connections if a competing offer gives a considerable incentive to do it.

Just imagine, you successfully migrated all your emails to a new email provider, and suddenly your IdM provider decides not to support this provider anymore. You then have to choose whether to migrate your emails and your identities or to accept the management overhead of having two separate systems.

Secondly, if you are in control of the backend, it becomes possible to support further protocols by combining different open source projects. As an example, UCS currently offers, among others, connectors to quickly provision and manage identities used within Office 365 and G-Suite. As the backend is well documented and accessible to anyone running a UCS instance, it only will take a few lines of python code to provision Dropbox with the same information already in use. Without access to the backend, it becomes impossible to do these changes.

Technologies for a Connected Cloud

After looking at the reasons why you would like an open Linux based identity management system, let us focus on the technology used to create a central user identity management system.

 

Traditional Authentication and Authorization Stack

Traditional authentication and authorization protocols, such as LDAP and Kerberos, have been designed to work over both unreliable and untrusted connections. Thus, they can be used for authentication in the cloud as well. And often you find them when connecting your services, sometimes under the name AD services. LDAP connections can offer both authentication and authorization protocols. Or it can only provide the authorization and user management part, leaving the user authentication to Kerberos.

The reason to utilize the combination of LDAP and Kerberos is that an LDAP connection is established only between the authentication source and the service. The user enters his credentials thus with the service, and the service is then using the LDAP connection to authenticate the user. This process allows any service to phish the credentials of your users.

Kerberos, while offering a secure and trusted way to verify the password, has the disadvantage that the user needs to be able to reach the KDC on a protocol and ports that public networks most often block.

Thus, both protocols are more commonly used in on premises scenarios where the IT department is in control of both the systems and the network. Of course, both offer an excellent choice as a backend for the more purpose-built protocols, a scenario which can also be found in UCS.

Purpose-Built Authentication Protocols

Alternatives to the traditional protocols are purpose-built languages that utilize many of the design ideas behind Kerberos but are working with HTTP connections and cookies for the communication between the user, the authentication source, and the service. The three most popular ones are the Security Assertion Markup Language, commonly known as SAML, the Central Authentication Service, in short CAS, and OpenID.

OpenID has its origin in a more web-like approach. Many independent notes trust each other to authenticate their users and provide parts of their user identities without releasing their passwords. What differentiates OpenID from the other two protocols is that there is no needed trust between the identity provider and the service provider. The basic idea was that you provide a unique URL from your identity provider to authenticate yourself and any service provider will accept your identity.

SAML and CAS, in contrast, rely on a controlled federation of service providers and identity sources. Usually, the administrator of the identity provider has to establish a trust relationship to a particular service before the user can authenticate with his account at that specific service.

The authentication itself is similar in most cases. The user goes to the website of the service and enters his ID, in most cases as an email address. Afterwards, the service redirects the user to the particular identity provider that was identified to belong to the address or domain. The user enters his credentials at the identity provider website and gets a token that authenticates him at the services. This description is only a general overview. There are numerous minor differences and possible enhancements that set the different languages apart from each other, but all identify the user and authorize him to use a particular service.

 

User Defining Attributes

Identifying users is an essential but only small part of managing your users. However, it is the better defined and standardized part. The more significant challenge often is to provision the users in a particular service and to provide well-known attributes associated with an account such as the name of the user or his email address.

Just think about the following scenario. The company uses the first letter of your first name, the first letter of your last name and a random identifier, e.g., KK987654@idp.univention.com as the identifier for authenticating the users. G-Suite will at least need your email and name to create a professionally looking sender in every email. Dropbox, on the other hand, might need your group memberships to add you to a specified folder but might also want your email to be able to notify you when one of your folders changes.

Unfortunately, most services provide their custom API, making connectors, such as our G-Suite connector, necessary for provisioning users within the respective applications. Of course, most services offer their toolkits for the integration. However, there is little standardization between these APIs, thus the need for many different connectors.

For some time it seemed that OAuth appeared to gain traction in overcoming this particular issue. OAuth thereby represents a standardized set of APIs that allow a user to share its identity and attributes without sharing the actual login. It is still common today, whenever you hit a button “Log in to Google” or “Log in to LinkedIn”, there is an OAuth data transfer happening in the background. However, this convenience does not extend beyond the handful of providers in the customer space.

Conclusion

Providing centralized identities in the cloud to your users, enables you to manage your users in one convenient location and provision them to different cloud services. The same applies for changing or deleting a user, adding to the convenience of managing your user base in a cloud-centric world.

Most importantly, however, it increases the comfort of your users who only need a single username and password without needing to worry that one hacked service would compromise all other logins.

Accordingly, a central identity management system, such as UCS, which encompasses your cloud services, should be a fundamental part of any IT department.

Java Microservices, Resiliency, and Istio

By
The Linux Foundation
-

This article is part of the KubeCon + CloudNativeCon North America 2017 series.

KubeCon + CloudNativeCon gathers all Cloud Native Computing Foundation (CNCF) projects under one roof to further the advancement of cloud native computing. At the upcoming event in Austin, Animesh Singh and Tommy Li of IBM will discuss how to build, deploy, and connect Java microservices with Istio service mesh. In this article, Singh offers a preview of their presentation.

Linux.com:  Microservices and Java are being mentioned together very frequently. What’s the current state?

Animesh Singh: Microservices, Java! These two terms go together very well: there are excellent frameworks in place to support building epic microservices in Java. Microservices are containerized in one way or another, and there’s some movement in the Java ecosystem around how those containers are built. The Java community has been using Java EE within a microservices architecture for quite a while now, and it has resulted in multiple approaches, both in product implementations and design patterns.

You can pack everything into one “uber-jar” that you shove into a more generic Java container, or you can deploy a thinner WAR file into a more tailored image. The end goal for either approach is similar — a lightweight container with simple configuration that boots quickly using only essential components. Some frameworks that are becoming popular in this space include MicroProfile and Spring Boot.

Linux.com:  Can you shed some light on MicroProfile microservices framework and where it is headed?

Singh: Sure. So what began as a collection of independent discussions and many innovative microservice efforts within existing Java EE projects — for example, WildFly Swarm, WebSphere Liberty, TomEE, and others — have finally coalesced around common ground to form MircoProfile. MicroProfile is a baseline platform definition that optimizes Enterprise Java for a microservices architecture.

Linux.com:  So with these proliferation of microservices, where you can have 100s and 1000s of instances running, would`t resiliency and fault tolerance become very important? Do these frameworks provide and resiliency features?

Singh: Yes. Since we are talking about MicroProfile, MicroProfile 1.2 had recently added a lot of resiliency features like Circuit breakers, Health checks,  Retries/Timeouts etc. which can be enabled by simple changes in code/configuration.

Linux.com:  Nice.  But what if you don’t want to change your application code? And if you are running polyglot microservices?

Singh: Great question. That`s where Service Mesh architecture shines. Istio provides an easy way to create this polyglot service mesh by deploying a control plane and injecting sidecar containers alongside your microservice. Istio adds fault-tolerance to your application without any changes to code. By injecting Envoy proxy servers into the network path between services, Istio provides sophisticated traffic management controls, such as load-balancing and fine-grained routing, as well resiliency and fault tolerant mechanisms

Linux.com:  And finally where can I learn more about these?

Singh: Join our talk at Kube Con in Austin, as well as visit the IBM Code site to try our pattern we have created for Java and Istio resiliency.

M64CZUce7BpBj72HWvd00xtixao8QJuiO1kOEQix
 

Animesh Singh
Animesh Singh is an STSM and Lead for IBM Cloud, Containers and InfrastructureDeveloper Technology. He has led major initiatives for IBM Cloud and Bluemix and currently works with developers to design and develop cloud-computing solutions around Kubernetes, Docker, Serverless, OpenWhisk, OpenStack and Cloud Foundry.

Long-Term Linux Support Future Clarified

By
ZDNet
-

In October 2017, the Linux kernel team agreed to extend the next version of Linux’s Long Term Support (LTS) from two years to six yearsLinux 4.14. This helps Android, embedded Linux, and Linux Internet of Things (IoT) developers. But this move did not mean all future Linux LTS versions will have a six-year lifespan.

As Konstantin Ryabitsev, The Linux Foundation‘s director of IT infrastructure security, explained in a Google+ post, “Despite what various news sites out there may have told you, kernel 4.14 LTS is not planned to be supported for 6 years. Just because Greg Kroah-Hartman is doing it for 4.4 does not mean that all LTS kernels from now on are going to be maintained for that long.”

Read more at ZDNet

The Structure of Day 2 Problems

By
Container Solutions
-

Companies who adopt Cloud Native technologies and principles sooner or later (often sooner) bump into Day 2 problems. This is not because the tooling is bad but rather the opposite – the tooling is excellent. This means that it’s easy to get started with and therefore easy to get into trouble with. In this blog, we’ll look at the dynamics that propel our customers forward on their Cloud Native journeys. We’ll also see that there is a structure for ‘getting into trouble’. To understand that, we’ll take a look at the Hero’s Journey focussing specifically on Perseus and his fight with the Kraken before we look at the Cloud Native Journey and the lessons it teaches us.

We know, nowadays, that we recall information more easily when it’s organised as a story. This quirk of our brains is why a the number of narrative patterns is limited, according to one writer, to only seven. One such pattern is the Hero’s Journey. We can see how this works by looking at the Grecian myth of Perseus.

Read more at Container Solutions

containerd Namespaces for Docker, Kubernetes, and Beyond

By
Moby Project
-

Recently, we merged containerd 1.0 beta support into Moby. You can view the pull request https://github.com/moby/moby/pull/34895 for more information on the integration. The kubernetes team also released the first alpha release of cri-containerd with containerd 1.0 beta support a few weeks ago.

With multiple clients of containerd completing their integrations, it is a great time to talk about how multi-client support works in containerd and how we built containerd to handle multiple clients from the ground up, without having to worry about name collisions, resource management, and the scope of the API.

Read more at Moby

The Politics of the Linux Desktop

By
OpenSource.com
-

If, as I do, you believe in open source, and particularly if you work within the open source community or are employed by an open source organisation, I struggle to see why you would even consider not using Linux. 

I’ve spoken to people about this (of course I have), and here are the most common reasons—or excuses—I’ve heard.

  • I’m more productive on Windows/Mac.
  • I can’t use app X on Linux, and I need it for my job.
  • I can’t game on Linux.
  • It’s what our customers use, so why we would alienate them?
  • “Open” means choice, and I prefer a proprietary desktop, so I use that.

Read more at OpenSource.com

8 Privacy-Oriented Alternative Search Engines in 2017

By
-

In this age of the internet, you can never be too careful with your privacy. Use these alternative search engines that do not track you.

Google – unquestionably being the best search engine out there, makes use of powerful and intelligent algorithms (including A.I. implementations) to let the users get the best out of a search engine with a personalized experience.

So, to address the netizens concerned about their privacy while using a search engine, I have curated a list of privacy oriented alternative search engines to Google. 

Best 8 Privacy-Oriented Alternative Search Engines To Google

Do note that the alternatives mentioned in this article are not necessarily “better” than Google, but only focuses on protecting users privacy. Here we go!

Read more at  ItsFOSS

Top 17 Photo Editing tools for Linux OS

By
Karl Johnson
-

In this graphical era, an operating system cannot handle professional image editing services, can you imagine? There is such a rumor about Linux. Linux is an operating system. Many people think that is it not so much rich in graphical works like photo editing. Even Adobe itself has not made any of their products for Linux. But still there are many photo editing tools that can be used in Linux for image manipulation purposes.

The tools discussed in this content below are either free or some of them are premium. But, you can use them even if you are a Linux user. To use some of the windows applications, you need to install WINE that will create a windows environment in your operating system

1.GIMP

GNU Image Manipulation Program (GIMP) is a free and open source image editing software that is compatible with most of the operating systems. But, it is specially created for the Linux. Since it is an open source tool, you can change its source code and distribute the changes. It is very rich with many tools and plugins which are very useful for the graphic designers, photographers, illustrators, scientists, etc. This tool will enable you to perform all types of image enhancements such as high quality photo retouching, restoring, cropping, resizing, drawing, creative photo manipulation, color correction, and many more. You can also create icons, graphical arts, UI components and mock-ups, and many mores.

2.Photoshop WINE

Normally you cannot use Adobe Photoshop in Linux. Yet there is something to do, if you want to use it in this operating system, you have to install WINE that will create a widows environment in Linux OS and thus you can use Photoshop as well as many other windows based tools. Photoshop is the most popular image editing tool that enables you to do all types of photo manipulation works.

3.Krita

It is a part of the KDE project. It is mainly a digital painting program that allows you to create art how you like. You can create art manually by your hand or you can use mouse and keyboard. It is a very rich tool kit which works well with Linux. It is capable to compete with the contemporary proprietary tools in the digital painting arena. Anyway, Krita can open PSD. It also can open various high resolution raw images and capable of exporting to JPG, PNG, and GIF.

4.Inkscape

This is a very powerful vector graphic tool that suits with Linux. This tool is best for creating logos and many types of digital graphics. You will get here many ways to draw the graphics you like because it offers you a path tool and a freehand drawing pencil. It has multiple pre-defined shape tools and texts, and you can import images and convert to vector graphics. You will get anti-aliased rendering and transparency in images. The file type Inkscape can read SVG, and it also can scan & edit PDF, PNG, PostScript, etc. Inkscape has a user-friendly interface that lets you handle its many tools & options skillfully.

5.Raw Therapee

This tool is for the photographers. They work with raw images to enhance their images. Raw Therapee can work with Linux and it works almost same as the Lightroom. This tool is very rich with a lot of tools and options that allows the photographer to edit their raw photos. They can edit colors, focus, light, and clean the visual artifacts. It can process high resolution images involving with most of the modern operating system and it has the ability to export JPG, PNG, and TIFF images. So, if you are a Linux user, you can use to edit your raw photographs. 

6.Darktable

Like the Raw Therapee, this tool is also for the photographers. It can work with the raw images. Its most suitable issue is that it can work on the image without destroying the originals. This tool has GPU acceleration and it is much enriched with a lot of tools and option that will enable you for color adjustment of the images. It can make a raw photo flawless reduces all kinds of shortcoming. You can perform any kind of post-production work on your image with Darktable. It will provide you a wide range of tools to filter and modify your raw photograph. 

7.Pinta

It is an open source and cross-platform tool. It is used to draw and edit bitmap image. This tool is same as the windows Paint.net program featuring with a plenty of drawing tools, filters, and color adjustment tools. Pinta is also rich with unlimited undo history, multiple language support, and a flexible arrangement of toolbar. It supports image layers. To use Pinta is simple and easy, and you can install this tool in your Linux OS for quick photo editing.

8.Digikam

You can install Digikam in your Linux OS as it is a free and open source image editing software and tag editor. This software supports almost all the major image file formats viz JPEG, PNG, and more than 200 RAW file formats. You can add captions, ratings, and tags. There are numerous plugin support for Digikam. You can direct export your images to many of the social and photo sharing sites. It is the only free tool for Linux that supports 16 bit/channel images.

9.ShowFOTO

One of the finest Linux software is ShowFOTO which is an image editor under the digiKam project. This tool is totally free and you can download and install in your Linux OS. It is much enriched with all the latest and standard image editing tools & options. For example transformation, adding effects, filtering, metadata editing, etc. are the basic functionalities of this software. This imaged manipulation tool is very light and it is fantastic that it doesn’t need any support of other software to be installed. 

10.Fotoxx

It is a digital photo editing tool which lets you to access through a big image directory. It can create easily HDR images, Panoramas or 3060 photos, adjust color and brightness, image rotation, image cropping, sharpen, resize, etc. It is also capable of reducing noise, changing color depth, image stretching, and many mores. In short, all the color related shortcomings can be solved using this image editing tool that suits well in Linux. So, if you are a Linux OS user, don’t head bang for Adobe Photoshop Lightroom, install this software.  

11.F-shot

This is an image editing tool that best suits in Linux OS. This full-featured tool can be utilized for your personal photo retouching. It enables you to retrieve, manage, edit digital images, and more. It will allow you to prepare slides hows, photo rotation, cropping, resizing, color adjustment, etc. You can also create Photo CDs. This software will provide you the facility of exporting images to the different websites like Flickr, Picasa, online photo gallery, etc.

12.UFRaw

Unidentified Flying Raw (UFRaw) is a raw image editing tool for the Linux users. It can read and manipulate RAW image files. It can be used as an individual software and you can also use this tool as a GIMP plugin. It can be very useful software for the photographers. They can edit any raw image quickly to correct any color related issue.

13.GTKRawGallery

This is also a free and open source image editing and retouching tool. It works with raw images using many tools such as Exiftool, Dcraw, Imagemagick, etc. By this software, you can edit post production images. You can add image tags and color management. This tool will give you a print support. You can upload your images into Dropbox using it. It has the option to publish your photos directly to the social sites like Facebook, Flickr, Picasa, etc.

14.LightZone

It is a photo editing tool that is free and open source. You can download and use in your Linux OS. It will produce non-destructive images. It can be used in various RAW image formats. LightZone is functionally very near to Photoshop Lightroom. It can produce JPEG with metadata.

15.Pixeluvo

This is a photo editing tool that offers two designs based on the usage complexity. One is easy and another is advance to use. You can manipulate your images using this software. It is non-destructive and you will get adjustment layers, color correction tools, realistic drawing tools, many image enhancement filters, etc. Anyway, Pixeluvo is a paid cross platform application. But, you can enjoy 30 days complete trial basis. You can install it in Linux alternative to Photoshop or Lightroom.

16.Photovi

If you are a Linux user, you can install Photovi on your machine because it is free and open source image editor. This tool allows RAW and bitmap file processing. It works under 16-bit processing and it is also a non-destructive tool. Using this software, you can do all kinds of color based image editing works. It needs a high performing computer and advanced level user, primarily is not for the beginners.

17.AfterShot Pro

This software is a commercial and proprietary raw photo manipulator which is created by Corel. AfterShot is based on the Bible and it is acquired by Corel. It is remarkable for offering a native and updated Linux version. Later, Corel publishes version 2 without the suffix ‘Pro’. This version is more limited and it has no longer tool “Perfectly Clear Noise Removal”.

Linux users can use these image editing tools for creating outstanding images. Though they cannot use Adobe products suited for windows without WINE, they have many high performing image processing software featured with a wide range of tools & options. These editors can be the alternative of Adobe products because they can also create high-res professional images.

​’Big Four’ Linux Companies Shift Open-Source Licensing Policies

By
Linux.com Editorial Staff
-

Red Hat, Facebook, Google, and IBM commit to providing a fair cure period to correct open-source GPLv2 software license compliance issues.’

The GNU Public License version 2 (GPLv2) is arguably the most important open-source license for one reason: It’s the license Linux uses. On November 27, three Linux-using technology powers, FacebookGoogle, and IBM, and the major Linux distributor Red Hat announced they would extend additional rights to help companies who’ve made GPLv2 open-source license compliance errors and mistakes.

This follows in the footsteps the Linux kernel project, which recently adopted this approach in its Linux Kernel Enforcement Statement, and the Free Software Foundation and Software Freedom Conservancy, which embodied the concept in their Principles of Community-Oriented GPL Enforcement.

Read more at ZDNet

Migrating to Linux: Disks, Files, and Filesystems

By
John Bonesio
-

This is the second article in our series on migrating to Linux. If you missed the first one, you can find it here. As mentioned previously, there are several reasons why you might want to migrate to Linux. You might be using or developing code for Linux in your job, or you might just want to try something new.

In any case, having Linux on your main desktop will help you quickly become familiar with the methods and tools you’ll need. In this article, I’ll provide an introduction to Linux files, filesystems and disks.

Where’s My C:?

If you are coming from a Mac, Linux should feel fairly familiar to you, as the Mac uses files, filesystems, and disks pretty closely to the way Linux does. On the other hand, if your experience is primarily Windows, accessing disks under Linux may seem a little confusing. Generally, Windows assigns a drive letter (like C:) to each disk. Linux does not do this. Instead Linux presents a single hierarchy of files and directories for everything in your system.

Let’s look at an example. Suppose you use a computer with a main hard drive, a CD-ROM with folders called Books and Videos and a USB thumb drive with a directory called Transfer. Under Windows, you would see the following:

C:  [Hard drive]

├ System

├ System32

├ Program Files

├ Program Files (x86)

└ <additional folders>


D: [CD-ROM]

├ Books

└ Videos


E: [USB thumb drive]

└ Transfer

A typical Linux system would instead have this:

/ (the top most directory, called the root directory) [Hard drive]

├ bin

├ etc

├ lib

├ sbin

├ usr

├ <additional directories>

└ media

   └ <your user name>

       ├ cdrom  [CD-ROM]

├ Books

       │  └ Videos

       └ Kingme_USB [USB thumb drive]

           └ Transfer

If you are using a graphical environment, usually, the file manager in Linux will present the CD-ROM and the USB thumb drive with icons that look like the device, so you may not need to know the media’s specific directory.

Filesystems

Linux emphasizes these things called filesystems. A filesystem is a set of structures on media (like a hard drive) that keep track of all the files and directories on the media. Without a filesystem we could store information on a hard drive, but all the data would be in a jumbled mess. We wouldn’t know which blocks of data belonged to which file. You may have heard of names like Ext4, XFS, and Btrfs. These are Linux filesystem types.

Every type of media that holds files and directories has a filesystem on it. Different media types may use specific filesystem types that are optimized for the media. So CD-ROMs use ISO9660 or UDF filesystem types. USB thumbdrives typically use FAT32 so they can be easily shared with other computer systems.

Windows uses filesystems, too. It just doesn’t talk about them as much. For example, when you insert a CD-ROM, Windows will read the ISO9660 filesystem structures, assign a drive letter to it and display the files and directories under the letter (D: for example). So if you’re picky about details, technically Windows assigns a drive letter to a filesystem, not the whole disk.

Using that same example, Linux will also read the ISO9660 filesystem structures, but instead of a drive letter, it will attach the filesystem to a directory (a process called mounting). Linux will then display the files and directories on the CD-ROM under the attached directory (/media/<your user name>/cdrom, for example).

So to answer the question “Where’s my C:?” On Linux, there is no C:. It works differently.

Files

Windows stores files and directories (also called folders) in its filesystem. Linux, however, lets you put other things into the filesystem as well. These additional types of things are native objects in the filesystem, and they’re actually different from regular files. Linux allows you to create and use hard links, symbolic links, named pipes, device nodes, and sockets, in addition to the regular files and directories. We won’t get into all the types of filesystem objects here, but there are a few that are useful to know about.

Hard links are used to create one or more aliases for a file. Each alias is a different name to the same contents on disk. If you edit the file under one file name, the changes appear under the other file names as well. For example. you might have MyResume_2017.doc also have a hard link called JaneDoeResume.doc. (Note that you can create a hard link by using the ln command from the command line.) This way you can find and edit MyResume_2017.doc, then send out JaneDoeResume.doc to your prospects to help them keep track where it’s from — which will contain all your updates.

Symbolic links are a little like Windows shortcuts. The filesystem entry contains a path to another file or directory. In a lot of ways, they work like hard links in that they can create an alias to another file. However, symbolic links can alias directories as well as files, and symbolic links can refer to items in a different filesystem on different media where hard links cannot. (Note that you can create symbolic links also with the ln command, but with the -s option.)

Permissions

Another big difference between Windows and Linux involves the permissions on filesystem objects (files, directories, and others). Windows implements a fairly complex set of permissions on files and directories. For example, users and groups can have permissions to read, write, execute, modify, and more. Users and groups can be given permission to access everything in a directory with exceptions, or they can be given no permission to anything in a directory with exceptions.

Most folks using Windows don’t make use of special permissions, however; so, it’s surprising when they discover that a default set of permissions are used and enforced on Linux. Linux can enforce more sophisticated permissions by using SELinux or AppArmor. However most Linux installations just use the built-in default permissions.

In the default permissions, each item in the filesystem has a set of permissions for the owner of the file, the group for the file, and for everyone else. These permissions allow for: reading, writing, and executing. The permissions have a hierarchy to them. First, it checks whether the user (the login name) is the owner and has permission. If not, then it checks whether your user (login name) is in the group for the file and the group has permission. If not, then it checks whether everyone else has permission. There are other permission settings as well, but the three sets of three are the ones most commonly used.

If you are using the command line, and you type ls -l, you may see permissions represented as:

rwxrw-r-- 1 stan dndgrp 25 Oct 33rd 25:01 rolldice.sh

The letters at the beginning, rwxrw-r–, show the permissions. In this case, the owner (stan) can read, write, and execute the file (the first three letters, rwx); members of the group dndgrp can read and write the file but not execute (the second three letters, rw-); and everyone else can only read the file (the last three letters, r–).

(Note that on Windows to make a script executable, you make the file’s extension something specific, .bat for example. On Linux, the file’s extension doesn’t mean anything to the operating system. Instead its permissions need to be set so the file is executable.)

If you get a permission denied error, chances are you are attempting to run a program or command that requires administrator privilege, or you’re trying to access a file that doesn’t hold permissions for your user account to access it. If you are trying to do something that requires administrator privilege, you will need to switch to the user account called root by logging in as root, or by using a helper program called sudo on the command line, which will allow you to temporarily run as root. The sudo tool will, of course, ask for a password to make sure you really should have permission.

Hard Drive Filesystems

Windows predominately uses a filesystem type called NTFS for hard drives. On Linux, you get to pick which type of filesystem you want to use for the hard drive. Different types of filesystems exhibit different features and different performance characteristics. The main native Linux filesystem used today is Ext4. However, you can choose from an abundance of filesystem types at installation time, such as: Ext3 (predecessor to Ext4), XFS, Btrfs, UBIFS (for embedded systems), and more. If you’re not sure which one to use, Ext4 will work great.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

1...442443444...10,742Page 443 of 10,742