Always fun to see people with limited understanding of ACLs struggle with filesystems that apply them. Look at this like a chance to learn!
Windows has a lot of features built in to prevent users (and malware) from breaking their system, such as the “system” and “read only” flags. I suppose explorer could’ve asked you to elevate, unset any flags, alter ownership, and delete anyway, but that’s doing a lot of work you don’t necessarily intend to do when you click “delete”.
Linux has this too; try the following:
mkdir -p /tmp/test/deleteme; touch /tmp/test/deleteme/deleteme.txt; chattr +i /tmp/test/deleteme /tmp/test/deleteme/deleteme.txt # If you want to apply the "drive from different system" equivalence sudo chown -R 12345:12345 /tmp/test/deleteme
Now try deleting the folder /tmp/test/deleteme from your file explorer:
Frustrated, you may try to force the issue by forcefully removing the file through the terminal:
user@box /tmp/test $ sudo rm -rf deleteme Place your finger on the fingerprint reader rm: cannot remove 'deleteme/deleteme.txt': Operation not permitted user@box /tmp/test $
Alright, what if I…
user@box /tmp/test $ sudo -i Place your finger on the fingerprint reader root@box ~ # cd /tmp/test root@box /tmp/test # rm -rf deleteme rm: cannot remove 'deleteme/deleteme.txt': Operation not permitted root@box /tmp/test # whoami root root@box /tmp/test #
No dice! Even root can’t remove these files!
The only way to get rid of these files, is to set/unset the right flags:
user@box /tmp/test $ chattr -i deleteme deleteme/deleteme.txt user@box /tmp/test $ rm -rf deleteme
Linux is so cool, but boggles my mind. I just simply don’t have enough time to really get a good grasp on the terminal and commands associated with it. It took me 3 days worth of attempts from 8am when my fiance leaves for work to 5pm to finally get a pi-hole set up in tandem with a self hosted VPN with wireguard. I just got it up and working on Wednesday this week. I know there’s a tutorial on the pi-hole website, but with no Linux terminology experience it was tough to know what I was supposed to be typing into the terminal. Several times I was typing:
sudo -i cd /etc/wireguard umask 077 name="client_name" echo [interface] > "name"
I thought the
name=
line would tell the terminal that I wanted to replace all the following lines that “name” appeared in with “client_name” automatically. Then I figured out that they were just telling me that I needed to replace “name” in their terminal commands with what I wanted to name the associated files I was creating lol. It was a real man…I’m a fucking moron moment.Learning to work with any operating systems beyond the most basic apps takes a lot of time. Whatever OS you started out with probably took you a few years to get into, but as a kid you don’t notice that you’re learning anything special. And, to be honest, Linux GUIs lack a lot of quality of life features. At least in Windows you can use the mouse to make files read-only, in many Linux utilities you can’t even see or modify such attributes.
Getting Wireguard and Pihole working without any prior Linux knowledge is an impressive feat on its own! Putting three days of work into it shows more dedication than I would have, I hope it paid off when you finished!
Also, you were so close with the name thing. In most shell languages, after typing
name="client_name"
you can use the dollar sign to refer to the value you set, i.e.$name
.If type this:
name="Eve" echo "Hello, $name!"
you would see
Hello, Eve!
This would actually work perfectly:
user@box ~ $ name="client_name" user@box ~ $ echo "[interface]" > $name
This would create a file called
client_name
that contains the line[
. ]I see a lot of tutorials online that had special characters removed (i.e. the dollar sings) or had broken script because quotes were turned into fancy quotes that are meaningless to the terminal, often because those guides were shamelessly stolen from other sites without checking if they even worked. It’s easy to miss these things!
That makes total sense. I never really considered that I have been learning Windows over the past 20 years. It was just learning “computer”. And I really appreciate the compliment to my dedication on it! I’m really happy with the result and I learned more about linux/networking/LePotato/Pi-hole than I would have guessed at the beginning of this whole project. From battling with Wireguard server configuration…ufw and portforwarding…client configuration…back to ufw…IP configuration…keys…etc. Troubleshooting was a maze sometimes 😂. One more thing before I go.
About the name thing. Say I type:
name="Gerald" wg genkey > ${name}.key
Would my output then be a key generated by Wireguard and named “Gerald.key”? Or would it need to be:
wg genkey > "${name}.key"
Or like in your example:
wg genkey > $name.key
I think I’m mostly getting caught up in when the quotations are necessary and when they’re not.
About the name thing. Say I type:
name="Gerald" wg genkey > ${name}.key
Would my output then be a key generated by Wireguard and named “Gerald.key”?
Yes, assuming the user you’re logged in as has access to write files in the current directory. In
/etc/wireguard
, that’s usually only possible if you’re logged in as root (or using an interactive sudo shell). Addingsudo
to your prompt doesn’t help in that case, becausesudo
only works up to the redirection character ().
HOWEVER: if
$name
is supposed to containJohn Cena
you’ll need to usewg genkey > "$name"
orwg genkey > "${name}"
. Otherwise, your private key will appear in a file namedJohn
, and the key contents would be followed by the wordCena
! Spaces mess up the shell and for that quotes are very very useful.I think I’m mostly getting caught up in when the quotations are necessary and when they’re not.
The exact rules differ per shell. The default on Ubuntu is bash, the rules for which I’ll add below. macOS and some other distros use
zsh
as a default, which is mostly bash compatible but includes some “most people probably mean to type this other command” style fixes.In general:
- Double quotes are used for when a variable can contain spaces (like a file name)
- Single quotes don’t expand variables;
'$name'
contains the literal string$name
, notEve Johnson
- Omitting quotes will lead to variables being expanded in place. If the contents of the variable are a single word, that effectively works the same as if you use double quotes
Suppose you have a directory with these files:
file
file with spaces
readme.txt
Suppose you want to remove some files with this script, using
rm
to delete them:myFile="file with spaces" # first quote option rm $myFile # second quote option rm '$myFile' # third quote option rm "$myFile"
The first
rm
call will try to remove the filesfile
,with
, andspaces
. It will delete the file namedfile
and give you two errors for the missing other two files. It’s as if you typedrm file with spaces
.rm
takes a long list of files that need to be deleted, so it’ll think you want to delete three files!The second
rm
call will give you an error, telling you that there is no file called$myFile
. It’s as if you typedrm '$myFile'
. You can create a file with that name, though;touch \$myFile
ortouch '$myFile'
will create a file starting with a dollar sign. Many tools forget that this is a possibility (just like*
and?
are perfectly valid file names!) and scripting based tools can easily fail or crash or even get exploited by hackers if you place a file with special characters on the system!The third
rm
call will remove the filefile with spaces
and leave the rest alone. It’s as if you typedrm "file with spaces"
. It’ll remove the one file.Using
${variable}
is a bit safer and clearer, because you indicate exactly where the name of the variable starts and where it ends. Quotes and such are still necessary, following the conventions above. This is useful when you try to create a string likebackup_$date_morning_$user.bak
; are you referring to a variable$date_morning_
or to a variable calleddate
?{date}_morning_${user}.bak
makes things a lot clearer!For my own sanity and to make sure I know what to expect, I generally use double quotes and preferably
${}
style expansion ("$name"
) for strings I want variables to be expanded in and single quotes around strings I definitely do not want variables to mess with.Wow! You absolutely know what you’re talking about! You did an amazing job clearing that up for me. I’ll save this comment in case I need to come back to it. Thank you!
I think Lemmy stripped the $ from your bash commands?
It didn’t for me in the web interface, maybe check if it’s a bug with the app you’re using?
The first progress is always the slowest.
It won’t always take you an entire day to get anything done in Linux. That’s just the pace you’re at as a beginner. As your knowledge expands you move faster.
It’s not very commonly used though. I have seen this command only a few times. I don’t feel like Linux users are missing stuff like this, so they dont use it.
But thanks for the long comment, was a nice read. :)
It’s not commonly used (on the usual popular systems) but for “simple” systems (like Ubuntu) it should probably be used more. There are reasons to remove /usr or ~, but I think requiring a special command to prevent accidents would solve more problems than it causes.
sudo
sudo
would do nothing. Changing the (effective) user and group IDs does not magically makerm
aware of the immutable bit, nor does it alter the behaviour ofrm
’s code to unset that bit before trying to remove it.In the example I gave above, I did use
sudo
.sudo -i
started an interactive shell with root permissions, andrm
failed to remove the directory and file inside it.
What’s wrong with this? Every OS has permissions that stop users from messing with system files.
this is not the system folder, different drive, old windows install and no not every os has this. luckly…
If you try to access an old Linux install you could run into the exact same problem. Both Linux and Windows nowadays use filesystems with permissions embedded into them, so if the user on the new install doesn’t match the old one you’ll have a problem.
but i just tried i can delete system folders from a different linux drive with no problems
Certainly not without using sudo right? It’s the same in the windows land, the UAC dialog is windows’ equivalent of sudo.
correct, but why wasnt i given a UAC prompt here? it just says Try again and Cancel
Probably due to some sort of idiot-proof protection to prevent people from deleting their windows folder from explorer. Try running a CMD shell as administrator and delete it from the command line instead.
chmod -R 777 ./, baby!!!
deleted by creator
What happened to the intern👀?
Was taken out back and never seen again. The remaining employees were told they lived out the rest of their life at a farm upstate.
Believe it or not, straight to jail
Well then change the owner and toss the old folders. Or just format it?
i just deleted what i needed with another os, i didnt want to format it i needed some space and wanted to keep some folders
Why wouldn’t you just format the drive if it had an old windows install?
wanted to keep some folders
Back up the folders and format the disk. If you’re deleting system files and folders, you’re clearly not running the OS from this other disk. Why waste the space on unneeded system files?
This seems to be an external drive, not the boot drive.
laughs in Linux…
laughs because it has the same level of protection as other OSs and thus is quite secure in that regard, right?
Laughs in Linux because if I really want to mess things up it wont stop me unless I am not root. Administrator on Winshit means nothing at all, no control over your system.
You do realize that in this very post they explain that if you mount an old linux drive with another user, you can’t delete stuff either until you remove the flags or change the owner of the old drives’ files?
You can do the same in windows, too.
They are not trying to access their own Windows folder, but that of an old drive.
Maybe you didnt see I responded to a comment that says that every OS has such dumb mechanisms as mentioned in the post which is def not true. I use Arch btw.
You mention Linux in your comments, but this same thing happens in Linux too! It’s the third time I’m writing this in this comment chain, I’m gonna assume you are a troll since you can’t be this dense. The top comment of this post explains why this also happens in Linux, I mentioned it first and then have you an example. If you can’t ocess that information it’s not my problem. Have a nice day.
Of the many grievous faults of Windows to pick on, file system permissions like this are not one.
As admin you have permission to change ownership and override permissions. And a relic copy of the OS folder is going to have some of the most restrictive permissions possible.
I would expect similar behaviour on any modern OS.
OP is probably young and doesn’t remember the pre-Vista days, when viruses ran rampant because the concept of admin rights didn’t exist yet.
Oh, it existed. It was just much more difficult to use and required an understanding of what you’re doing to set it up first.
The UAC version from Vista+ is implemented by default and far easier to run/manage for the typical end user. Most users find it hella annoying, but it’s easier than the alternative, since they’ve never used the alternative, they don’t know that.
Basically, you’d have to create an admin account, and a user account, then intentionally not use the admin account except for admin things… I did this, and it kept me out of trouble in a couple of close calls. Windows power users trend up like to endorse or brag(?) About how often they reinstall, and bluntly, I almost never reinstall my PC. I just don’t bog it down with garbage constantly. :)
Actually ACL on Windows is very bad. Recursively changing owner of directory can take minutes, same operation on any UNIX-like OS takes seconds.
I hate windows too but this is something normal that also happens on Linux. Take a drive from another system and you won’t be able to edit its protected files without root access.
but i am administrator on this computer
How is Windows in the 2nd drive supposed to know that?
the drive shouldnt have a say in the first place…
The drive doesn’t have a say. The permissions surrounding the TrustedInstaller account have a say. The account existed on your first Windows install and also on your new one hence the permissions and associated restrictions persevere. This is expected behavior.
its very annoying and wastes time
And prevents people from doing stupid things, as well as prevents malware running under administrator permissions from doing malware things (see also; people doing stupid things).
¯(ツ)/¯
Insecurity is annoying too 🤷♂️
Then why does it matter that your an admin if the drive should have no say?
because a non administrator shouldnt be able to mount drives and other admin operations. an admin should be able to do anything on that machine
You can do anything, you just need to own the files first.
Removed by mod
ACL’s are an integral part of most filesystems.
So yes the drive absolutely has a say in this (technically the NTFS filesystem) in combination with the OS’s filesystem driver.
The Windows folder is set to be owned by the TrustedInstaller SID (S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464) which is a “well known” Security Identifier.
This identifier is the same accross Windows systems in a similar way root is UID 0 on Linux.
Therefore the access rights for TrustedInstaller persists across Windows installs, and also other rights that are defined on the filesystem object.Linux uses mainly POSIX ACL which is “fairy simple”, while NTFS ACL can be very complex.
Should also note that the the UNIX and UNIX-like world there is also NFSv4 ACL which is comparable to NTFS ACL.But the basic idea persists across almost all filesytem ACL.
The user that is running the command must have the right user ID (that is UID/GID in Linux and SID in Windows) that has the correct access rights to do the action you want.With Windows administrator rights you can indeed delete everything if you really want.
But then you have to give your administrator account the right access tokens or you need to impersonate the account in question (both of which are possible if you have an local administrator account, but does require the techincal know-how).In Windows a lot of these things are in place both to prevent users from shooting themselves in the foot, but also to provide defence-in-depth against malware.
deleted by creator
That’s really bad logic and you’re missing the point here. trusted installer is the owner of the folder. The fact that it’s an old windows drive or that your an admin makes absolutely no difference. It’s a file system ACL, those ACLs don’t just magically disappear from the drive when it’s no longer the system drive.
Take ownership of the folder, add your account or the everyone security identifier with full access permissions and then delete it.
I’m sorry to say this but the fact that you’re complaining about this is more a reflection on your lack of understanding of how file system ACLs work, in any OS, than anything else.
The braincells were not there to begin with, you didn’t lose them. <= that’s a joke, I’m not trying to be mean.
Removed by mod
Lol, you’ve got such a good sens of humour. Hope you have a good day today.
This is perfectly normal, what you’re looking for is a more insecure OS maybe?
Windows, the first thing that comes to mind when someone talks about security. lol
How is it insecure that your os does what you want ? XD
Because what people want is often very, very stupid. And also because the difference between “you” and a malicious app acting like you is non-existent. If you can easily change vital files, so can any drive-by app you accidentally run.
What’s funny is that this is exactly what I feel like any time I have to use Linux.
but linux does exactly what you want , ive never been pulled a number like this.
Lol. That’s such a silly biased thing to say.
how? it’s to delete a file in other driver, it don’t get in your way
File system ACLs.
but its true? theres lots that you cant say against linux but you cant say it doesnt do exactly what you want.
Nearly 30 years of LINUX experience. I can definitely say on a regular basis that LINUX doesn’t do exactly what I want.
not my experience ¯_(ツ)_/¯
deleted by creator
you cant say it doesnt do exactly what you want.
As someone (a different guy than whom you’re replying to) who has primarily used Linux-based systems in personal settings for about 15 years or so, I can and will say that.
For the most part, Linux-based systems tend to do exactly what you tell them to do. Whether or not this is exactly what you want, however, is a slightly different point.
not my experience ¯(ツ)/¯
I want it to play rocket league. Without using wine or proton.
There are some things that Linux won’t allow you to do natively. I understand it’s better because it’s open, but come on.
Linux does exactly what you tell it to, not exactly what you want. There’s a big difference.
Not really.
If you know exactly what you want and how to do it.
I spent countless hours trying to make my display driver working in Linux years ago. I knew what I wanted, but it was impossible. For me at least. I know many who has similar experiences.
where are talking about files, not drivers from others companies that depend on their support
No op just said Linux does exactly what you want. My point is that it sometimes is very hard to know how to do what you want. I am not saying Windows is any better in this regard though.
I don’t use Linux but I assume you’re the kind of person typing sudo before every command ^^
I’m in this comment and I’m conflicted on how to feel about it.
im a system administrator by trade so i actually DON’T do that XD
So you’re just using the root account 24/7?
no of course not, i use sudo when strictly needed
Oh, okay then. Your previous comment could be taken both ways: “I’m a system administrator (i.e. root)” and “I’m a system administrator (i.e. someone knowing their shit)”
Linux does exactly what you tell it to. If all your experience is with systems designed by engineers trying to guess what you really want, that can be confusing and intimidating.
deleted by creator
Oh noes … folder permissions?
Removed by mod
But Windows bad
It’s still a protected folder even if it’s not the active OS and that’s a good thing…? It will permanently break the install, how is Windows supposed to know you’re never going to use it again? It doesn’t see you as the owner and prevents you from messing it up.
But if you’re sure you want it gone, you need to Take Ownership
Another “Excuse me Sir, do you have a moment to talk about Linux ?”
“Does anyone know how to fix X issue in Windows”
“Easy, INSTALL LINUX LOLAOALALOLOLOL”
cmon man its kinda funny
deleted by creator
I dont even know anymore. These “Windows bad” posts get so stupid by now I can only assume it is satite at this point. Im just waiting for “Task Bar is 20px high instead of 21, literally unusable”
Yeah, like linux doesn’t do this shit all the time. Permission denied always. I’M YOUR FUCKING GOD, DON’T EVER DARE TO GIVE ME PERMISSION DENIED.
Uga uga i dont know anything to do with computers but linux good windows bad give me upvote now uga.
I mean, do you not understand the concept of ‘don’t mess with critical files if you want your system to last’? This isn’t necessarily a bad thing about windows.
Windows is designed for the average user and does very well in that regard. It prevents people with very little computer knowledge from totally messing things up.
These are not system files. Not from this os.
Sorry to be the bearer of bad news. Unfortunately it seems that you cannot be trusted with installation :(
OP is getting murdered in the comments…
People are really harch with their downvotes. It really wasn’t that bad. :)
I’m alive and well,also I don’t see downvotes :)