Users Groups and Permissions
-
Linux
Linux Basics
User
Group
Permissions
Overview
Users
- Every user is assigned a unique User ID Number (UID).
- UID 0 identify as root
- User accounts normally start at UID 500 (Redhat) or 1000 (Debian)
- User’s Names and UIDs are stored in
/etc/passwd
file. - Users are assigned a home directory and a program that is run when users are log in (usually a shell).
- Users cannot read, write or execute each other’s files without permissions.
Groups
- Users are assigned to groups.
- Every group is assigned a unique Group ID Number (GID).
- Group’s Names and GIDs are stored in
/etc/group
file. - Each users is given their own private group.
- By default the groupname is same as their usernames.
- For example user mitesh is a member of group mitesh and by default, is the only member of that group.
- Users can be added to other groups for additional access.
- All users in a group can share files that belong to the group.
Primary and Secondary Group
- A user’s primary group is defined in the
/etc/passswd
file. - A user’s secondary groups are defined in the
/etc/group
file. - The primary group is important because files created by this user will inherit that group affiliation.
- The primary group can temporarily changed by running
where groupname is one of the user’s secondary groups. The user can return to their original group by typing exit
.
Linux File Security
- Every file is owned by a UID and a GID.
- Every process runs under the authority of a particular user(UID) and with the authority of one or more groups(GIDs). This is called process security context.
Three Access Categories
- Process running with the same UID as the File (User)
- Process running with the same GID as the File (Group)
- All other Processes (Other)
Permission Precedence
- Process running with the same UID as the File, User permissions apply.
- Process running with the same GID as the File, Group permissions apply.
- Process running with the different UID and GID then Other permissions apply.
Permission Types
File Permissions
Directory Permissions
WARNING A file may be removed by anyone who has a write permission to the directory in which the file resides, regardless of the ownership or permissions on the file.
Examining Permissions
- File and Directory permissions may be viewed by
ls -l
command.
Interpreting Permissions
- Read, Write and Execute for the owner, andersen
- Read and Execute for members of the trusted group
- No access for all others
/---------------------------------------------------------------\ | User | Primary Group | Secondary Group | |---------------------------------------------------------------| | fred | fred | staff | | mary | mary | staff,admin | \---------------------------------------------------------------/
- The penguin can be read, wrire and executed by fred, but only read by mary.
- The redhat can be read and write by mary, but only read by fred.
- The tuxedo can be read and write by both mary and fred.
Changing File Ownership
Ownership
- Only root can change the file’s owner.
- Ownership is changed with
chown
command:
For Example:
- The following command would grant ownership of the file foofile to mitesh
- The following command would grant ownership of foodir and all the files and subdirectories within it to mitesh:
Group-Ownership
- Only root or the owner can change the file’s group.
NOTE!: root can grant ownership to any group, while non-root users can grant ownership only to groups they belong to.
- Group-Ownership is changed with
chgrp
command
For Example:
- The following command would grant group-ownership of the file foofile to mitesh
- The following command would grant group-ownership of foodir and all the files and subdirectories within it to mitesh
Changing Permissions
- To change access modes
Symbolic Method
- Where Mode is
/------------------------------------------------------------\ | Who | Operator | Permission | |------------------------------------------------------------| | u User | + Add | r Read | | g Group | - Remove | w Write | | o Other | = Assign | x Execute | | a All | | s SUID | | | | t Sticky Bit | \------------------------------------------------------------/
Examples
Numeric Method
- Uses a Three Digit Mode Number
/---------------------------------------------------------------\ | who | Permission | |---------------------------------------------------------------| | 1st Digit: Owner Permission | 4 Read | | 2nd Digit: Group Permission | 2 Write | | 3rd Digit: Other Permission | 1 Execute | \---------------------------------------------------------------/
Examples:
Nautilus
- In a Nautilus window, right-click on a file.
- Select Properties from the context menu.
- Select the Permission tab.
Newsletter
Get updated when I create new content.
Unsubscribe whenever. Never any spam.