WEB DEV

Appearance

Users, Groups, and File Permissions

Linux is a multi-user operating system that relies on a robust permissions system to control who can access and modify files and directories.

Users and Groups

Users

Every user on a Linux system has:

  • A unique username
  • A unique user ID (UID)
  • A primary group
  • An optional list of supplementary groups
  • A home directory
  • A login shell

Groups

Groups are collections of users that share the same permission settings:

  • Each group has a unique group ID (GID)
  • A user can belong to multiple groups
  • Groups help manage permissions for multiple users

Viewing User and Group Information

bash
# Show current user
whoami

# Show groups the current user belongs to
groups

# Show all groups on the system
cat /etc/group

# Show all users on the system
cat /etc/passwd

# Show detailed info about a user
id username

User and Group Management

bash
# Add a new user
sudo useradd username

# Add a new user with a home directory
sudo useradd -m username

# Set password for a user
sudo passwd username

# Add a new group
sudo groupadd groupname

# Add user to a group
sudo usermod -aG groupname username

# Remove user from a group
sudo gpasswd -d username groupname

# Delete a user
sudo userdel username

# Delete a group
sudo groupdel groupname

File Permissions

Permission Types

Linux permissions are defined for three categories:

  • Owner: The user who owns the file
  • Group: The group associated with the file
  • Others: All other users on the system

For each category, there are three types of permissions:

  • r (read): Permission to read the file or list directory contents
  • w (write): Permission to modify the file or create/delete files in a directory
  • x (execute): Permission to execute the file as a program or access files in a directory

Viewing Permissions

When you use ls -l, you'll see permissions displayed like this:

-rwxr-xr-- 1 user group 5096 Jun 10 14:30 example.sh

Breaking this down:

  • First character: File type (- for regular file, d for directory)
  • Characters 2-4: Owner permissions (rwx)
  • Characters 5-7: Group permissions (r-x)
  • Characters 8-10: Others permissions (r--)

Changing Permissions

Using Symbolic Mode

bash
# Give owner execute permission
chmod u+x filename

# Remove write permission from others
chmod o-w filename

# Add read permission for group
chmod g+r filename

# Set multiple permissions at once
chmod u=rwx,g=rx,o=r filename

Symbols used:

  • u: User/owner
  • g: Group
  • o: Others
  • a: All (equivalent to ugo)
  • +: Add permission
  • -: Remove permission
  • =: Set exact permission

Using Octal (Numeric) Mode

Each permission type has a numeric value:

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1

Add these values for each category:

bash
# Set rwxr-xr-- (764)
chmod 764 filename

# Set rwxr-xr-x (755) - common for directories
chmod 755 directory

# Set rw-r--r-- (644) - common for regular files
chmod 644 filename

Common permission patterns:

  • 777 (rwxrwxrwx): Full permissions for everyone (rarely used, security risk)
  • 755 (rwxr-xr-x): Owner has full control, others can read and execute
  • 644 (rw-r--r--): Owner can read and write, others can only read
  • 600 (rw-------): Owner can read and write, no access for others

Changing Ownership

bash
# Change file owner
sudo chown username filename

# Change file group
sudo chgrp groupname filename

# Change both owner and group
sudo chown username:groupname filename

# Change ownership recursively for directories
sudo chown -R username:groupname directory/

Special Permissions

SUID (Set User ID)

When set on an executable file, it runs with the permissions of the file owner rather than the user executing it.

bash
# Set SUID
chmod u+s filename
# Or in octal mode (add 4000)
chmod 4755 filename

Example: The passwd command has SUID set, allowing regular users to update their passwords.

SGID (Set Group ID)

  • When set on an executable file, it runs with the permissions of the file group.
  • When set on a directory, new files created in that directory inherit the group of the directory.
bash
# Set SGID
chmod g+s directory
# Or in octal mode (add 2000)
chmod 2755 directory

Sticky Bit

When set on a directory, files in that directory can only be deleted by the owner, regardless of directory permissions.

bash
# Set sticky bit
chmod +t directory
# Or in octal mode (add 1000)
chmod 1777 directory

Example: The /tmp directory often has the sticky bit set.

Access Control Lists (ACLs)

ACLs provide more granular control over file permissions beyond the traditional user/group/others model.

bash
# Install ACL tools (if not already installed)
sudo apt install acl  # For Debian/Ubuntu
sudo dnf install acl  # For Fedora/RHEL

# View ACLs
getfacl filename

# Set an ACL for a specific user
setfacl -m u:username:rwx filename

# Set an ACL for a specific group
setfacl -m g:groupname:rx filename

# Remove an ACL
setfacl -x u:username filename

# Set default ACLs for a directory (inherited by new files)
setfacl -d -m u:username:rwx directory

Practice Exercises

  1. Create a new user and group
  2. Change ownership of a file to the new user and group
  3. Set different permissions for a file using both symbolic and octal notation
  4. Create a directory that allows multiple users to collaborate (using SGID)
  5. Implement ACLs for fine-grained permission management

In the next section, we'll explore Linux process management.

Copyright © 2024-present Ragav Kumar V. All rights reserved.