Assigning permissions to users in linux

User Groups and Permissions in Linux

From smartphones to cars, supercomputers and home appliances, home desktops to enterprise servers, the Linux operating system is everywhere.

Introduction

To create a secure environment in Linux, you need to learn about user groups and permissions. For example, if you work in a company and you want the finance department to read a file but not make any modification to it, then you need to use permissions in Linux. It is a must for every programmer working with Linux nowadays.

Prerequisites

To follow along with this tutorial, you should have:

Table of contents

File permissions

Let’s start by talking about the ownership of Linux files.

  1. User: the owner of the file (person who created the file).
  2. Group: the group can contain multiple users. Therefore, all users in that group will have the same permissions. It makes things easier than assign permission for every user you want.
  3. Other: any person has access to that file, that person has neither created the file, nor are they in any group which has access to that file.

When you perform the following command:

Then you will see the file’s permissions, like the following:

Permissions Example

We will work with this part “-rw-r–r–”.

Explain permissions

As we see above, the empty first part means that it is a file. If it were a directory then it will be the letter “d” instead. The second part means that the user “Home” has read and write permissions but he does not have the execute one. The group and others have only the read permission.

Let’s change the permissions using the chmod command.

This command will add the write permission for other users to my text file “section.txt”.

Now if you try to execute ls -l then you will see -rw-r—rw- .

“o” refers to others, “g” for the group, “u” for the user, and “a” for all.

Now let’s add the execute permission to the user with:

The permissions will be -rwxr—rw- .

If you want to remove the permission, you can use the same method but with “-” instead of “+”. For example, let’s remove the execute permission from the user by:

And the permissions now are: -rw-r—rw- .

Also, you can use Symbolic Mode to modify permissions like the following:

Number Permission
0 No permission
1 Execute
2 Write
3 Execute and Write
4 Read
5 Read and Execute
6 Read and Write
7 Read, Write and Execute

For example, let’s give every permission for all with:

Symbolic Mode Example

Then the permissions will be: -rwxrwxrwx .

Let’s remove the execute from the group and the write from other by:

The permissions will be: -rwxrw-r-x .

User accounts

Create a user

We can create a new user account by issuing the following command:

We can make sure that the user has been created in two ways:

Читайте также:  Python windows linux mac

And the output will be something like this:

uid=1007(testuser) gid=1009(testuser) groups=1009(testuser) 

This will show the user id and the groups that the user is currently in, usually, a new group with the same username is assigned to the user.

So we can issue cat /etc/passwd and we will see the new user that has been created.

After creating the user using the command above, you notice that no user directories have been created inside /home directory, which is not good since the user cannot log in to his account.

To create a new user with its directories, we can issue:

sudo useradd -m -s /bin/bash testuser 

If you navigate to the /home directory, you notice that a new directory with the name testuser is created.

Afterwards, you need to set a new password to the testuser by:

We noticed that creating a new user takes a lot of commands to accomplish, so there is a command that automates everything:

After creating a new user and setting a password to it, you can log in in two ways:

Delete a user

Like the process of adding users, there are two commands that delete a user.

If you try that command, you will notice that the user directory has not been deleted and you need to delete it by yourself.

You can use this automated command to do everything for you:

sudo deluser --remove-home testuser 

User groups

A group is a collection of users. The primary purpose of the groups is to define a set of privileges like read, write, or execute permission for a given resource that can be shared among the users within the group.

Create a group

You can see all of the groups you have by opening the following file:

Let’s create a group with the name of section by:

Add user to a group

We will add the testuser user to the section group by:

sudo usermod -aG section testuser 

Delete user from a group

You can delete the testuser from the group with:

sudo gpasswd -d testuser section 

Delete a group

Let’s delete the previous group by:

Conclusion

Linux is one of the most secure systems because it allows an admin to create multiple users with different permissions in the same hardware.

And now you know exactly how to do it!✨

Further reading

Peer Review Contributions by: Odhiambo Paul

Источник

File Permissions in Linux / Unix: How to Read, Write & Change?

Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.

In this Linux file commands tutorial, you will learn-

The concept of Linux File permission and ownership is crucial in Linux. Here, we will explain Linux permissions and ownership and will discuss both of them. Let us start with the Ownership.

Click here if the video is not accessible

Linux File Ownership

Every file and directory on your Unix/Linux system is assigned 3 types of owner, given below.

User

A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.

Читайте также:  What is ubuntu linux server

Group

A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.

Other

Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.

Now, the big question arises how does Linux distinguish between these three user types so that a user ‘A’ cannot affect a file which contains some other user ‘B’s’ vital information/data. It is like you do not want your colleague, who works on your Linux computer, to view your images. This is where Permissions set in, and they define user behavior.

Let us understand the Permission system on Linux.

Linux File Permissions

Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.

  • Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
  • Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
  • Execute: In Windows, an executable program usually has an extension “.exe” and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.

File Permissions in Linux/Unix

Let’s see file permissions in Linux with examples:

ls – l on terminal gives

File Permissions in Linux/Unix

Here, we have highlighted ‘-rw-rw-r–‘and this weird looking code is the one that tells us about the Unix permissions given to the owner, user group and the world.

Here, the first ‘‘ implies that we have selected a file.p>

Else, if it were a directory, d would have been shown.

File Permissions in Linux/Unix

The characters are pretty easy to remember.

r = read permission
w = write permission
x = execute permission
= no permission

Let us look at it this way.

The first part of the code is ‘rw-‘. This suggests that the owner ‘Home’ can:

  • Read the file
  • Write or edit the file
  • He cannot execute the file since the execute bit is set to ‘-‘.

By design, many Linux distributions like Fedora, CentOS, Ubuntu, etc. will add users to a group of the same group name as the user name. Thus, a user ‘tom’ is added to a group named ‘tom’.

Читайте также:  Команда history linux удалить

The second part is ‘rw-‘. It for the user group ‘Home’ and group-members can:

The third part is for the world which means any user. It says ‘r–‘. This means the user can only:

File Permissions in Linux/Unix

Changing file/directory permissions in Linux Using ‘chmod’ command

Say you do not want your colleague to see your personal images. This can be achieved by changing file permissions.

We can use the ‘chmod’ command which stands for ‘change mode’. Using the command, we can set permissions (read, write, execute) on a file/directory for the owner, group and the world.

chmod permissions filename

There are 2 ways to use the command –

Absolute(Numeric) Mode in Linux

In this mode, file permissions are not represented as characters but a three-digit octal number.

The table below gives numbers for all for permissions types.

Number Permission Type Symbol
0 No Permission
1 Execute –x
2 Write -w-
3 Execute + Write -wx
4 Read r–
5 Read + Execute r-x
6 Read +Write rw-
7 Read + Write +Execute rwx

Let’s see the chmod permissions command in action.

File Permissions in Linux/Unix

In the above-given terminal window, we have changed the permissions of the file ‘sample to ‘764’.

File Permissions in Linux/Unix

‘764’ absolute code says the following:

  • Owner can read, write and execute
  • Usergroup can read and write
  • World can only read

This is shown as ‘-rwxrw-r–

This is how you can change user permissions in Linux on file by assigning an absolute number.

Symbolic Mode in Linux

In the Absolute mode, you change permissions for all 3 owners. In the symbolic mode, you can modify permissions of a specific owner. It makes use of mathematical symbols to modify the Unix file permissions.

Operator Description
+ Adds a permission to a file or directory
Removes the permission
= Sets the permission and overrides the permissions set earlier.

The various owners are represented as –

User Denotations
u user/owner
g group
o other
a all

We will not be using permissions in numbers like 755 but characters like rwx. Let’s look into an example

File Permissions in Linux/Unix

Changing Ownership and Group in Linux

For changing the ownership of a file/directory, you can use the following command:

In case you want to change the user as well as group for a file or directory use the command

File Permissions in Linux/Unix

In case you want to change group-owner only, use the command

chgrp group_name filename

chgrp’ stands for change group.

File Permissions in Linux/Unix

Tip

  • The file /etc/group contains all the groups defined in the system
  • You can use the command “groups” to find all the groups you are a member of

File Permissions in Linux/Unix

File Permissions in Linux/Unix

Summary:

  • Linux being a multi-user system uses permissions and ownership for security.
  • There are three user types on a Linux system viz. User, Group and Other
  • Linux divides the file permissions into read, write and execute denoted by r,w, and x
  • The permissions on a file can be changed by ‘chmod’ command which can be further divided into Absolute and Symbolic mode
  • The ‘chown’ command can change the ownership of a file/directory. Use the following commands: chown user file or chown user:group file
  • The ‘chgrp’ command can change the group ownership chrgrp group filename
  • What does x – eXecuting a directory mean? A: Being allowed to “enter” a dir and gain possible access to sub-dirs.

Источник

Оцените статью
Adblock
detector