- How do I know a specified user’s permissions on Linux with root access?
- 3 Answers 3
- Linux get user permissions
- How to see the permissions of an user over a file in Linux?
- 2 Answers 2
- How do I know a specified user’s permissions on Linux with root access?
- 3 Answers 3
- File Permissions in Linux/Unix with Example
- Ownership of Linux files
- Group
- Other
- Permissions
- Changing file/directory permissions with ‘chmod’ command
- Absolute(Numeric) Mode
- Symbolic Mode
- Changing Ownership and Group
How do I know a specified user’s permissions on Linux with root access?
I have root access to my local server. Some days ago, my colleague created a user on that server, giving me the username and password, but the user has minimized permissions. For instance, the user can’t even create a file under its own home directory. Is there any concept about «the permissions of a user»? If there is, how do I check/modify it?
3 Answers 3
It may be the case that your colleague, while creating the account, created the home directory «by hand» which resulted in it being owned by root . Try running the following as root :
chown -R username ~username chgrp -R $(id -gn username) ~username Where username is the name of the problematic account.
If this turns out to be your problem, to avoid this happening in the future, you want to add the -m switch to the useradd command line used to create the user account. This ensures that the user’s selected home directory is created if it doesn’t exist. This creates the home directory with the «right» ownership and permissions so you don’t face this kind of issue.
The chgrp command added above will change group ownership of the entire home directory of username to username ‘s primary group. Depending on your environment, this may not be exactly what you want and you’ll possibly need to change group ownership of specific sub-directories inside the home-directory «manually», thereby setting different group ownership for different sub-directories. This is usually not the case for personal computers, but since you mentioned «a colleague», I’m assuming we’re talking about a networked office environment, in which case group ownership is important for shared directories.
Linux get user permissions
How to see the permissions of an user over a file in Linux?
How can I see the permissions of an user over a file (or directiory) in Linux, I know that with «ls -l» I can see the permissions of my user over files. Is there any way to do this with other users without logging in?
2 Answers 2
- File permissions
- Number of links to the file
- Owner name
- Owner group
- File size
- Time of last modification
- File/directory name
The file permissions part can be divided in four parts :
- First character which describe the type of file («-» is for a regular file)
- Then there is three parts of three characters each :
- The first is the permissions for the owner of the file
- The second is the permissions for all the members of the owner group of the file
- The third is the permissions for everyone else
- — The file is a regular one
- rwx The owner is «user» and he has the rights to read («r»), write («w») and execute («x») on the file
- rw- The group is «group» and every user on that group can read and write on the file but not execute it
- r— Everyone else can just read the file and cannot write on it or execute it
To list all the group an user is member of use the command «groups user» (replace «user» by the name of the user).
How do I know a specified user’s permissions on Linux with root access?
I have root access to my local server. And some days ago my colleague created a user on that server, giving me the uesrname and password. But the user has a minimized permissions. Like the user can’t even create a file under its own home directory.
Is there any concept about «the permissions of a user»? If there is, how do I check/modify it?
3 Answers 3
It may be the case that your colleague, while creating the account, created the home directory «by hand» which resulted in it being owned by root . Try running the following as root :
Where username is the name of the problematic account.
If this turns out to be your problem, to avoid this happening in the future, you want to add the -m switch to the useradd command line used to create the user account. This ensures that the user’s selected home directory is created if it doesn’t exist. This creates the home directory with the «right» ownership and permissions so you don’t face this kind of issue.
The chgrp command added above will change group ownership of the entire home directory of username to username ‘s primary group. Depending on your environment, this may not be exactly what you want and you’ll possibly need to change group ownership of specific sub-directories inside the home-directory «manually», thereby setting different group ownership for different sub-directories. This is usually not the case for personal computers, but since you mentioned «a colleague», I’m assuming we’re talking about a networked office environment, in which case group ownership is important for shared directories.
File Permissions in Linux/Unix with Example
Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.
In this Linux file commands tutorial, you will learn-
- Ownership of Linux files
- Permissions
- Changing file/directory permissions with ‘chmod’ command
- Absolute(Numeric) Mode
- Symbolic Mode
- Changing Ownership and Group
- Summary
The concept of permissions and ownership is crucial in Linux. Here, we will discuss both of them. Let us start with the Ownership.
Click here if the video is not accessible
Ownership of Linux files
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
Group
A user- group can contain multiple users. All users belonging to a group will have the same access permissions to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.
Other
Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.
Now, the big question arises how does Linux distinguish between these three user types so that a user ‘A’ cannot affect a file which contains some other user ‘B’s’ vital information/data. It is like you do not want your colleague, who works on your Linux computer, to view your images. This is where Permissions set in, and they define user behavior.
Let us understand the Permission system on Linux.
Permissions
Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.
- Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
- Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
- Execute: In Windows, an executable program usually has an extension «.exe» and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.
Let’s see this in action
ls — l on terminal gives
Here, we have highlighted ‘-rw-rw-r—‘and this weird looking code is the one that tells us about the permissions given to the owner, user group and the world.
Here, the first ‘—‘ implies that we have selected a file.p>
Else, if it were a directory, d would have been shown.
The characters are pretty easy to remember.
r = read permission
w = write permission
x = execute permission
— = no permissionLet us look at it this way.
The first part of the code is ‘rw-‘. This suggests that the owner ‘Home’ can:
- Read the file
- Write or edit the file
- He cannot execute the file since the execute bit is set to ‘-‘.
By design, many Linux distributions like Fedora, CentOS, Ubuntu, etc. will add users to a group of the same group name as the user name. Thus, a user ‘tom’ is added to a group named ‘tom’.
The second part is ‘rw-‘. It for the user group ‘Home’ and group-members can:
The third part is for the world which means any user. It says ‘r—‘. This means the user can only:
Changing file/directory permissions with ‘chmod’ command
Say you do not want your colleague to see your personal images. This can be achieved by changing file permissions.
We can use the ‘chmod’ command which stands for ‘change mode’. Using the command, we can set permissions (read, write, execute) on a file/directory for the owner, group and the world. Syntax:
There are 2 ways to use the command —
Absolute(Numeric) Mode
In this mode, file permissions are not represented as characters but a three-digit octal number.
The table below gives numbers for all for permissions types.
Number Permission Type Symbol 0 No Permission — 1 Execute —x 2 Write -w- 3 Execute + Write -wx 4 Read r— 5 Read + Execute r-x 6 Read +Write rw- 7 Read + Write +Execute rwx Let’s see the chmod command in action.
In the above-given terminal window, we have changed the permissions of the file ‘sample to ‘764’.
‘764’ absolute code says the following:
- Owner can read, write and execute
- Usergroup can read and write
- World can only read
This is shown as ‘-rwxrw-r-
This is how you can change the permissions on file by assigning an absolute number.
Symbolic Mode
In the Absolute mode, you change permissions for all 3 owners. In the symbolic mode, you can modify permissions of a specific owner. It makes use of mathematical symbols to modify the file permissions.
Operator Description + Adds a permission to a file or directory — Removes the permission = Sets the permission and overrides the permissions set earlier. The various owners are represented as —
We will not be using permissions in numbers like 755 but characters like rwx. Let’s look into an example
Changing Ownership and Group
For changing the ownership of a file/directory, you can use the following command:
In case you want to change the user as well as group for a file or directory use the command
In case you want to change group-owner only, use the command
‘chgrp’ stands for change group.
- The file /etc/group contains all the groups defined in the system
- You can use the command «groups» to find all the groups you are a member of
You can use the command newgrp to work as a member a group other than your default group
- You cannot have 2 groups owning the same file.
- You do not have nested groups in Linux. One group cannot be sub-group of other
- x- eXecuting a directory means Being allowed to «enter» a dir and gain possible access to sub-dirs
- There are other permissions that you can set on Files and Directories which will be covered in a later advanced tutorial
.png)
.png)
.png)
.png)
.png)
