LINUX


Tuesday, 7 July 2015

Understanding, Administering Linux Groups and User Accounts



In a multi-user environment like Linux, every file is owned by a user and a group. There can be others as well who may be allowed to work with the file. What this means is, as a user, you have all the rights to read, write and execute a file created by you. Now, you may belong to a group, so you can give your group members the permission to either read, write (modify) and/or execute your file. In the same way, for those who do not belong to your group, and are called 'others', you may give similar permissions.
How are these permissions shown and how are they modified?
In a shell, command line or within a terminal, if you type 'ls -l', you will see something like -

drwxr-x--- 3 tutor firewall  4096 2010-08-21 15:52 Videos
-rwxr-xr-x 1 tutor firewall    21 2010-05-10 10:02 Doom-TNT
The last group of words on the right is the name of the file or directory. Therefore, 'Videos' is a directory, which is designated by the ’d’ at the start of the line. Since 'Doom-TNT' shows only a '-', at the start of the line, it is a file. The following series of 'rwx...' are the permissions of the file or directory. You will notice that there are three sets of 'rwx'. The first three rwx are the read, write and execute permissions for the owner 'tutor'.
Since the r, w and x are present, it means the owner has all the permissions. The next set of 'rwx' is permissions for the group, which is the second 'username'. You will notice that the 'w' here is missing, and is replaced by a '-'. This means group members of the group 'username' have permissions to read and to execute 'Doom-TNT', but cannot write to it or modify it. Permission for 'others' is the same. Therefore, others can also read and execute the file, but not write to it or modify it. Others do not have any permissions for the directory 'Videos' and hence cannot read (enter), modify or execute 'Videos'.
You can use the 'chmod' command to change the permissions you give. The basic form of the command looks like:
chmod 'who'+/-'permissions' 'filename'
Here, the 'filename' is the file, whose permissions are being modified. You are giving the permissions to 'who', and 'who' can be u=user (meaning you), g=group, o=others, or a=all.
The 'permissions' you give can be r=read, w=write, x=execute or 'space' for no permissions. Using a '+' grants the permission, and a '-' removes it.
As an example, the command 'chmodo+r Videos' will result in:
drwxr-xr-- 3 username  4096 2010-08-21 15:52 Videos

and now 'others' can read 'Videos'. Similarly, 'chmod o-r Videos', will set it back as it was, before the modification.

Linux file and folder permissions are covered extensively on our dedicated Linux File & Folder permissions article.

What happens in a GUI environment?

If you are using a file manager like Nautilus, you will find a 'view' menu, which has an entry 'Visible Columns'. This opens up another window showing the visible columns that you can select to allow the file manager to show. You will find there are columns like 'Owner', 'Group' and 'Permissions'. By turning these columns ON, you can see the same information as with the 'ls -l' command.
If you want to modify the permissions of any file from Nautilus, you will have to right-click on the file with your mouse. This will open up a window through which you can access the 'properties' of the file. In the properties window, you can set or unset any of the permissions for owner, group and others.

 

What are Group IDs?

Because Linux is a multi-user system, there could be several users logged in and using the system. The system needs to keep track of who is using what resources. This is primarily done by allocating identification numbers or IDs to all users and groups. To see the IDs, you may enter the command 'id', which will show you the user ID, the group ID and the IDs of the groups to which you belong.
A standard Linux installation, for example Ubuntu, comes with some groups preconfigured. Some of these are:
4(adm), 20(dialout), 21(fax), 24(cdrom), 26(tape), 29(audio), 30(dip), 44(video), 46(plugdev), 104(fuse), 106(scanner), 114(netdev), 116(lpadmin), 118(admin), 125(sambashare)
The numbers are the group IDs and their names are given inside brackets. Unless you are a member of a specific group, you are not allowed to use that resource. For example, unless you belong to the group 'cdrom', you will not be allowed to access the contents of any CDs and DVDs that are mounted on the system.
In Linux, the 'root' or 'super user', also called the 'administrator', is a user who is a member of all the groups and has all permissions in all places, unless specifically changed. Users who have been granted root privileges defined in the 'sudoers' file, can assume root status temporarily with the 'sudo' command.

No comments:

Post a Comment