Linux Users, Groups, and Permissions
Understanding how users, groups, and permissions work on Linux can be challenging at first. In this tutorial, we'll explore the basics of system administration for Linux environments. We'll define the different types of users and how to add and remove users to/from the system. Additionally, we'll discuss basic commands like chmod and chown and how they can be used to modify permissions for different users/groups in Linux.
Linux Users
Linux is designed for multiple users to have access to the same system at the same time. There are three types of users in Linux:
System users
System users run non-interactive or background processes. These users don't have their own login or home directory.
Regular users
These users run interactive processes and have their own home directory and login.
Super user
There is only one root or superuser. This user is the ultimate authority on file ownership and permissions. You create new users as the root user.
Linux - Viewing all users
You can view a list of all users on the system via:$ cat /etc/passwd
This shows every user on the system. Each line represents a user with basic information such as username, user ID, group ID, and the home directory for that user.
Linux - Switching to the root user
How you switch to the root user may vary depending on your Linux distro. For Ubuntu, you can run:
$ sudo su
With other distros, you may be able to switch via just su. Ubuntu doesn't set a password for the root user by default so sudo is required to bypass the password prompt. If you are using Ubuntu and want to set a password for root, you can run sudo passwd root (however this is not recommended).
As the root user, you can add additional users to the system via: This will add a new user with the specified name to the system. To add a password login for the new user, run: This will prompt you to set a password for the new user. Once you've created a password for the new user, you can login via: It should prompt you for the password. Once entered correctly, you will be logged in as the new user. As root user, you can remove a user via: The su command is used to switch users. When no username is provided, su switches to the root user by default. The sudo command allows users and groups to access commands they normally wouldn't have access to. By using sudo, you avoid having to switch to the root user to run restricted commands. In order for a user to run sudo commands, the user must be added to the sudoers file in /etc/ directory. Editing the sudoers file directly is not recommended. Alternatively, the visudo command provides a safe and secure way to edit the sudoer file. Permissions exist to protect a user's files from other users. Run ls -l in any directory to list the files and permissions. After running the command, you should see something like: The first ten characters (-rwxrwxrwx) indicate the permissions for the listed resource. This may seem confusing, but when you break it down it makes more sense. The first character (d, -) indicates the file type. Normal files are represented by (-) and directories (d). You'll notice the sample_files directory is the only item listed with a (d) as the first character because it is a directory and not a file like the others. The next three characters are the permissions for the file's owner. Permissions are represented by three characters rwx. Remember that a hyphen represents restriction of access. Additionally, permissions will always be listed in the same order rwx. The next three characters are permissions for the file's group. The last three characters are the permissions for all other users. Taking the subs.txt line sample output (-rw-rw-r--), we infer that: With most implementations, the file owner has the most permissions while the group and other users only have a subset of the owner's permissions. Groups are a way of managing a collection of users. You can see a full list of groups and their members at /etc/group.
Every user is automatically associated with a group. This means every file you create as a user will be associated with that user's primary group. To run programs or create files with different groups, you can either: As the root user or sudoer, you can change file permissions with chmod. For example: This will grant read, write, execute permissions to the file owner for sample.txt. The following will remove the same access. You can also grant specific class permissions with u, g, and o. For example: You can also use the octect method, where the numbers 0-7 represent different permissions for each permission class. For example: This will give read only permissions (4) to the user, the group, and outsiders. As the root user or sudoer, yuou can change file ownership with chown:
If you want to change just the group, you can run: Using chown and chmod allows sudoers to change the permissions, owners, and groups associated with files in Linux. Creating users and organizing them into groups is considered best practice for organizing a Linux environment in a safe and secure way.Linux - Adding a user
# useradd <username>
# passwd <username>
Linux - Logging in as a new user
# su <username>
Linux - Removing a user
# userdel <username>
Linux - Difference between su and sudo
Linux Permissions
-rwxrwxrwx 1 svc-hadoop-platform-dev cperry 33 May 25 15:39 sample.txt
drw-r--r-- 1 svc-hadoop-platform-dev mjones 461 Aug 4 13:06 sample_files
-rw-rw-r-- 1 svc-hadoop-platform-dev mjones 55 Aug 4 13:06 subs.txt
-rwxrwx--- 1 svc-hadoop-platform-dev terryb 56 Aug 16 17:00 otherfile.txt
Linux Groups
Add a new group
$ newgrp <marketing>
Change groups
chgrp <newgroup>
Linux changing permissions with chmod
chmod +rwx sample.txt
chmod -rwx sample.txt
chmod ug+rw sample.txt //gives read and write access to file owner and group
chmod go-rw sample.txt //denies read and write access to group and outsiders
chmod ugo+rwx sample.txt //gives read, write, execute access to user, group, and outsiderschmod 444 sample.txt
//results in dr--r--r--Linux changing ownership with chown
chown mjones sample.txt
chown :newgroup sample.txt
Conclusion