Users, Groups and Permissions in Linux

This article is about users, groups and permissions in Linux. Post reading of this article, you will be able to: 

  • Manage users and groups 
  • Change permissions on files and folders for users, groups and others 

First, you will learn about the process of logging in and logging out of the Linux system. Although you may be the only user on your Linux system, you should know about user accounts and managing users. As you should have your own account (other than root) for your daily routines, you should know how to establish a user account. If your system allows access to other users, you should be able to create user accounts for every one who wants access. 

Logging In

To begin your journey in the world of Linux, you must log in. By logging, you are basically introducing yourself to the system. To log in, you should enter a name, followed by a password. 

The text mode login will appear as shown below:  

  • Red Hat Linux release 7.0 
  • Kernel 2.xx on an i686 
  • localhost login:root 
  • Password:yourrootpassword 

The graphical mode login screen will appear as follows: 

kEiDrMNAAAAAElFTkSuQmCC

 

If you log in as root user, you must type the user login name and the password. The system authenticates the password and presents the desktop screen from where you can start working with the Red Hat Linux system. 

 

Establishing User Accounts

Red Hat Linux system uses accounts to manage privileges and maintain security. To use the Linux system, you should have an account in the system. This account is known as a user account. All access to the Linux system is through the user account. The system administrator has the privilege to set up an account for each user, except the ‘root’ account. The ‘root’ account is created at the time of installation. Not all accounts are created equal; some accounts have fewer rights to access files or services than others.

Working as 'root'

The ‘root’ account is created at the time of installing Linux. The default name of the ‘root’ user is taken as root. 

The ‘root’ is a special user account that is available on every Linux system. This special user has full access to the system. 

Note : As the Red Hat Linux system creates the ‘root’ account during installation, some new users are tempted to use only this account for all their activities. This is a bad idea. Since the ‘root’ account is allowed to do anything on the system, you can easily damage your system by mistakenly deleting or modifying sensitive system files. 

User Accounts

Every person using your system should have a unique account. By keeping separate accounts for each user, you can have a better idea of who is accessing your system. Every user account has a unique name and a password. The user information in the /etc/passwd is maintained in the following format: 

username:password:user ID:group ID:comment:home directory:logincommand 

Every entry in the /etc/passwd file comprises seven fields separated by colons. The fields contain the following values in a sequence: 

  • The username, 
  • The password, 
  • The user identification (UID), 
  • The group identification (GID), 
  • A comment (usually the user’s real name and other details), 
  • The home directory (the directory where the user is placed when he /she logs in, 
  • The login command – The command executed when the user logs in.

useradd - Create new user account

$useradd -d <home Directory> -s <defaultshell> -u <user id> -g <group id> -c <comment> <username> 

<home Directory> – users home directory 

 Example: 

 /home/user1 

<Default shell> – default shell on which user will log in 

Example: 

 /bin/bash 

<user id> – user’s unique id number 

Example 

 1001 

<group id> – user’s group id 

Example 

 1001 

<cmment> – some comment for the user 

Example 

 “local user” 

Example: 

 useradd -d /home/user1 -s /bin/bash -u 1001 -g 1001 -c “local user” user1

usermod - Modify user account

$usermod -d <home Directory> -s <default shell> -u 

 <user id> -g <group id> -c <comment> <username> 

 <home Directory> – change users home directory

Example: 

 /home/user2 

 <Default shell> – change default shell on which user will log in 

 Example: 

 /bin/csh 

 <user id> – change user’s unique id number 

 Example: 

 1002 

 <group id> – change user’s group id  

 Example: 

 1002 

<comment> – change comments for the user 

Example 

 “change local user” 

Example: 

usermod -d /home/user2 -s /bin/csh -u 1002 -g 1002 -c “change local user” user2 

Some Useful Commands

cat – Sends file contents to standard output. This is a way to list the contents of short files to the screen. It works well with piping. 

          Example: cat .bashrc 

Description: Sends the contents of the “.bashrc” file to the screen. 

cd – Changes the current working directory to /home. The ‘/’ indicates relative to root. No matter what directory you are in when you execute this command, the directory will be changed to “/home”. 

          Example: cd httpd 

Description: Changes the current working directory to httpd, relative to the current location which is “/home”. The full path of the new working directory is     “/home/httpd”. 

cd .. – Moves to the parent directory of the current directory. This command will make 

the current working directory as “/home”. 

Cd ~ – Moves to the user’s home directory which is “/home/username”. The ‘~’  indicates the users home directory. 

Cp – Copies files from one directory to another. 

          Example: cp myfile yourfileCopy 

Description: The files “myfile” to the file “yourfile” in the current working directory. This command will create the file “yourfile” if it doesn’t exist. It will normally overwrite it without warning if exists. 

          Example: cp -i myfile yourfile 

Description: With the “-i” option, if the file “yourfile” exists, you will be prompted before it is overwritten. 

           Example: cp -i /data/myfile 

Description: Copies the file “/data/myfile” to the current working directory and names it “myfile”. It also prompts before overwriting the file. 

           Example: cp -dpr srcdir destdirCopy 

Description: Copies all files from the directory “srcdir” to the directory “destdir” preserving links (-p option), file attributes (-p option), and copy recursively (-r option). With these options, a directory and all it contents can be copied to another directory. 

dd – Disk duplicate. This command converts and copies a file. 

          Example: dd if=/dev/hdb1 of=/backup/ 

Description: “if” means input file, “of” means output file. 

df – Shows the amount of disk space used on each mounted file system. 

less – Allows the user to move page up and down through the file.  

          Example: less textfile 

Description: Displays the contents of textfile. 

ln – Creates a symbolic link to a file. 

          Example: ln -s test symlink

Description: Creates a symbolic link named symlink that points to the file test. Typing “ls -i test symlink” will show that the two files are different with different inodes. Typing “ls -l test symlink” will show that symlink points to the file test. 

locate – A fast database driven file locator. This command builds the slocate database, taking several minutes to complete. It must be used before searching for files; however cron runs this command periodically on most systems. 

          Example: slocate -u whereis 

Description: Lists all files whose names contain the string “whereis”. 

logout – Logs the current user off the system. 

ls – Lists files in the current working directory except those starting with ‘.’ and only shows the file name. 

          Example: ls -al 

Description: Lists all files in the current working directory in long listing format, showing permissions, ownership, size, and time and date stamp. 

more – Allows file contents or piped output to be sent to the screen, one page at a time. 

          Example: more /etc/profile 

Description: Lists the contents of the “/etc/profile” file to the screen, one page at a time.  

          Example: -al |more 

Description: Performs a directory listing of all files and pipes the output of the listing through more. If the directory listing is longer than a page, it will be listed one page at a time. 

mv – Moves or renames files. 

          Example: mv -i myfile yourfile 

Description: Moves the file from “myfile” to “yourfile”. This effectively changes the name of “myfile” to “yourfile”. 

          Example: mv -i /data/myfile 

Description: Moved the file “myfile” from the directory “/data” to the current working directory.

pwd – Shows the name of the current working directory. 

          Example: more /etc/profile 

Description: Lists the contents of the “/etc/profile” file to the screen, one page at a time. 

shutdown – Shuts the system down. 

          Example: shutdown -h now 

Description: Shuts the system down to halt immediately. 

          Example: shutdown -r now  

 Description: Shuts the system down immediately, and the system reboots. 

whereis – Shows where the binary, source and manual page files are for a command. 

Changing Permissions

It is possible to change file permissions, if you wish to grant or remove permissions from some users. You can change file permissions if you are: 

  • A ‘root’ user, 
  • The file owner. 

You can change the file permissions using the command chmod. Permissions can be changed in two ways: 

  • Using letters with the chmod command. The letters represent –
    •   Permissions,
    •   Different users
  • Using numbers that represent permissions, along with the chmod command.

Following is a list of options that can be used with the chmod command: 

      1. Identities: 

          a)      u: the user who owns the file (the owner), 

          b)      g: the group to which the user belongs 

          c)      o: others (neither the owner nor the owner’s group) 

          d)     a: everyone or all (u, g, and o) 

     2. Permissions: 

          a)      r: read access

          b)      w: write access 

          c)      x: execute access

     3. Actions: 

          a)      + : grants the permission 

          b)      – : removes the permission 

          c)      = : makes it the only permission 

The existing file permissions of the file ‘sneakers.txt’ are as follows: 

 -rw-rw-r– 1 newuser newuser 150 Mar 19 08:08 sneakers.txt 


Note : Another permission symbol is t, for the sticky bit. If a sticky bit is assigned to a file, a user who wants to remove or rename that file must own the file, own the directory, have write permission, or be root.

Hope this article will help you to understand the users, groups and permissions in Linux. For useful content related to Linux please click here.

Leave a Comment

Your email address will not be published. Required fields are marked *