Users and Groups
User-
Every user is assigned a unique user ID Number (UID).
UID 0 identifies root..
user account normally start at UID 500.
users names and UID are stored in /etc/passdw file.
users are assigned a home directory and a program that is run when they login in.
Users cannot read, write or execute each other's files without permission.
Group-
users are assigned to groups
each group is assigned a unique group ID number (GID)
GIDs are stored in /etc/group file.
each user is given their own private group
can be added to other groups for additional access
all users in a group can share files that belong to the group
User configuration file Directory and files description-
Directory | Description |
/home | the user's own home directory |
/etc/passwd | the password for a user |
/etc/group | the group to which the user belongs |
/etc/shadow | encrypted password file |
/etc/gshadow | encrypted password file for group |
For Example-
User Command
Command | Description |
#useradd username | Create a user |
#passwd password | Set user password |
#usermod | Modify a user account |
#usermod -c name username | To change the user name |
#usermod -d full path_of_directory username #usermod -d /aa username | To change the user home directory |
#usermod -l newusername oldusername | If you want to change user log in name |
#usermod -L username | If you want to lock the user |
#usermod -U username | If you want to unlock the user |
#userdel username | To delete a user |
#userdel -r username | To delete a user home directory |
Group Command
#groupadd groupname | To create a group |
#groupdel groupname | To delete a group |
#usermod -G groupname username | To add a user in the group |
#groupmod -n newgroupname oldgroupname | To change the groupname |
#chage -l username | If you want to see password policy for a user |
#chage -E yy-mm-dd username | To change the account expire date |
#chage -m 10 username | If you want to change the password permission |
A home directory is a file system directory on a multi-user-operating system containing files for a given user
Understanding /etc/passwd File Format-
#cat /etc/passwd
1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Understanding /etc/group File Format-
#cat /etc/group
1. group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
2. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
3. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
Understanding /etc/shadow File Format-
#cat /etc/shadow
1. User name : It is your login name
2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
Understanding /etc/gshadow File Format-
#cat /etc/gshadow
1. Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group.
2. Encrypted password — The encrypted password for the group.
3. Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.
4. Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.
Permission Type-
1. symbolic Method
2. Numeric Method
Permission Precedence-
if UID matches, user permissions apply
otherwise, if GID matches, group permissions apply
if neither match, other permissions apply.
Examining Permissions-
File permissions may be viewed using
ls -l #ls -l
file type and permissions represented by 10 character string.
For Example-
Note-
Defaults Permissions
root user:
1. defaults permission for directories is 777
2. defaults permission for files is 666
Non-privileged user:
1. files will have permissions of 664
2. directories will have permissions of 775
Umask Value-
Umask is a bit value, which is define your default files and directory's permission.
By default umask value 0022
e.g.
#umask (show umask value)
#umask 0011 (Change the umask value)
Name | Full Permission | Default Permission | Umask Value |
Directory | 777 | 755 | 022 |
File | 666 | 644 | 022 |
Four sysbols are used when displaying permissions:
r: permission to read a file or list a directory contents
w: permission to write to a file or create and remove files from the directory
x: permission to execute a program or change into a directory and do a long listing of a directory
-: no permission (in place of the r,w,x)
Changing Permissions-
Symbolic Method to change access modes:
#chmod [-R] mode file_name
where mode is: u,g, or o for user, group, and other
+ or - for grant or deny
r,w,or x for read, write, or execute
who may be operator may be permissions may be
u + r (read)
g - w (write)
o = x
a t
Examples:
#chmod u+w,go-w file
grant write access to owner but denies it to group and other.
#chmod u=rw file
set user permissions to read and write.
#chmod +r file
make the file world-readable.
“a useful option to chmod is -R (recursive). this option tell chmod to traverse an entire directory tree to change the permission of all its files and subfolders.”
Changing Permissions- Numeric Method-
uses a three-digit mode number:
>first digit specifies owner's permissions
>second digit specifies group permissions
>third digit specifies other's permission
Permissions are calculated by adding:
4 (read)
2 (write)
1 (execute)
Examples:
set permission to file
#chmod 664 file
grant read/write to the owner and group, and read only to others.
#chmod 660 file
grant read/write to the owner and group, and no permission to others.
#chmod 600 file
grant read/write to owner and no permission to set group and others.
#chmod 444 file
grant read only permission to all.
Examples: set permission to directory
#chmod 755 directory
grant full permission to owner and read and execute to group and others.
#chmod 770 directory
grand full permission to owner and group no permission to others.
#chmod 700 directory
grant full permission to owner no permission to group and others.
#chmod 555 directory
grant read and execute permission to all. You can change the owner of a file-
#chown username filename
You can change the group ownership of a file-
#chgrp groupname filename
0 comments: