User Accountsand

Permissions

Chapter IV / Part II

Accounts•Linux is a multiuser operating system•Account for a user identified by username• password for authentication

•Password file: used for authentication• username:password:uid:gid:gecos:homedir:shell

•Two types of accounts• Root

• Called super user

• Every Linux system has one

• Can create other accounts for users

• User

• Restricted

• Can be given more permissions

•Some accounts may not have any actual user • needed by some application

Accounts..

•Root account created during installation• One or more user accounts as well

•Shouldn’t login using root account• Potentially dangerous

•Can change into any user using su user• prompt for the user’s password

•su changes to root account•To run a single command with root

previliges• use sudo

Accounts

•Creating new users• only admins can do this

•adduser command• most default options are ok

•New users should change their password: passwd• root can do this for a user: passwd user

•Deleting users accounts: userdel -r username

•Disabling a user temporarily•Put * before password in the entry in /etc/passwd

Permissions•Very critical in multi-user environment•Maintain access over files for different

users• Other users cannot access your files

• Critical files can only be accessed by root

•Besides users, there are groups• Similar users can be grouped together

• Easy to maintain permissions for a group

• Easy to share files within a group

• A user can belong to more than one group

• groups,newgrp command

•Permissions are maintained for• User

• Group

• Others

Permissions

•Permissions under Linux are • Ownership

• Access rights

•Ownership - who owns the file•The creator of a file becomes its owner• Creator’s default group becomes the group owner

• Ownership can be changed later

•The super user, root, owns everything• Can modify ownership

• Can change access rights

Access rights (Permissions)

•Access rights• Who can read, write, view a file

•Read• File - open it

• Directory - open it, list its contents

•Write• File - change its contents

• Directory - add or remove its contents

•Execute• File - execute it

• Directory - list using ls -l : extended information

Permissions•ls -l to view the permissions•Sample output

links

Changing Ownership

•Root to do this•To change ownership: chown •chown username file_or_dir

•To change group ownership: chgrp•chgrp groupname file_or_dir

•combine if username & group name are same• chown name:name file_or_dir

Changing Permissions

•chmod command• standard way to change permissions

• a : all

• u : current user (who is using chmod)

• g : file’s current group

• o : other users, not in g

• + : add an attribute

• - : remove an attribute

• = : set (absolutely) a permission

• r, w, x: read, write, execute

• root can change permissions to any file/directory

•Besides root, only the owner can change permissions

Changing Permissions

•Simple example: make a file executable• chmod +x filename: gives permission to

everyone

• to only yourself: chmod u+x filename

• to yourself and group: chmod ug+x filename

• multiple: chmod ug+rwx filename

• remove a permission: chmod o-x filename

• give write permission to all: chmod a+w filename

• remove all permissions and set file readable by user only

• chmod u=r filename

• -r option: set permission to every item in a directory• chmod a+rw -r dirname