Users and Groups
User-
Every user is assigned a unique user ID Number (UID).
UID 0 identifies root..
user account normally start at UID 500.
users names and UID are stored in /etc/passdw file.
users are assigned a home directory and a program that is run when they login in.
Users cannot read, write or execute each other's files without permission.
Group-
users are assigned to groups
each group is assigned a unique group ID number (GID)
GIDs are stored in /etc/group file.
each user is given their own private group
can be added to other groups for additional access
all users in a group can share files that belong to the group
User configuration file Directory and files description-
Directory
|
Description
|
/home
|
the user's own home directory
|
/etc/passwd
|
the
password for a user
|
/etc/group
|
the
group to which the user belongs
|
/etc/shadow
|
encrypted
password file
|
/etc/gshadow
|
encrypted
password file for group
|
For Example-
User Command
Command
|
Description
|
#useradd
username
|
Create
a user
|
#passwd
password
|
Set
user password
|
#usermod
|
Modify
a user account
|
#usermod
-c name username
|
To
change the user name
|
#usermod
-d full path_of_directory username
#usermod -d /aa username |
To
change the user home directory
|
#usermod
-l newusername oldusername
|
If
you want to change user log in name
|
#usermod
-L username
|
If
you want to lock the user
|
#usermod
-U username
|
If
you want to unlock the user
|
#userdel
username
|
To
delete a user
|
#userdel
-r username
|
To
delete a user home directory
|
Group Command
#groupadd
groupname
|
To
create a group
|
#groupdel
groupname
|
To
delete a group
|
#usermod
-G groupname username
|
To
add a user in the group
|
#groupmod
-n newgroupname oldgroupname
|
To
change the groupname
|
#chage
-l username
|
If
you want to see password policy for a user
|
#chage
-E yy-mm-dd username
|
To
change the account expire date
|
#chage
-m 10 username
|
If
you want to change the password permission
|
A home directory is a file system directory on a multi-user-operating system containing files for a given user
of the system. The specifics of the home directory (such as its name and location) is defined by the operating system
Understanding /etc/passwd File Format-
#cat /etc/passwd
1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Understanding /etc/group File Format-
#cat /etc/group
1. group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
2. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
3. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
Understanding /etc/shadow File Format-
#cat /etc/shadow
1. User name : It is your login name
2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
Understanding /etc/gshadow File Format-
#cat /etc/gshadow
1. Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group.
2. Encrypted password — The encrypted password for the group.
3. Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.
4. Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.
Permission Type-
1. symbolic Method
2. Numeric Method
Permission Precedence-
if UID matches, user permissions apply
otherwise, if GID matches, group permissions apply
if neither match, other permissions apply.
Examining Permissions-
File permissions may be viewed using
ls -l #ls -l
file type and permissions represented by 10 character string.
For Example-
Note-
Defaults Permissions
root user:
1. defaults permission for directories is 777
2. defaults permission for files is 666
Non-privileged user:
1. files will have permissions of 664
2. directories will have permissions of 775
Umask Value-
Umask is a bit value, which is define your default files and directory's permission.
By default umask value 0022
e.g.
#umask (show umask value)
#umask 0011 (Change the umask value)
Name
|
Full Permission
|
Default Permission
|
Umask Value
|
Directory
|
777
|
755
|
022
|
File
|
666
|
644
|
022
|
Four sysbols are used when displaying permissions:
r: permission to read a file or list a directory contents
w: permission to write to a file or create and remove files from the directory
x: permission to execute a program or change into a directory and do a long listing of a directory
-: no permission (in place of the r,w,x)
Changing Permissions-
Symbolic Method to change access modes:
#chmod [-R] mode file_name
where mode is: u,g, or o for user, group, and other
+ or - for grant or deny
r,w,or x for read, write, or execute
who may be operator may be permissions may be
u + r (read)
g - w (write)
o = x
a t
Examples:
#chmod u+w,go-w file
grant write access to owner but denies it to group and other.
#chmod u=rw file
set user permissions to read and write.
#chmod +r file
make the file world-readable.
“a useful option to chmod is -R (recursive). this option tell chmod to traverse an entire directory tree to change the permission of all its files and subfolders.”
Changing Permissions- Numeric Method-
uses a three-digit mode number:
>first digit specifies owner's permissions
>second digit specifies group permissions
>third digit specifies other's permission
Permissions are calculated by adding:
4 (read)
2 (write)
1 (execute)
Examples:
set permission to file
#chmod 664 file
grant read/write to the owner and group, and read only to others.
#chmod 660 file
grant read/write to the owner and group, and no permission to others.
#chmod 600 file
grant read/write to owner and no permission to set group and others.
#chmod 444 file
grant read only permission to all.
Examples: set permission to directory
#chmod 755 directory
grant full permission to owner and read and execute to group and others.
#chmod 770 directory
grand full permission to owner and group no permission to others.
#chmod 700 directory
grant full permission to owner no permission to group and others.
#chmod 555 directory
grant read and execute permission to all. You can change the owner of a file-
#chown username filename
You can change the group ownership of a file-
#chgrp groupname filename
_____________________________________________________________________________________________