Lesson 1.10: Basics of Users, Groups & Permissions
Users
Type of Users
Type of Users | UID |
Root User | 0 |
System User | 1-200 |
App User | 201-999 |
Normal User | >=1000 |
Adding User
[root@client ~]# useradd ribik [root@client ~]# passwd ribik Changing password for user ribik. New password: Retype new password: passwd: all authentication tokens updated successfully.
User's Database file : /etc/passwd
- Format : ribik:x:1001:1001::/home/ribik:/bin/bash
- < username >:< encrypted password >:< uid >:< gid >:< comment >:< home directory >:< shell >
- Example: ribik:x:1001:1001::/home/ribik:/bin/bash
Groups
Type of Groups
Type of Groups | GID |
Root User's Group | 0 |
System User's Group | 1-200 |
App User's Group | 201-999 |
Normal User's Group | >=1000 |
Permissions
Conversions
- r (read) = 4
- w (write) = 2
- x (execute) = 1
chmod 777 filename
Identity & Position
- User = First or left-most
- Group = Middle
- Others = Last or right-most
chmod u=rwx,g=rw,o=x filename
Viewing Permissions on a file/directory
ls -l
: Show Long Listing- Format : < Permissions > < hardlink > < owner name > < group name > < file size > < date & time of modification > < name >
[root@client ~]# ls -l total 4 -rw-------. 1 root root 1143 Dec 6 2023 anaconda-ks.cfg drwxr-xr-x. 2 root root 6 Mar 7 2024 Desktop drwxr-xr-x. 2 root root 6 Mar 7 2024 Documents drwxr-xr-x. 2 root root 6 Mar 7 2024 Downloads drwxr-xr-x. 2 root root 6 Mar 7 2024 Music drwxr-xr-x. 2 root root 6 Mar 7 2024 Pictures drwxr-xr-x. 2 root root 6 Mar 7 2024 Public drwxr-xr-x. 2 root root 6 Mar 7 2024 Templates drwxr-xr-x. 2 root root 6 Mar 7 2024 Videos
Permissions Field
- The field is of 10 Character
- < Type >< Owner >< Group >< Others >
- Type ( - normal fiel ), ( d directory ), (l soft link), (b block device file), (c Character device file)
UMASK
- umask is a value that determines default permission on a file/directory in the time of creation.
[root@client ~]# umask 0022
- Default value of permission for file is 644 (-rw-r--r--) and for folder is 755 (drwxr-xr-x).
[root@client class]# touch file1 && mkdir folder1 && ls -l total 0 -rw-r--r--. 1 root root 0 Sep 21 09:37 file1 drwxr-xr-x. 2 root root 6 Sep 21 09:37 folder1
Formula to Calculate default permission of file
- Maximum allowed permission at the time of file creation (666)
- Substract : Max allowed Permission (666) - umask value (022) : 644 (Default value)
Formula to Calculate default permission of directory
- Maximum allowed permission at the time of directory creation (777)
- Substract : Max allowed Permission (777) - umask value (022) : 755 (Default value)
Chaning the umask Command
Temporary umask change
umask <umask value>
Permanently umask change
- CASE I: User-specific umask change
-
- Go to .bashrc and add the line
umask <umask value>
- Go to .bashrc and add the line
- CASE II: System-wide umask change
-
- Go to /etc/.basrc and the line
umask <umask value>
- Go to /etc/.basrc and the line
How to calculate the required umask value for file ?
- Suppose we want a file to have only read write permission for the owner. (-rw-------)
- Using the Substraction method :
- What is the substractor ( 666 - ??? = 600 )
- ( 666 - 066 = 600 ), 066 is the umask value.
Example : Temporarily changing Umask value for file
# Default umask value [sanjeeb@client ~]$ mkdir class && cd class && touch file1 && ls -lh total 0 -rw-r--r--. 1 sanjeeb sanjeeb 0 Sep 21 09:51 file1 [sanjeeb@client class]$ umask 0022 # Changing the umask value temporarily [sanjeeb@client class]$ umask 066 [sanjeeb@client class]$ umask 0066 # Creating a file and viewing permission [sanjeeb@client class]$ touch file2 && ls -lh file2 -rw-------. 1 sanjeeb sanjeeb 0 Sep 21 09:53 file2
How to calculate the required umask value for directory ?
- Suppose we want a file to have only read write permission for the owner. (-rwx------)
- Using the Substraction method :
- What is the substractor ( 777 - ??? = 700 )
- ( 777 - 077 = 700 ), 077 is the umask value.
Example : Temporarily changing Umask value for directory
# Default permission of folder [sanjeeb@client class]$ mkdir dir1 | ls -lh total 0 drwx--x--x. 2 sanjeeb sanjeeb 6 Sep 21 09:56 dir1 # Changing the umask value temporarily [sanjeeb@client class]$ umask 077 # Viewing the permission after change [sanjeeb@client class]$ mkdir dir2 && ls -lh dir2 total 0 drwx------. 2 sanjeeb sanjeeb 6 Sep 21 09:58 dir2
Manipulating Permissions
There are also operators to manipulate the permissions:
Task | Operator |
Grant a level of access | + |
Remove a level of access | - |
Set a level of access | = |
[sanjeeb@server Documents]$ ls -l total 0 -rw-r--r--. 1 sanjeeb sanjeeb 0 Apr 6 21:25 file1
[sanjeeb@server Documents]$ chmod 777 file1 [sanjeeb@server Documents]$ ls -l total 0 -rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr 6 21:25 file1
[sanjeeb@server Documents]$ chmod u=rwx,g=rw,o=r file1 [sanjeeb@server Documents]$ ls -l total 0 -rwxrw-r--. 1 sanjeeb sanjeeb 0 Apr 6 21:25 file1
Example 1: Change the permission of the /home/sanjeeb/Documents/file1 such that only the owner gets full permission and groups members & others do not get any permission. Use symbolic
method to change the permission.
[sanjeeb@server Documents]$ ls -lh total 0 ----------. 1 sanjeeb sanjeeb 0 Apr 6 21:25 file1 [sanjeeb@server Documents]$ chmod u=rwx,g=,o= file1 [sanjeeb@server Documents]$ ls -lh total 0 -rwx------. 1 sanjeeb sanjeeb 0 Apr 6 21:25 file1
Example 2: Change the permission of the /home/sanjeeb/Documents/file2 such that the owner and the group members get read and execute permission and others get read only permission. Use numeric
method to change the permission.
[sanjeeb@server Documents]$ chmod 554 file2 [sanjeeb@server Documents]$ ls -lh total 0 -r-xr-xr--. 1 sanjeeb sanjeeb 0 Apr 7 06:39 file2 [sanjeeb@server Documents]$
Example 3: Grant all privileges to all users to the directory /home/sanjeeb/Documents/folder1. Make sure that full privileges is granted to all users on that directory as well as to the contents and sub-contents of the directory at one shot. Use numeric
method to change the permission.
[sanjeeb@server Documents]$ chmod -R 777 folder1/ [sanjeeb@server Documents]$ ls -lh total 0 drwxrwxrwx. 2 sanjeeb sanjeeb 45 Apr 7 06:45 folder1 [sanjeeb@server Documents]$ cd folder1 [sanjeeb@server folder1]$ ls -lh total 0 -rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr 7 06:45 file1 -rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr 7 06:45 file2 -rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr 7 06:45 file3
Example 4: Removing rwx permission from file1 for other users
[sanjeeb@server folder1]$ chmod o-rwx file1 [sanjeeb@server folder1]$ ls -lh total 0 -rwxrwx---. 1 sanjeeb sanjeeb 0 Apr 7 06:45 file1
Example 5: Removing execute permission from owner, write-execute permission from group and everything from other in file2
[sanjeeb@server folder1]$ chmod u-x,g-wx,o= file2 [sanjeeb@server folder1]$ ls -lh | grep file2 -rw-r-----. 1 sanjeeb sanjeeb 0 Apr 7 06:45 file2