Blog 4: FILE PERMISSIONS & USER/GROUP
MANAGMENT  IN LINUX

Blog 4: FILE PERMISSIONS & USER/GROUP MANAGMENT IN LINUX

1) ls -l : Listing File Attribute:

we have seen the number of options with ls command (for eg. ls -a ,ls -i,ls -t ,ls -u etc) the ls -l command displays most attributes of file - like its permissions,size and ownership details.

Let me describe the significance of the each field in the above output.

a) File Type and Permissions: The first column shows the type and permission associated with each file. The first character in this column is mostly -, which indicates the file is an ordinary file. After this there are series of characters that can take the values r,w,x and -. In Linux files can have three types of permissions-read,write and execute.

b) Links: The second column indicates the no of links associated with the file .

c) Ownership: When you create any file you automatically become its owner. The third column shows Ubuntu as the owner of all these files

d) Group Ownership: When opening a user account the SA also assigns the user to some groups . The fourth column represents the group owner of the file

e) File Size: the fifth column shows the size of the file in bytes it means amount of the data it contains

f) Last Modification Time: Sixth,seventh and eight columns indicate the last modification time of the file which is stored to the nearest second.

g) Filename: The last column displays the filename

The -d OPTION: LISTING DIRECTORY ATTRIBUTES

FILE OWNERSHIP

Before we discuss about the file permissions lets first understand the significance of the file ownership. When you create a file ,your username shows up in the third columnof the file listing you are the owner of the file, the fourth field groupname ; your group is the group owner of the file.

FILE PERMISSIONS :

Linux has a simple and well defined system of assigning permissions to files. Lets see the output of ls -l

The first column represents the file permissions .Lets break up the permissions string of the file colors.txt into three groups:

rw- r-- r-x

Each group here represents a category and contains three slots, representing the read,write and execute permissions of the file that means r indicates read permissions which means cat can display the file, W indicates the write permissions means you can editor the file with an editor and X indicates execute permissions the file can be executed as a program.

The first group (rw) has read write permissions it means file can be read and write by the owner of the file.

The second group (r--) file can be readable by the group owner of the file

The third group (r-x) has write and execute permissions which is not the better idea to give these permissions to those who neither the owner and not belong to the group.

CHMOD : CHANGING FILE PERMISSIONS

CHMOD command is used to set the permissions of one or more files for all three categories of users(user,group and others) . There are two ways of changing the permissions - Relative Permissions & Absolute Permissions

Relative Permissions:

When changing the permissions relatively,chmod only changes the permissions specified in the command line and leave the other permissions unchanged

The expression contains three components:

User category (user,group,others)
The operation to be performed(assign or remove permissions.
The type of permissions (read,write and execute)

Examples:

Absolute Permissions: Sometimes you don't need to know what a file's current permissions are but want to set all nine permissions explicitly. The expression used by chmod is a string of three octal numbers.

Read Permission -4(Octal 100)
Write Permission- 2(Octal 010)
Execute Permission-1(Octal 001)
Chmod can use this three-digit string as an expression.

CHMOD Using Recursively (-R)

CHOWN: Changing File Owner

chown command can be used to change the ownership of any file.

CHGRP: Changing Group Owner

By default the group owner of a file is the group to which the owner belongs. The chgrp(change group) command change's a file's group owner.

USER MANAGEMENT

'USER' in Linux is not meant to be only a person; it can represent a project or an application as well. For the creation and maintenance of user accounts, Linux provides three commands -useradd,usermod and userdel.

Creating a user involves defining the following parameters:

. User Identification Number (UID) and username.
. Group Identification Number(GID) and group name.
. Home Directory
.Login Shell
. Mailbox in /var/mail.
. Password
Most of these parameters are found in a single line identifying the user in /etc/passwd. Let's create a group for users and then add users to the group

a) groupadd: Adding a Group

If the user is to be placed in a new group , an entry for the group will be created first in /etc/group. A user always has one primary group and may also have one or more supplementary groups.

cat /etc/group

ubuntu:x:1000:
root:x:0:

To create a new group Devops with GID 200 you can use groupadd command.
ubuntu@ip-172-31-8-126:~$ sudo groupadd -g 200 Devops
Devops:x:200:

b) user add: Adding a user
user add command adds a new user to the system. It make changes to the following files:

  • /etc/passwd

  • /etc/shadow

  • /etc/group

  • /etc/gshadow

  • creates a directory for the new user in /home

    Syntax: useradd [options] name of the user

    a) To add simple user 'Anurag'

    b) To create a user with specific user id:

c) To create a user with specific group id :

d) To create a user with a comment:

You can see other options by running the below command

sudo useradd --help

How we can add an existing user to the groups see the commands below:

passwd : This command is used to set the new password for the newly created user.
ubuntu@ip-172-31-8-126:~$ sudo useradd -u 210 -g Devops -c "TestUser" -d /home/anurag -s /bin/sh -m Anurag

ACCESS CONTROL LIST -ACL IN LINUX:

Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. ACL allows you to give permissions for any user or group to any disc resource.
Think of a scenario in which a particular user is not a member of a group created by you but still you want to give some read or write access, how can you do it without making the user a member of the group, here comes in picture Access Control Lists, ACL helps us to do this trick.

Examples:

List of commands for setting up ACL :

1) To add permission for user setfacl -m "u:user:permissions" /path/to/file 2) To add permissions for a group setfacl -m "g:group:permissions" /path/to/file 3) To allow all files or directories to inherit ACL entries from the directory it is within setfacl -dm "entry" /path/to/dir 4) To remove a specific entry setfacl -x "entry" /path/to/file 5) To remove all entries setfacl -b path/to/file

Examples:

You can check other options used with setfacl with sudo setfacl --help command.

That's all for today I hope I have explained all these topics clearly and make it easy to understand for everyone in the next blog we will learn about the most used commands 'grep', and 'awk' and also learn the basics about Shell Scripting in Linux.

Thanks for Reading Learn Together Grow Together.

#linuxlearnings#roadmapfordevops