User Accounts and Permissions Chapter IV / Part II

Accounts Linux is a multiuser operating system Account for a user identified by username password for authentication Password file: used for authentication username:password:uid:gid:gecos:homedir:shell Two types of accounts Root Called super user Every Linux system has one Can create other accounts for users User Restricted Can be given more permissions Some accounts may not have any actual user needed by some application

Accounts.. Root account created during installation One or more user accounts as well Shouldn’t login using root account Potentially dangerous Can change into any user using su user prompt for the user’s password su changes to root account To run a single command with root previliges use sudo

Accounts Creating new users only admins can do this adduser command most default options are ok New users should change their password: passwd root can do this for a user: passwd user Deleting users accounts: userdel -r username Disabling a user temporarily Put * before password in the entry in /etc/passwd

Permissions Very critical in multi-user environment Maintain access over files for different users Other users cannot access your files Critical files can only be accessed by root Besides users, there are groups Similar users can be grouped together Easy to maintain permissions for a group Easy to share files within a group A user can belong to more than one group groups,newgrp command Permissions are maintained for User Group Others

Permissions Permissions under Linux are Ownership Access rights Ownership - who owns the file The creator of a file becomes its owner Creator’s default group becomes the group owner Ownership can be changed later The super user, root, owns everything Can modify ownership Can change access rights

Access rights (Permissions) Access rights Who can read, write, view a file Read File - open it Directory - open it, list its contents Write File - change its contents Directory - add or remove its contents Execute File - execute it Directory - list using ls -l : extended information

Permissions ls -l to view the permissions Sample output links

Changing Ownership Root to do this To change ownership: chown chown username file_or_dir To change group ownership: chgrp chgrp groupname file_or_dir combine if username & group name are same chown name:name file_or_dir

Changing Permissions chmod command standard way to change permissions a : all u : current user (who is using chmod) g : file’s current group o : other users, not in g + : add an attribute - : remove an attribute = : set (absolutely) a permission r, w, x: read, write, execute root can change permissions to any file/directory Besides root, only the owner can change permissions

Changing Permissions Simple example: make a file executable chmod +x filename : gives permission to everyone to only yourself: chmod u+x filename to yourself and group: chmod ug+x filename multiple: chmod ug+rwx filename remove a permission: chmod o-x filename give write permission to all: chmod a+w filename remove all permissions and set file readable by user only chmod u=r filename -r option: set permission to every item in a directory chmod a+rw -r dirname