This document discusses Linux file permissions and ownership. It covers commands used to manage permissions and ownership, including chmod, chown, chgrp, umask. Key areas covered include permissions for users, groups and others; permission levels for files and directories; and configuring user and group information stored in /etc/passwd, /etc/shadow, and /etc/groups files. The goal is to teach system administrators how to manage access permissions on files and directories to maintain security.
7. CoreLinuxforRedHatandFedoralearningunderGNUFreeDocumentationLicense-Copyleft(c)AcácioOliveira2012
Everyoneispermittedtocopyanddistributeverbatimcopiesofthislicensedocument,changingisallowed
Manage file permissions and ownership
manage files with management commands
7
For /etc/passwd shadow and groups
While it is possible to edit the three files directly, it’s easier and safer to use:
management commands to create, modify and delete users and groups
useradd, usermod, userdel, groupadd, groupmod, groupdel
Useradd Add a new user to the system
Accepts various arguments to control the settings on the user account.
Most common is -g to specify primary group of user, and -G to list secondary group memberships.
Ex: useradd lisa
useradd -g clowns -G trouble,simpson bart
Usermod Modify a user’s settings.
Ex: usermod -G detention bart
userdel Remove a user from the system.
Main option is -r, which tells userdel to remove the user’s home and spool directories.
Ex: userdel moe
10. CoreLinuxforRedHatandFedoralearningunderGNUFreeDocumentationLicense-Copyleft(c)AcácioOliveira2012
Everyoneispermittedtocopyanddistributeverbatimcopiesofthislicensedocument,changingisallowed
Manage file permissions and ownership
Ownership and Permissions
10
All files are associated with one user and one group (ownership).
This creates the foundation for the main security infrastructure in the Linux (Unix).
When a process attempts an operation on a file, the user and group of the process (every process is associated with one
user and one group) are compared with the user and group of the file, which determines what level of permissions is
granted or denied on the file.
Every file has 3 levels of permissions:
•User
•Group
•Other
When a process seeks access, the process user is compared to the file user - if they match, the
process gets the User permissions. Next Group. If no match, Other level access
All permission information is summarized with 9 characters:
rwxrwxrwx
The presence of the letter indicates the permission is granted, a hyphen in it’s place indicates
the permission is denied. Read only: r--r--r--