|
Linux Examples - USERS AND GROUPS• Create New Group • Delete User's Home Directory • Delete User • Create New Users, A Home Directory In /home And A Group • List All Groups • File Permissions And Ownership • Linux File System Object Types • Directory Permissions • Create Passwords For Our New Users • Add User To Existing Group • List Users Groups • Login As Another User • Add User To The Sudo Group • User Creates File In Another User's Directory • chmod Permissions Table Create New Group
sudo groupadd defjam Delete User's Home Directorysudo rm -r /home/username/ Delete Usersudo userdel username Create New Users, A Home Directory In /home And A Group
Create user called “fred”: List All Groupscut -d: -f1 /etc/group
Typing the following reveals that the home directories were indeed created: File Permissions And OwnershipWith regard to "fred":
d rwxr-xr-x fred fred
So, for example, regarding the 1st line (fred’s home directory). This directory can be read, written to and executed by the owner (fred). We can see that the owner is fred and the group that this directory belongs to is fred. The Group can only read and execute but not write. Other can only read and execute but not write. Linux File System Object Types
Directory Permissions
Directories use the same permissions flags as regular files however they are interpreted differently. For example: Create Passwords For Our New Users
passwd fred Add User To Existing Group
Recall that we created the group called "defjam" earlier on. List Users Groups
groups fred
groups jen
groups jon → So user "jen" is NOT a member of the "defjam" group whereas both users "fred" and "jon" are members of the group "defjam". Login As Another User
Log in as user “fred” without having to leave the current terminal: Add User To The Sudo GroupI want user fred to be able to create a file in user jon’s directory. Without user fred having sudo access I can’t do it.
Obviously if I give user fred sudo access then he can create a file there by merely typing:
sudo usermod -aG sudo <username>
NOTE: You will need to either restart your shell/terminal or log out and back in for this to take effect. sudo usermod -aG sudo fred Now let’s list all of user fred's groups. As you can see it worked: User Creates File In Another User's Directory
User fred can now use sudo to create a file in user jon’s home directory:
NOTE: chown stands for CHange OWNer
ls -l At the moment jon’s home directory says rwx r-x r-x. So the Owner (jon) has rwx permission. Therefore jon can read,write and execute. The group (defjam) can only r-x, i.e. read and execute and other can only r-x read and execute too. So I also need the directory to allow its group (defjam) to read,write,execute: chmod Permissions TableIn order to understand how these files permissions are constructed, the following table is useful:
The number systems used here may at first glance look confusing however via binary it is simple (assuming you are familuar with binary that is!). To work these out mentally, for example, r – x looks like 101 binary i.e. 5 Octal (or 5 decimal). Octal and decimal look identical up until the number 7. Note: In Octal, the next number after 07 is 10. In terms of thinking in binary, just assume a “-” is a zero, and anything else is a 1. As I said above, I need the directory to allow its group (defjam) to read,write,execute. So I need it to look like this
Therefore I need to use the following command: sudo chmod 775 jon So now the home directory permissions of user “jon” says that the Owner (jon) of the directory (d) can rwx (read,write,execute), the group that the directory is associated with (defjam) can rwx (read,write,execute) and the others can only r-x (read and execute). i.e. Now user “fred” can go into home directory “jon” and create a file without having to use sudo: Also note that: chmod 0775 is the same as chmod 775 User jon can delete anything inside his directory. This new file Pic2.jpg created by user “fred” is owned by user “fred” and a member of group “fred”. However as it is inside the directory /home/jon/ i.e. this directory which is Owner by User “jon”. User jon has rwx (read,write,execute) permissions and can therefore delete or change this file. Also Pic1.jpg was creaded by user “root” via sudo. Again, User “jon” can delete this as it is inside his directory and he has wrx permissions on this directory: I recreate these 2 picture files Pic1.jpg and Pic2.jpg identically as before… User “Jen” is not a member of this group “defjam” so if she tries to create a file inside /homepage/jon/ then she will fail as she is (Other) and Other merely has r-x (read and execute) permissions but not write permissions: Also I can block user jen from seeing inside this directory. If I only want to allow the Owner(User) i.e. User “jon” and the Group associated with this directory (defjam) to see inside this directory BUT no Others (i.e. jen) then I can do:
Remember user "Jen" doesn’t have sudo access so I have to be fred or root to do this. I'll use user fred to do it via sudo: Now let’s login as user "jen" and try and look inside user "jon’s" directory: So user "jen" can’t see inside user "jon’s" directory. However User "jon" and User "fred" can both see inside it and create files: Remember that User fred’s home directory group isn’t group "defjam" it is group "fred" so User "jon" and User "jen" CAN’T create files inside there. Also User jen and jon aren’t members of the group sudo thus they can not create any files inside User fred’s home directory. E.g. using User "jon": |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Linux Examples - Comments |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||