๐ง User Management & File Permissions in Linux: A Comprehensive Guide ๐
#Day5ofDevOpsBlog
Managing users and groups is a fundamental aspect of Linux system administration. Effective user management ensures the security and efficiency of the system. Lets deep Dive in it !!!
1. User Management Commands ๐ค
Adding a New User:
sudo useradd <username>
Creates a new user account.
sudo useradd -m <username>
Creates a new user account and also creates a directory with the name of user.
Setting a Password for a User:
sudo passwd <username>
Sets or changes the password for a user.
To see the list of Users:
cat /etc/passwd
Deleting a User:
sudo userdel <username>
Deletes a user account.
Modifying a User:
sudo usermod -option username
Modifies user account attributes, such as the home directory or shell. For exploring options use the command "usermod --help"
Viewing User Information:
id <username>
Displays user ID (UID), group ID (GID), and group memberships.
Switching User :
su <username>
2. Group Management Commands ๐ฅ
Adding a New Group:
sudo groupadd <groupname>
Creates a new group.
To see all groups:
cat /etc/group
Deleting a Group:
sudo groupdel <groupname>
Deletes a group.
Adding a User to a Group:
sudo usermod -aG groupname username #Here in flag -a G, a is for add user
# and G is for grp.
Adds a user to a group.
Removing a User from a Group:
sudo gpasswd -d <username> <groupname>
Removes a user from a group.
3. File Ownership and Permissions ๐
To list down all permissions of a File or Directory:
ls -ltr
Changing Ownership (chown
):
sudo chown owner:group <filename>
Changes the owner and group of a file or directory.
Changing Group (chgrp
):
sudo chgrp groupname filename
Changes the group ownership of a file or directory.
Changing Mode (chmod
):
chmod <permissions> <username/groupname>
-> Special Permissions: SUID, GUID, and Sticky Bit ๐
SUID (Set User ID): When the SUID bit is set on an executable file, the file runs with the permissions of the file owner instead of the user executing the file.
sudo chmod u+s filename
GUID (Set Group ID): When the GUID bit is set on a directory, files created within the directory inherit the group of the directory, not the primary group of the user.
sudo chmod g+s directory
Sticky Bit: When the sticky bit is set on a directory, only the file owner, the directory owner, or root can delete or rename files within that directory.
sudo chmod +t directory
Viewing Special Permissions:
ls -l
The output will show s
for SUID, s
for GUID, and t
for the sticky bit in the permission field.
4. Access Control Lists (ACLs) ๐
ACLs provide more granular permissions than traditional Unix file permissions.
Viewing ACLs (getfacl
):
getfacl filename
Displays the ACL of a file or directory.
Setting ACLs (setfacl
):
setfacl -m u:username:rwx filename
Sets the ACL for a user on a file or directory.
Removing ACLs:
setfacl -x u:username filename
Removes the ACL for a user on a file or directory.
Default ACLs:
setfacl -d -m u:username:rwx directory
Sets the default ACL for new files created within a directory.
Examples and Use Cases ๐ ๏ธ
Creating a User and Adding to a Group:
sudo useradd john sudo passwd john sudo usermod -aG developers john
Changing File Ownership and Setting SUID:
sudo chown root:developers /usr/bin/someprogram sudo chmod u+s /usr/bin/someprogram
Setting ACLs for a Shared Directory:
sudo mkdir /shared sudo setfacl -m u:john:rwx /shared sudo setfacl -m u:jane:rwx /shared sudo setfacl -d -m u:john:rwx /shared sudo setfacl -d -m u:jane:rwx /shared
Conclusion ๐
Understanding user and group management in Linux is crucial for maintaining a secure and efficient system. By mastering these commands, you can effectively control access to resources and ensure proper permissions are set for users and files.
๐ Happy administering! ๐ง
Feel free to reach out or connect with me if you have any questions or need further clarification on any of these topics.