Users, Groups and Other Linux Beasts: Part 2 - Printable Version +- Sick Gaming (https://www.sickgaming.net) +-- Forum: Computers (https://www.sickgaming.net/forum-86.html) +--- Forum: Linux, FreeBSD, and Unix types (https://www.sickgaming.net/forum-88.html) +--- Thread: Users, Groups and Other Linux Beasts: Part 2 (/thread-85662.html) |
Users, Groups and Other Linux Beasts: Part 2 - xSicKxBot - 07-16-2018 Users, Groups and Other Linux Beasts: Part 2 <div style="margin: 5px 5% 10px 5%;"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts-part-2.jpg" width="1036" height="598" title="" alt="" /></div><div><div><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts-part-2.jpg" class="ff-og-image-inserted" /></div> <p>In this ongoing tour of Linux, we’ve looked at <a href="https://www.linux.com/blog/learn/2018/5/manipulating-directories-linux">how to manipulate folders/directories</a>, and now we’re continuing our discussion of <i>permissions</i>, <i>users</i> and <i>groups</i>, which are necessary to establish who can manipulate which files and directories. <a href="https://www.linux.com/learn/intro-to-linux/2018/7/users-groups-and-other-linux-beasts">Last time,</a> we showed how to create new users, and now we’re going to dive right back in:</p> <p>You can create new groups and then add users to them at will with the <code>groupadd</code> command. For example, using:</p> <pre> sudo groupadd photos </pre> <p>will create the <i>photos</i> group.</p> <p>You’ll need to <a href="https://www.linux.com/blog/learn/2018/5/manipulating-directories-linux">create a directory</a> hanging off the root directory:</p> <pre> sudo mkdir /photos </pre> <p>If you run <code>ls -l /</code>, one of the lines will be:</p> <pre> drwxr-xr-x 1 root root 0 jun 26 21:14 photos </pre> <p>The first <i>root</i> in the output is the user owner and the second <i>root</i> is the group owner.</p> <p>To transfer the ownership of the <i>/photos</i> directory to the <i>photos</i> group, use</p> <pre> chgrp photos /photos </pre> <p>The <code>chgrp</code> command typically takes two parameters, the first parameter is the group that will take ownership of the file or directory and the second is the file or directory you want to give over to the the group.</p> <p>Next, run <code>ls -l /</code> and you’ll see the line has changed to:</p> <pre> drwxr-xr-x 1 root photos 0 jun 26 21:14 photos </pre> <p>You have successfully transferred the ownership of your new directory over to the <i>photos</i> group.</p> <p>Then, add your own user and the <i>guest</i> user to the <i>photos</i> group:</p> <pre> sudo usermod <<i>your username here</i>> -a -G photos sudo usermod guest -a -G photos </pre> <p>You may have to log out and log back in to see the changes, but, when you do, running <code>groups</code> will show <i>photos</i> as one of the groups you belong to.</p> <p>A couple of things to point out about the <code>usermod</code> command shown above. First: Be careful not to use the <code>-g</code> option instead of <code>-G</code>. The <code>-g</code> option changes your primary group and could lock you out of your stuff if you use it by accident. <code>-G</code>, on the other hand, <i>adds</i> you to the groups listed and doesn’t mess with the primary group. If you want to add your user to more groups than one, list them one after another, separated by commas, no spaces, after <code>-G</code>:</p> <pre> sudo usermod <<i>your username</i>> -a -G photos,pizza,spaceforce </pre> <p>Second: Be careful not to forget the <code>-a</code> parameter. The <code>-a</code> parameter stands for <i>append</i> and attaches the list of groups you pass to <code>-G</code> to the ones you already belong to. This means that, if you don’t include <code>-a</code>, the list of groups you already belong to, will be overwritten, again locking you out from stuff you need.</p> <p>Neither of these are catastrophic problems, but it will mean you will have to add your user back manually to all the groups you belonged to, which can be a pain, especially if you have lost access to the <i>sudo</i> and <i>wheel</i> group.</p> <h3>Permits, Please!</h3> <p>There is still one more thing to do before you can copy images to the <i>/photos</i> directory. Notice how, when you did <code>ls -l /</code> above, permissions for that folder came back as <i>drwxr-xr-x</i>.</p> <p>If you read <a href="https://www.linux.com/learn/understanding-linux-file-permissions">the article I recommended at the beginning of this post</a>, you’ll know that the first <i>d</i> indicates that the entry in the file system is a directory, and then you have three sets of three characters (<i>rwx</i>, <i>r-x</i>, <i>r-x</i>) that indicate the permissions for the user owner (<i>rwx</i>) of the directory, then the group owner (<i>r-x</i>), and finally the rest of the users (<i>r-x</i>). This means that the only person who has write permissions so far, that is, the only person who can copy or create files in the <i>/photos</i> directory, is the <i>root</i> user.</p> <p>But <a href="https://www.linux.com/learn/understanding-linux-file-permissions">that article I mentioned also tells you how to change the permissions for a directory or file</a>:</p> <pre> sudo chmod g+w /photos </pre> <p>Running <code>ls -l /</code> after that will give you <i>/photos</i> permissions as <i>drwxrwxr-x</i> which is what you want: group members can now write into the directory.</p> <p>Now you can try and copy an image or, indeed, any other file to the directory and it should go through without a problem:</p> <pre> cp image.jpg /photos </pre> <p>The <i>guest</i> user will also be able to read and write from the directory. They will also be able to read and write to it, and even move or delete files created by other users within the shared directory.</p> <h2>Conclusion</h2> <p>The permissions and privileges system in Linux has been honed over decades. inherited as it is from the old Unix systems of yore. As such, it works very well and is well thought out. Becoming familiar with it is essential for any Linux sysadmin. In fact, you can’t do much admining at all unless you understand it. But, it’s not that hard.</p> <p>Next time, we’ll be dive into files and see the different ways of creating, manipulating, and destroying them in creative ways. Always fun, that last one.</p> <p>See you then!</p> <p><em>Learn more about Linux through the free <a href="https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux">“Introduction to Linux” </a>course from The Linux Foundation and edX.</em></p> </div> |