Linux Basics #6 - Permissions

DevOps

Last Edited: 12/20/2024

This blog post introduces file permission and user management in Linux.

DevOps

Just like in other operating systems like macOS and WindowsOS that we are familiar with, we can configure multiple users and their permissions to access files and run certain processes in Linux. In this article, we will discuss user management and permissions in Linux.

Create New User

So far, we have kept seeing root@~ at the beginning of each line. This means that we have been using the root user, which is a superuser that can access any file and any process. However, running a certain service or application on Linux with the root user might not be ideal for security reasons. Hence, we can create a new user with restricted permissions. To create a new user, we can use the following command:

useradd -m -s /bin/bash [user_name]

The -m flag creates a home directory in /home/[user_name], and the -s flag specifies the shell to log in. There are other flags like -c and -u, which can specify comments and the user ID (UID). After creating a user, you must add a password using passwd [user_name]. To confirm that the user is created successfully, we can check /etc/passwd, which lists the users' information.

newuser:x:1000:1000:NewTestUser:/home/newuser:/bin/bash

The above is an example of an added user displayed in /etc/passwd. The information is separated by colons (:). The first section is the username, the second section is the user password (x means it is hidden in /etc/shadow), the third and fourth sections are the user ID and group ID, the fifth section is the comment, the sixth section is the home directory, and finally, the seventh section is the shell.

To log in as the new user, we can use su - [user_name]. You should observe that the beginning of each line changes from root@~ to [user_name]@~:/#. The / directory for a normal user should be set to the user's home directory, and you can confirm this by using the pwd command.

File Permission

When we use ls -l or ll to list files and look at all the details, we should see something like the following:

drwxr-xr-x 1 root    root    4096 Oct 9 15:19 ./

Let’s clarify what each element means. The first part of the line, drwxr-xr-x, shows the file permissions. The characters can be divided into four parts like d | rwx | r-x | r-x, which correspond to the file type (d for directory and - for a regular file), user permissions, group permissions, and other users' permissions. The user and group are specified in the next two blocks after the link count. The last three sections are the file size in bytes, the last modified date, and the file name.

The r means it is readable, w means it is writable, and x means it is executable. In the above example, we can see that the file is readable, writable, and executable by the root user, but only readable and executable for the root group and other users. Hence, as a new user, if you try writing a new text file, you should see an error saying "permission denied."

Modifying Permission

Typically, you can only change the permission of a directory or a file with the root user, using the chmod (or change mode) command. The following is an example command for modifying the permission:

chmod u+x [file_name]

The u+x means that you add (+) executable permission (x) to the user (u). You can use other symbols like -, r, w, and g to specify permission modifications. However, this only allows you to change the permission of a user or group one at a time. To make it more flexible, you can use a command like the following:

chmod 755 [file_name]

Each number represents the permissions corresponding to the user, group, and other users. The number is the sum of the values assigned to each permission: 1 is assigned to executable, 2 is assigned to writable, and 4 is assigned to readable. Hence, 3 means executable and writable, 5 means executable and readable, 6 means writable and readable, and 7 means all.

Modifying Ownership

Another way of changing permissions is to change the ownership of a directory or file, or to change the user and group that it belongs to. To do so, you can use chown and chgrp, which correspond to changing the owner and changing the group. For both, you can specify the new owner or group and the file name.

You can also change the group that a user belongs to by using usermod -g [group_name] [user-name]. Here, the -g flag specifies that the group will be modified. A new group can be created using groupadd [group_name]. The group's permissions can then be modified using chmod for each file owned by the group.

Superuser

When using Linux as a normal user, you might encounter situations where you need to create new users, modify permissions, or install new packages to the system, which can only be done by a superuser. However, switching to the root user every time is not only troublesome but also a risky move for the system's and other users' security. To allow a user to run a specified set of commands on specific directories and files, we can use sudo, which stands for "superuser do." Let’s go back to the root user by using exit, and then run the command apt install sudo to install sudo.

To assign the appropriate privileges to a normal user to run sudo, you can edit the sudoers file using the visudo command, which opens the file in Vim. Inside the file, you should see the following:

# User privilege specification
root    ALL=(ALL:ALL) ALL

Under this section, you can add [user_name] ALL=(ALL:ALL) ALL. This allows [user_name] to act as any user and any group to run any command. Save the changes, and confirm that [user_name] can now do anything with the sudo command, including creating new users, changing permissions, and installing new packages (sudo apt install package).

Conclusion

In this article, we covered the basics of user management, file permissions, and sudo that we must know when using Linux. To delete a user or group, you can use userdel [user_name] and groupdel [group_name], respectively. In the next article, we will look at how we can monitor processes run by the Linux operating system.

Resources

Back to Top↑