RH033 Unit5 Users, Groups and Permissions

Objectivies

1) Upon completion of this unit, you should be able to:

- Explain the Linux security model

- Explain the purpose of user and group accounts

- Read and set file permissions

Users

1) Every user is assigned a unique Users ID number (UID)

- UID 0 identifies root

2) Users’ names and UIDs are stored in /etc/passwd

3) Users are assigned a home directory and a program that is run when they log in (usually a shell)

4) Users cannot read, write or execute each others’ files without permission

Groups

1) Users are assigned to groups

2) Each group is assigned a unique group ID number (gid)

3) GIDs are stored in /etc/group

4) Each user is given their own private group

- Can be added to other groups for addtional access

5) All users in a group can share files that belong to the group

Linux File Security

1) Every file is owned by a UID and a GUI

2) Every process runs as a UID and e or more GIDs

- Usually determined by who runs the process

3) Three access categories:

- Processes running with the same UID as the file (user)

- Processes running with the same GID as the file (group)

- All other process (other)

Permission Precedence

1) If UID matches, user permissions apply

2) Otherwise, if GID matches, group permission apply

3) If neither match, other permission apply

Permission Types

1) Four symbols are used when displaying permissions:

- r: permission to read a file or list a directory’s contents

- w: pemission to write to a file or create and remove files from a directory

- x: permission to execute a program or change into a directory and do a long listing of the directory

- -: no permission (in place of the r,w, or x)

Examining Permissions

1) File permission may be viewed using ls –l

2) File type and permissions represented by a 10-character string

Interpreting Permissions

-rwxr-x--- 1 andersen trusted 2948 Oct 11 14:07 myscript

1) Read, write and execute for the owner, andersen

2) Read and execute for members of the trusted group

3) No access for all others

Changing File Ownership

1) ly root can change a file’s owner

2) ly root or the owner can change a file’s group

3) Ownership is changed with chown:

- chown [-R] user_name file|directory

4) Group-Ownership is changed with chgrp:

- chgrp [-R] group_name file|directory

Changing Permissions – Symbolic Method

1) To change access modes:

- chmod [-R] mode file

2) Where mode is:

- u, g or o for user, group and other

- + or – for grant or deny

- r, w or x for read, write and execute

3) Examples

- ugo+r: Grant read access to all

- o-wx: Deny write and execute to others

Changing Permissions – Numeric Method

1) Uses a three-digit mode number

- first digit specifies owner’s permissions

- second digit specified group permissions

- third digit represent others’ permissions

2) Permissions are calculated by adding:

- 4 (for read)

- 2 (for write)

- 1 (for execute)

3) Example

- chmod 640 myfile

Changing Permissions – Nautilus

1) Nautilus can be used to set the permissions and group membership of files and directories.

- In a Nautilus window right-click a file

- Select Properties from the context menu

- Select the Permissions tab

End of Unit5

1) Questions and Answers

2) Summary

- All files are owned by e user and e group

- The mode of a file is made up of three permissions: those of the user, the group and all others

- Three permissions may be granted or denied: read, write and execute.