Main menu
How to manage groups, users and permissions?

How to manage groups, users and permissions?

Linux is a multiuser and multitasking operating system, ie, multiple users can work on the system simultaneously running several tasks at once. It is therefore, very important that the operating system allows the management and control of users.

Unix based systems organize all this by users and groups, where each user must be identified with a user name and password. During login, the password entered by each user, is encrypted and compared to the encrypted passwords that were previously stored in the system.

Groups are useful for grouping a number of special permissions on the system to a group of users, each user must belong to at least one group. In any system there must be a superuser (root), which will have all the permits and maximum privileges allowing to do any work on the system.

Here are some examples of the most common commands for managing groups, users and their respective permissions.

 

Users and Groups

groupadd group_name               # create a new group
groupdel group_name               # delete a group
groupmod -n new_group_name old_group_name          # rename a group
useradd user1                     # create new user
useradd -c full_name -g admin -d /home/user1 -s /bin/bash user1        # create a user user1 belonging to the admin group
userdel -r user1                  # delete a user and delete the home directory
usermod -c “User FTP” -g system -d /ftp/user1 -s /bin/nologin user1    # change user attributes
usermod -aG grupo1,grupo2 user1   # add the user1 user to existing groups
passwd                            # change password
passwd user1                      # change password for user1
chage -E 2011-12-31 user1         # change the date in which a user password expires
pwck                              # check the correct syntax format file /etc/passwd and the existence of users
grpck                             # check the correct syntax format file /etc/group and the existence of groups

 

Permissions on files

ls -lh                          # show Permissions
ls /tmp | pr -T5 -W$COLUMNS     # terminal split into 5 columns
chmod ugo+rwx dir1              # set permissions of read (r), write (w) and execute (x) to the owner (u), group (g) and other (o) on the directory dir1
chmod go-rwx dir1               # remove read permission (r), write (w) and execute (x) to the group (g) and others (o) on the directory dir1
chown user1 file1               # change the owner of a file
chown -R user1 dir1             # change the owner of a directory and all files and directories contained within
chgrp grupo1 file1              # change file group
chown user1:grupo1 file1        # change user and group ownership of a file
find / -perm -u+s               # display all system files with SUID configured
chmod u+s /bin/file1            # set the SUID bit on a binary file. The user running this file takes the same privileges as owner
chmod u-s /bin/file1            # disable SUID bit on a binary file
chmod g+s /home/public          # set SGID bit on a directory, similar to SUID but for directory
chmod g-s /home/public          # disable SGID bit on a directory
chmod o+t /home/public          # set STIKY bit in a directory. Allows deletion of files only rightful owners
chmod o-t /home/public          # disable STIKY bit in a directory

 

Last modified onThursday, 22 September 2016 20:46
Rate this item
(0 votes)
Luis Sequeira

Luis Sequeira is an IT professional with experience in cloud environments, quality of service and network traffic analysis, who loves looking for solutions to engineering challenges, share knowledge. At work, the main challenge is to integrate different network and software technologies to provide solution in a wide range of areas, e.g., virtual network functions, machine learning, autonomous driving, robotics and augmented reality.

Website: https://www.luissequeira.com

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Facebook TwitterRSS