Groups are useful for grouping a number of special permissions on the system to a group of users, each user must belong to at least one group. In any system there must be a superuser (root), which will have all the permits and maximum privileges allowing to do any work on the system.
Here are some examples of the most common commands for managing groups, users and their respective permissions.
Users and Groups
groupadd group_name # create a new group groupdel group_name # delete a group groupmod -n new_group_name old_group_name # rename a group useradd user1 # create new user useradd -c full_name -g admin -d /home/user1 -s /bin/bash user1 # create a user user1 belonging to the admin group userdel -r user1 # delete a user and delete the home directory usermod -c “User FTP” -g system -d /ftp/user1 -s /bin/nologin user1 # change user attributes usermod -aG grupo1,grupo2 user1 # add the user1 user to existing groups passwd # change password passwd user1 # change password for user1 chage -E 2011-12-31 user1 # change the date in which a user password expires pwck # check the correct syntax format file /etc/passwd and the existence of users grpck # check the correct syntax format file /etc/group and the existence of groups
Permissions on files
ls -lh # show Permissions ls /tmp | pr -T5 -W$COLUMNS # terminal split into 5 columns chmod ugo+rwx dir1 # set permissions of read (r), write (w) and execute (x) to the owner (u), group (g) and other (o) on the directory dir1 chmod go-rwx dir1 # remove read permission (r), write (w) and execute (x) to the group (g) and others (o) on the directory dir1 chown user1 file1 # change the owner of a file chown -R user1 dir1 # change the owner of a directory and all files and directories contained within chgrp grupo1 file1 # change file group chown user1:grupo1 file1 # change user and group ownership of a file find / -perm -u+s # display all system files with SUID configured chmod u+s /bin/file1 # set the SUID bit on a binary file. The user running this file takes the same privileges as owner chmod u-s /bin/file1 # disable SUID bit on a binary file chmod g+s /home/public # set SGID bit on a directory, similar to SUID but for directory chmod g-s /home/public # disable SGID bit on a directory chmod o+t /home/public # set STIKY bit in a directory. Allows deletion of files only rightful owners chmod o-t /home/public # disable STIKY bit in a directory