User management, File Permissions and Access Control Lists

What is user management in Linux?

In Linux, user management involves creating, modifying, and deleting user accounts. The user accounts contain information about each user, including their username, password, home directory, and group membership.

Following are some basic commands for user management in Linux:-

Creating a user account: -

with this we created the "testuser1" and set a password for the user using :-

passwd testuser1

useradd -m testuser1 by default created the home directory for the user /home/testuser1.

Using id command, you can get the ID of any username. Every user has an id assigned to it and the user is identified with the help of this id. By default, this id is also the group id of the user.

The command to change the home directory. The below command changes the home directory of the user whose username is given and sets the new home directory as the directory whose path is provided.

Understand the /etc/passwd file :-

User account information is stored in the /etc/passwd file. This information includes the account name, home directory location, and default shell, among other values. Linux sysadmins should be able to recognize these fields.

Each field is separated by a : character, and not all fields must be populated, but you must delineate them.

Here's an example of the /etc/passwd fields:

username:password:UID:GID:comment:home:shell

Manage password requirements:-

Many organizations rely on password policies to define appropriate password requirements. Sysadmins can enforce those requirements by using various mechanisms on Linux.

Two common ways of managing password settings are using the /etc/login.defs file or Pluggable Authentication Module (PAM) settings. Be sure to understand the options, fields, and settings for this important security configuration.

Understand the /etc/group file:-

Similar to the /etc/passwd file above, the /etc/group file contains group account information. This information can be essential for troubleshooting, security audits, and ensuring users can access the resources they need.

Understand each field of the file to make life easier as a sysadmin.

The fields in the /etc/group file are:

groupname:password:GID:group members

How do you view Linux file permissions?

The command ls -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

In this example, we can see two different listings. The first field of the ls -l output is a group of metadata that includes the permissions on each file. Here are the components of the listing:

• File type: -

• Permission settings: -rw-r--r--

• Extended attributes: dot (.)

• User owner: root

• Group owner: root

How do you read file permissions?

rw-r--r– This string is an expression of three different sets of permissions:

rw- r-- r-- The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group.

When permissions and users are represented by letters, that is called symbolic mode. For users, u stands for user owner, g for group owner, and o for others. For permissions, r stands for read, w for write, and x for execute.

What are octal values?

When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

r (read): 4 w (write): 2 x (execute): 1 In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions.

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

Owner: rwx = 4+2+1 = 7 Group: r-- = 4+0+0 = 4 Others: r-- = 4+0+0 = 4 The results produce the three-digit value 744.

How do you modify Linux file permissions? You can modify file and directory permissions with the chmod command, which stands for "change mode." To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

$ chmod ug+rwx employee.txt

$ chmod o+r fruits.txt

What are special file permissions?

Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered.

SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command.

SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner. This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files. The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory.

What is ACL ?
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

Use of ACL :
Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.

ACLs are used to make a flexible permission mechanism in Linux.

From Linux man pages, ACLs are used to define more fine-grained discretionary access rights for files and directories.

How to View ACLs?

Use the ‘getfacl‘ command for viewing ACL on any file or directory.

How to Set New ACLs ?

Use the ‘setfacl’ command for setting or modifying on any file or directory.

setfacl -m u:testuser1:rw snap

On the next blog we will learn about package manager and systemctl