Linux User Management and File Permissions

Linux Users, Groups, and File Permissions: A Deep Dive

Why Do We Need User Accounts and File Permissions in Linux?

Imagine a company office where multiple employees share a workspace. Each employee has their own desk (personal files) and shared meeting rooms (public directories). To maintain order, employees should only have access to their own desks and specific shared spaces. Similarly, in Linux, user accounts and file permissions ensure that only authorized users can access certain files and directories, maintaining security and privacy.

Every Linux user is associated with an account that determines their identity and access levels.

And What is a Group?

A group is a collection of users, used to organize users based on common attributes such as roles and functions.

Remember, if a user is not a part of any group while its creation, it has a primary group assigned to itself with the same name as the username.

User accounts come with several attributes:

• User ID (UID): A unique identifier for each user.

• Group ID (GID): The primary group associated with the user.

• Home Directory: The default location where user files and configurations are stored.

• Default Shell: The command-line interface the user interacts with upon logging in.

Types of Accounts in Linux

Linux accounts fall into different categories:

1. Regular Users: Standard accounts with limited access, meant for everyday use.

2. Superuser (Root): The administrator with unrestricted system access. UID= 0

3. System Accounts: Used for system processes and background services. UID (500-1000)

4. Service Accounts: Created for applications that require specific permissions.

Understanding the sudo Group

In Linux, direct root access can be risky. Instead, users are given sudo privileges to execute administrative commands temporarily. The sudo group allows users to perform actions that typically require root access.

To add an existing user to the sudo group:

usermod -aG sudo username

Replace username with the actual username.

Managing Users and Groups

Creating a new group:

groupadd fsociety

Adding a new user and assigning them to a specific group:

useradd -m -d /home/john -s /bin/bash -G fsociety elliot

This creates a user john with a home directory, a default shell, and assigns them to the developers group.

Key System Files for User Management

1. /etc/passwd - Stores user account information such as UID, GID, home directory, and shell.

   

   And here i am :

   

2. /etc/shadow - Contains encrypted passwords and expiration details for user accounts.

   

   Ohhh look, PERMISSION DENIED!!

   

   Good thing i have sudo privilages huh?!

   Also if you see, my password is stored using a cryptographic hash using modern cryptographic hashing algorithms.

   

3. /etc/group - Lists all system groups and their associated users.

   

   You can see a yashp group with GID=1000, it is the primary group that was created with the same name as my account username.

File Permissions: Why They Matter

Restricting file access prevents unauthorized modifications and data leaks. For example, SSH private keys need strict permissions; otherwise, SSH will refuse to use them.

Understanding the Octal Permission System

Each file in Linux has three types of permissions:

• Read (r) = 4

• Write (w) = 2

• Execute (x) = 1

Permissions apply to three categories:

1. Owner (the file creator)

2. Group (users in the same group as the owner)

3. Others (everyone else)

Lets see what i actually mean..

Created these files using touch command with default permissions. You can see the files have read and write permissions for the owner i.e yashp user account, and only read permissions for members of the group yashp and other global users.

Setting permissions using chmod:

chmod 777 filename

This sets:

• Owner: rwx (7 = 4+2+1)

• Group: rwx (5 = 4+0+1)

• Others: rwx (4 = 4+0+0)

As you can see Read, Write and Execute permissions are allocated to the Owner, Members of the Group and other Global users. Try and experiment different combinations yourself to get a good idea about this.

File Ownership and the chown Command

Each file has an owner and an associated group. Changing ownership:

chown newowner:newgroup filename

Example:

chown alice:developers project.txt

This makes alice the owner and assigns the developers group.

Conclusion

User and file management in Linux ensures security, privacy, and system integrity. Understanding these concepts helps prevent unauthorized access and system misuse, making Linux both powerful and secure.