July 16, 2018

Users, Groups and Other Linux Beasts: Part 2

ducks-94911_1920.jpg

user groups
We continue our tour of Linux with this tutorial on creating and managing users and groups.

In this ongoing tour of Linux, we’ve looked at how to manipulate folders/directories, and now we’re continuing our discussion of permissions, users and groups, which are necessary to establish who can manipulate which files and directories. Last time, we showed how to create new users, and now we’re going to dive right back in:

You can create new groups and then add users to them at will with the groupadd command. For example, using:

sudo groupadd photos

will create the photos group.

You’ll need to create a directory hanging off the root directory:

sudo mkdir /photos

If you run ls -l /, one of the lines will be:

drwxr-xr-x 1 root root 0 jun 26 21:14 photos

The first root in the output is the user owner and the second root is the group owner.

To transfer the ownership of the /photos directory to the photos group, use

chgrp photos /photos

The chgrp command typically takes two parameters, the first parameter is the group that will take ownership of the file or directory and the second is the file or directory you want to give over to the the group.

Next, run ls -l / and you'll see the line has changed to:

drwxr-xr-x  1 root photos  0 jun 26 21:14 photos

You have successfully transferred the ownership of your new directory over to the photos group.

Then, add your own user and the guest user to the photos group:

sudo usermod <your username here> -a -G photos
sudo usermod guest -a -G photos

You may have to log out and log back in to see the changes, but, when you do, running groups will show photos as one of the groups you belong to.

A couple of things to point out about the usermod command shown above. First: Be careful not to use the -g option instead of -G. The -g option changes your primary group and could lock you out of your stuff if you use it by accident. -G, on the other hand, adds you to the groups listed and doesn't mess with the primary group. If you want to add your user to more groups than one, list them one after another, separated by commas, no spaces, after -G:

sudo usermod <your username> -a -G photos,pizza,spaceforce

Second: Be careful not to forget the -a parameter. The -a parameter stands for append and attaches the list of groups you pass to -G to the ones you already belong to. This means that, if you don't include -a, the list of groups you already belong to, will be overwritten, again locking you out from stuff you need.

Neither of these are catastrophic problems, but it will mean you will have to add your user back manually to all the groups you belonged to, which can be a pain, especially if you have lost access to the sudo and wheel group.

Permits, Please!

There is still one more thing to do before you can copy images to the /photos directory. Notice how, when you did ls -l / above, permissions for that folder came back as drwxr-xr-x.

If you read the article I recommended at the beginning of this post, you'll know that the first d indicates that the entry in the file system is a directory, and then you have three sets of three characters (rwx, r-x, r-x) that indicate the permissions for the user owner (rwx) of the directory, then the group owner (r-x), and finally the rest of the users (r-x). This means that the only person who has write permissions so far, that is, the only person who can copy or create files in the /photos directory, is the root user.

But that article I mentioned also tells you how to change the permissions for a directory or file:

sudo chmod g+w /photos

Running ls -l / after that will give you /photos permissions as drwxrwxr-x which is what you want: group members can now write into the directory.

Now you can try and copy an image or, indeed, any other file to the directory and it should go through without a problem:

cp image.jpg /photos

The guest user will also be able to read and write from the directory. They will also be able to read and write to it, and even move or delete files created by other users within the shared directory.

Conclusion

The permissions and privileges system in Linux has been honed over decades. inherited as it is from the old Unix systems of yore. As such, it works very well and is well thought out. Becoming familiar with it is essential for any Linux sysadmin. In fact, you can't do much admining at all unless you understand it. But, it's not that hard.

Next time, we'll be dive into files and see the different ways of creating, manipulating, and destroying them in creative ways. Always fun, that last one.

See you then!

Learn more about Linux through the free "Introduction to Linux" course from The Linux Foundation and edX.

Click Here!