December 4, 2020 - 2 minute read

Days 13 & 14 : Users, Groups and Permissions

This is part of the #LinuxUpSkillChallenge. Don't forget to also check out the Official Instructions for days 13 and 14. Also check the Reddit posts.

1. Groups

Options to check the available groups:

cat /etc/group - see all users

grep GID /etc/login.defs - to check the min/max GID for normal and system users

getent group {1000..6000} - to retrieve only the normal groups

2. Users

Options to check the available users:

cat /etc/passwd - see all usernames, names of users, home directories

grep UID /etc/login.defs - to check the min/max UID for normal and system users

getent passwd {1000..6000} - to retrieve only the normal users

groups username - to see the list of groups the user is assigned to

3. Sudo and sudoers

The sudoers file is a file used to allocate system rights to system users. This allows the administrator to control who does what. When you want to run a command that requires root rights, Linux checks your username against the sudoers file.

$ sudo usermod -aG sudo someuser
someuser is not in the sudoers file.  This incident will be reported.

To edit the sudoers file in a safe fashion, visudo is recommended. Visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors before installing the edited file.

## User privilege specification
root    ALL=(ALL:ALL) ALL
user    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%group ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
  1. Permissions

Each file and directory has three user based permission groups:

Each file or directory has three basic permission types:

symbolic

Octal notation is a numerical system for modifying permissions. Each octal permission can be represented by 3 or 4 numbers; where each of these numbers is an “octal”, meaning they range from 0-7. They basically combine the following:

octal

umask is used to control the default file permission for new files. It uses a four-digit octal number but can also be expressed using symbolic values.

$ umask
0002
$ umask -S
u=rwx,g=rwx,o=rx
$

chmod

More about files and permissions, check out this Eli the Computer Guy video.

For more detail on how I did each day, check out my log on Reddit. Follow me on Twitter for daily updates.