In “An Intorduction to Users, Groups and Permissions” we described the way linux handles users, groups and permissions. With a basic understanding of these concepts we can now move on to adding/removing users as well as modifying file permissions. The methods used for these things can seem a little complex or confusing to new linux users. This guide will attempt to explain these methods in an easy to understand manner. If you get stuck, don’t worry. You have all the time in the world and can re-read any section at any time. With a little patience you will be administering your linux system like it was old hat.
Often we try to cover the CLI method as well as the GUI method but, in this guide we are going to stick with the command line. Once you are comfortable doing it in the command line, the GUI method will probably just slow you down.
Since this guide will cover CLI commands and methods lets go ahead and open a terminal. Click KMenu, click System and finally click Konsole (Terminal Program). We will also go ahead and su so that we will have all of the permissions we need. Type in su and hit enter. Key in the root password and hit enter. Your command line should now show a # instead of a $ to indicate that you are root.
[email protected][~]$ su Password: [email protected][nugod]#
Adding and Removing Users
On your linux system you may very well be the only user or there may be several users. No matter which case applies to you it will be good to know how to add and remove users. You never know when it may come in handy.
We will start by adding a new user. The linux command used to add a new user is called adduser. The adduser command has many options that you can customize but in this guide but luckily Mepis makes adding a regular user very easy. Lets do a test. Type adduser testuser and hit enter. You will see the following:
[email protected][nugod]# adduser testuser Adding user `testuser'... Adding new user `testuser' (1001) with group `users'. Creating home directory `/home/testuser'. Copying files from `/etc/skel' Enter new UNIX password:
Key in the password you want for this new user and hit enter. It will ask you to retype the password. Key it in again and hit enter and you will see the following:
Retype new UNIX password: passwd: password updated successfully Changing the user information for testuser Enter the new value, or press ENTER for the default Full Name :
It will now ask you to enter information for this user. You can key in the information or leave the default (which is blank). Key in whatever information you want for your testuser and hit enter. It will ask you is the information is correct. Key in y and hit enter. You should now see the following:
Room Number : Work Phone : 123-1234 Home Phone : 321-4321 Other : Is the information correct? [y/N] y Processing configuration file /etc/adduser.local.conf adduser.local: Directory /etc/skel.other does not exist Processing service "cdrom" Adding user "testuser" to group "cdrom" Processing service "floppy" Adding user "testuser" to group "floppy" Processing service "audio" Adding user "testuser" to group "audio" Processing service "dip" Adding user "testuser" to group "dip" Processing service "cdrecording" Adding user "testuser" to group "cdrecording" Processing service "dialout" Adding user "testuser" to group "dialout" Processing service "disk" Adding user "testuser" to group "disk" Processing service "fax" Adding user "testuser" to group "fax" Processing service "games" Adding user "testuser" to group "games" Processing service "sudo" Adding user "testuser" to group "sudo" Processing service "tape" Adding user "testuser" to group "tape" Processing service "tty" Adding user "testuser" to group "tty" Processing service "usb" Adding user "testuser" to group "usb" Processing service "uucp" Adding user "testuser" to group "uucp" Processing service "video" Adding user "testuser" to group "video" Processing service "voice" Adding user "testuser" to group "voice" [email protected][nugod]#
What just happened was the user was added to all of the groups that you are a member of. These particular groups allow the user to have certain functionality. For example, being added to the cdrom group allows testuser to access the cd-rom, being in the audio group allows this user to use sound and so on and so forth. Another thing that happened was that testusers password was set to whatever you keyed in and their home directory was setup. Type in cd /home and hit enter. Now type ls and hit enter. You should see something similar to the following:
[email protected][nugod]# cd /home [email protected][home]# ls lost+found nugod testuser
You will notice that there is now a testuser directory.
That pretty much covers adding a default user… seems easy enough. If you wanted to you could log out of your user account and log in as testuser (using the password that you set).
Now that we have added a test user… lets remove it. To remove a user in linux we use the userdel command. You have one option when removing a user and that is do you want to delete their home directory and everything in it or not. The usage to remove the user and their home directory it userdel -r username and the usage to leave the home directory is userdel username (you would replace username with the actual username being removed). We are going to remove the test user that we just added as well as its home directory. Type in userdel -r testuser and hit enter. There won’t be any output but if you want to check on it type cd /home and hit enter then type ls and hit enter. You will notice that the testuser home directory is no longer there. You will also no longer be able to log in as testuser.
Adding and removing users is pretty straight forward in linux. Lets move on to file permissions.
Modifying File Permissions
Permissions on a file in linux are divided into three groups: user, group and other. If you go to any directory in linux and type in ls -l and hit enter you will see the listing of files along with other information. We are only going to be concentrating on the first “column” of information… the file’s permissions. After typing in the ls -l and hitting enter the permissions will look something like this: -rwxr-x-r–. Although this is gone over in another guide here is a quick summary.
This line of letters and dashes can br broken down like this:
- | rwx | r-x | r--
The first character is the directory bit and will either be a “d” if it is a directory or a “-” if it is a file.
The the final nine characters are broken down into groups of three. The first group is the user permissions. The second group is the group permissions. The third and final group if the other (or everyone else) group. Each group has three characters and they are in a specific order. That order is read (r), write (w) and execute (x). A dash (-) for any character means that is does not have that particular permissions. So understanding that, lets break down our example.
The first character is the directory bit. Since it is a “-” instead of a “d”, this is a regular file and not a directory.
The second character is a “r”. This means you (the user) have permission to read this file. A “-” here would indicate that you cannot read this file.
The third character is a “w”. This means that you have permission to read this file.
The fourth character is an “x”. This means that you have permission to execute this file.
Now understanding how this works we can summarize the next two groups of three: The group permissions are set as read and execute but no write (r-x). The “other” permissions are set as read only, no write or execute permission (r–).
In linux you change a file’s permissions with chmod. The usage for chmod is as follows: chmod mode file. The mode part is where a lot of users get confused. There are two methods for the mode, one using letters and one using numbers. Note: If you are still running as root in your terminal (a # instead of a $) go ahead and type exit and hit enter. To make sure you are in your home directory type in cd and hit enter (cd by itself will take you to your home directory). Lets also create a blank test file to work with. Type in touch test_file1 and hit enter. The touch command will create a blank file called test_file1 in your current directory. To verify this type in ls -l test_file1 and hit enter. You should see something like this:
[email protected][~]$ touch test_file1 [email protected][~]$ ls -l test_file1 -rw-r--r-- 1 nugod users 0 2005-08-15 00:46 test_file1
You can see by the permissions on this file that it is a regular file (-), you (the user) have read/write but not execute (rw-) and the group and everyone else has read only (r–r–). Lets change some permissions!
Using the letters for mode can be less confusing so we will start with those. Remember chmod’s usage: chmod mode filename. The mode part is where you change permissions. Using letters to change the mode consists of three parts:
Part 1: This is where you define which permission layer you want to change. The options are u for the user layer, g for the group layer, o for the “other” layer or a for all three layers.
Part 2: This is where you define whether or not you want to add or remove permissions. Use a + to add a permission or a – to remove a permission.
Part 3: This is where you define the permission to add or move. Use r for read, w for write or x for executable.
Remember our test file (test_file1)? Currenly everyone can read it. Lets make it so that only the user and group can read this file. The three parts of the mode to do that would be o (since we are modifying the “other” permission layer, – since we are removing a permission and finally r since we are removing read permission for everyone except the user and group. All together the command would be chmod o-r test_file1. Key that in and hit enter. Then type in ls -l test_file1 and hit enter. You should see the following:
[email protected][~]$ chmod o-r test_file1 [email protected][~]$ ls -l test_file1 -rw-r----- 1 nugod users 0 2005-08-15 00:46 test_file1
See the new permissions? They are now set as -rw-r—–. The read permission for “others” (everyone that is either not the user or not in the owner group) has been removed. There are many many permission options and this was just a simple example. Play around with the permissions on test_file1. Since it is empty, you won’t have to worry about removing permissions for something important.
Now lets move on to the…
Using numbers for the mode command is where most everyone gets confused. The numbers are still in three groups (user, group and other) but the confusion comes because octal is used to determine the number. Let me try to explain.
Binary means it is either a 0 for off or a 1 for on. The three permissions are read, write and execute. If a group had all three permissions the binary equivalent would be 111. Octal would start from the right and each number will double, so in this case it would be 421. 4, 2 and 1 added together would be 7. If it was only read and write but, not execute it would be 110 or 420. 4, 2 and 0 added together is 6. Lets take an example file permission, since we already know the permissions for test_file1 we can use it. Its permissions are -rw-r—–. Breaking it down rw- is 110 which becomes 420 which equals 6. Moving on, r– is 100 which becomes 400 which equals 6. The final permission layer is — which becomes 000 which equals 0. The current mode for test_file1 is 640.
Lets give the “others” back their read permissions. Since we already know that 4 is read only (the group layers current permissions) the new mode would be 644 (instead of the current 640). Type in chmod 644 test_file1 and hit enter. Not type ls -l test_file1 and hit enter. You should see this:
[email protected][~]$ ls -l test_file1 -rw-r--r-- 1 nugod users 0 2005-08-15 00:46 test_file1
You notice how the “other” layer has now changed to r–? Take some time and play around with the permissions on test_file1 using the number method.
Permissions can be pretty neat huh? It may take a little time to get used to using the letters or the octal numbers but, like anything else, it will get easier. Keep playing with your test files. Change the permissions any way you want. Once you get used to one method, give the other one a try. As with most things in linux, the choice is yours.