With Linux, the most common way to handle user rights provides three distinct rights on files. The meaning of these rights for directories (which are files in Linux) is slightly different. worths
|Subject||Right (Oct. repr.)||Description||Typical granted commands|
||Read||cat f, less f, grep f, file f|
||Write||sed -i f, shred f, truncate f, vi f|
||List contents||ls d|
||Create/Remove files||touch d/a_file, mkdir d/a_dir, rm d/a_file, rmdir d/a_dir, chmod d/a_file, chown d/a_dir|
||Browse hierarchy||cd d, pushd d|
You would notice that rights octal representation is coded with powers of 2. This is a common way to represent bunch two-states settings that can be independently toggled. Indeed, a file does not properly have a list of permissions set, you should see this rather as a a bit string (where a 1 at the position i means ON and a 0 means OFF for the right coded 2i).
An example is worth 1000 words:
-rwx Octal Permissions 0000 0 None 0001 1 Execution only 0010 2 Read only 0100 4 Write only 0111 7 All (ie. Read and Write and Execution) 0110 6 All but Execution (ie. Read and Write)
File permissions are split into three categories of users:
- The owner of the file (
- Typically the creator of the file
- The group of the file (
- Typically the main group of the owner
- The others (
- Anybody else
As you would have notice, this does not provide a fine-grained way to manage permissions, but this is quite light, simple, and sufficient for most usages. However, if you think you need a really fine-grained level, you should consider looking at SELinux.
Manage user and groups
You can add user with useradd.
root # useradd -g users -G wheel,portage,audio,video,usb,cdrom,tty -m <username>
You can delete user with userdel.
root # userdel <username>
If you want to remove user files as well (home directory and mail spool, use the
root # userdel -r <username>
You can list groups with group.
user $ groups user $ groups <username>
Add or remove user from group
You can add or remove user from group with gpasswd.
root # gpasswd -a <user> <group> root # gpasswd -d <user> <group>
Create new group
You can create new group with groupadd.
root # groupadd <group>
You can also delete group with groupadd.
root # groupdel <group>
Manage rights on files
Change file permissions
You can change file permissions with
user $ chmod <u><g><o> <file>
Where <u>, <g> and <o> are respectively the octal representation of the rights you want to set for the owner, the group and others.
7 = 4+2+1 (read/write/execute) 6 = 4+2 (read/write) 5 = 4+1 (read/execute) 4 = 4 (read) 3 = 2+1 (write/execute) 2 = 2 (write) 1 = 1 (execute)
Change owner and group of file
You can change owner and group of a file with
root # chown <user>:<group> <file>
You can change owner of a directory and children recursively with:
root # chown -R <user>:<group> <folder>