Unit 2 Users Management. Users Every user is assigned a unique User ID number (UID) UID 0 identifies root User accounts normally start at UID 500 Users' - презентация

1 Unit 2 Users Management

2 Users Every user is assigned a unique User ID number (UID) UID 0 identifies root User accounts normally start at UID 500 Users' names and UIDs are stored in /etc/passwd Users are assigned a home directory and a program that is run when they log in (usually a shell) Users cannot read, write or execute each others' files without permission

3 Groups Users are assigned to groups Each group is assigned a unique Group ID number (gid) GIDs are stored in /etc/group Each user is given their own private group Can be added to other groups for additional access All users in a group can share files that belong to the group

4 Linux File Security Every file is owned by a UID and a GID Every process runs as a UID and one or more GIDs Usually determined by who runs the process Three access categories: Processes running with the same UID as the file (user) Processes running with the same GID as the file (group) All other processes (other)

5 Permission Precedence If UID matches, user permissions apply Otherwise, if GID matches, group permissions apply If neither match, other permissions apply Types Four symbols are used when displaying permissions: r : permission to read a file or list a directory's contents w : permission to write to a file or create and remove files from a directory x : permission to execute a program or change into a directory and do a long listing of the directory - : no permission (in place of the r, w, or x)

6 Permissions Examining Permissions File permissions may be viewed using ls -l $ ls -l /bin/login -rwxr-xr- x 1 root root Apr 1 18:26 /bin/login File type and permissions represented by a 10-character string Interpreting Permissions -rwxr-x--- 1 andersen trusted 2948 Oct 11 14:07 myscript Read, Write and Execute for the owner, andersen Read and Execute for members of the trusted group No access for all others

7 Changing File Ownership Only root can change a file's owner Only root or the owner can change a file's group Ownership is changed with chown: chown [-R] user_name file|directory... Group-Ownership is changed with chgrp: chgrp [-R] group_name file|directory...

8 Changing Permissions - Symbolic Method To change access modes: chmod [-R] mode file Where mode is: u,g or o for user, group and other + or - for grant or deny r, w or x for read, write and execute Examples: ugo+r: Grant read access to all o-wx: Deny write and execute to others

9 Changing Permissions - Numeric Method Uses a three-digit mode number first digit specifies owner's permissions second digit specifies group permissions third digit represents others' permissions Permissions are calculated by adding: 4 (for read) 2 (for write) 1 (for execute) Example: chmod 640 myfile

10 Changing Permissions - Nautilus Nautilus can be used to set the permissions and group membership of files and directories. In a Nautilus window, right-click on a file Select Properties from the context menu Select the Permissions tab