Users and groups

Linux is designed as a multi-user operating system. Multi-user support allows each user of the computer to have their own desktop configuration and separate identities on the computer and, most importantly, it allows users to protect their files from viewing and modification by others. If you’re sharing a home computer with several family members, you can benefit from the protection of your files offered by multi-user support. In this column we show you how users and groups operate under Linux and how you can take advantage of this system to provide file security.

First, we’ll see how users and groups are stored in your system.

The /etc/passwd file is where all user information is kept. This is a text file with each line corresponding to an individual user. Below is an example entry:

al:4NibSWQ8Zz4KY:1234:1001:Alastair Cousins:/home/al:/bin/bash

Each value in /etc/passwd is separated by a “:”. From left to right, the format of each entry is:

username:password:userid:groupid:name:homedirectory:shell

Of interest, Linux encrypts all passwords stored in this file. If you see an “x” in place of your password, your system may have the shadow password system installed. The shadow password system stores passwords in a separate file, /etc/shadow, for additional security.

A database of groups is kept in the /etc/groups file. This is another text file with each line corresponding to a group. The format of this file is:

groupname:password:groupid:users

If you look at the /etc/passwd file on your computer you will notice that all users have a unique userid, but some may share the same groupid. By modifying the /etc/passwd file, users can be grouped together by assigning each an identical groupid. Users can be members of multiple groups if they are added in the /etc/groups file.

The superuser

Every Linux system has a special user account, known as the super-user, or root, which is able to read, write and change permissions and ownership of any file. The superuser is most commonly used for installing and removing software and performing system maintenance.

If you are logged in as a normal user, you can become the superuser at any time by typing su in a shell and entering the superuser password. If successful, the prompt in the shell will change from a ‘$’ to a ‘#’, indicating you are now the superuser. To return to the normal user state, type exit.

Controlling file access

Linux uses a very simple, yet powerful, system for specifying the access each user has to a file. To demonstrate, we will create a file and use the chmod and chown commands to change its access permissions and ownership. To create a file and view its permissions, type the following in a shell:

$ echo “test” >> perms_example.txt $ ls -l perms_example.txt

The second command will produce an output similar to the following:

-rw-r--r-- 1 dad parents 5 Feb 1 08:38 perms_example.txt

This output shows the permissions on the file (rw-r--r--), the owner (dad) and the group the file belongs to (parents).

The representation of permissions may seem strange to you at first. Permissions of read (r), write (w) and execute (x) can be set for three categories of user in the system: owner, group and others. The permissions displayed by the ‘ls -l’ command show the settings for each of the three groups sequentially. In our example, the owner of the file may read and write to the file whereas members of the group ‘staff’ and everybody else may only read the file.

The chmod command is used to modify the permissions on a file. In the following example we assign read and write permissions for all members of the group parents:

$ chmod g+rw perms_example.txt

Each set of permissions can be specified with the chmod command. In this case, ‘g’ has been used to indicate the ‘group’ permissions. The other sets can be specified with ‘u’ for owner and ‘o’ for others; ‘a’ can be used to modify all three sets at once. The ‘+’ adds the permissions following it to the specified group. Using ‘-’ would remove them.

You can change the owner and/or group to which a file belongs with the chown command. For example:

$ chown fred:kids perms_example.txt

This command changes the file owner to the user ‘fred’ and the group to ‘kids’. By setting the permissions on individual files it is possible to control the access other users have to them. In our example, the kids in the family may want to block their siblings from reading and writing to their files, while allowing the parents to view the contents (this would mean permissions of -rw----r--). Setting file permissions is a very simple method to protect privacy.

Remember, if you ever need access to a file, the superuser is able to access any file on the system regardless of the permissions set.

Join the PC World newsletter!

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

PC World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?