Users and groups

Linux is designed as a multi-user operating system. Multi-user support allows each user of the computer to have their own desktop configuration and separate identities on the computer and, most importantly, it allows users to protect their files from viewing and modification by others. If you’re sharing a home computer with several family members, you can benefit from the protection of your files offered by multi-user support. In this column we show you how users and groups operate under Linux and how you can take advantage of this system to provide file security.

First, we’ll see how users and groups are stored in your system.

The /etc/passwd file is where all user information is kept. This is a text file with each line corresponding to an individual user. Below is an example entry:

al:4NibSWQ8Zz4KY:1234:1001:Alastair Cousins:/home/al:/bin/bash

Each value in /etc/passwd is separated by a “:”. From left to right, the format of each entry is:

username:password:userid:groupid:name:homedirectory:shell

Of interest, Linux encrypts all passwords stored in this file. If you see an “x” in place of your password, your system may have the shadow password system installed. The shadow password system stores passwords in a separate file, /etc/shadow, for additional security.

A database of groups is kept in the /etc/groups file. This is another text file with each line corresponding to a group. The format of this file is:

groupname:password:groupid:users

If you look at the /etc/passwd file on your computer you will notice that all users have a unique userid, but some may share the same groupid. By modifying the /etc/passwd file, users can be grouped together by assigning each an identical groupid. Users can be members of multiple groups if they are added in the /etc/groups file.

The superuser

Every Linux system has a special user account, known as the super-user, or root, which is able to read, write and change permissions and ownership of any file. The superuser is most commonly used for installing and removing software and performing system maintenance.

If you are logged in as a normal user, you can become the superuser at any time by typing su in a shell and entering the superuser password. If successful, the prompt in the shell will change from a ‘$’ to a ‘#’, indicating you are now the superuser. To return to the normal user state, type exit.

Controlling file access

Linux uses a very simple, yet powerful, system for specifying the access each user has to a file. To demonstrate, we will create a file and use the chmod and chown commands to change its access permissions and ownership. To create a file and view its permissions, type the following in a shell:

$ echo “test” >> perms_example.txt $ ls -l perms_example.txt

The second command will produce an output similar to the following:

-rw-r--r-- 1 dad parents 5 Feb 1 08:38 perms_example.txt

This output shows the permissions on the file (rw-r--r--), the owner (dad) and the group the file belongs to (parents).

The representation of permissions may seem strange to you at first. Permissions of read (r), write (w) and execute (x) can be set for three categories of user in the system: owner, group and others. The permissions displayed by the ‘ls -l’ command show the settings for each of the three groups sequentially. In our example, the owner of the file may read and write to the file whereas members of the group ‘staff’ and everybody else may only read the file.

The chmod command is used to modify the permissions on a file. In the following example we assign read and write permissions for all members of the group parents:

$ chmod g+rw perms_example.txt

Each set of permissions can be specified with the chmod command. In this case, ‘g’ has been used to indicate the ‘group’ permissions. The other sets can be specified with ‘u’ for owner and ‘o’ for others; ‘a’ can be used to modify all three sets at once. The ‘+’ adds the permissions following it to the specified group. Using ‘-’ would remove them.

You can change the owner and/or group to which a file belongs with the chown command. For example:

$ chown fred:kids perms_example.txt

This command changes the file owner to the user ‘fred’ and the group to ‘kids’. By setting the permissions on individual files it is possible to control the access other users have to them. In our example, the kids in the family may want to block their siblings from reading and writing to their files, while allowing the parents to view the contents (this would mean permissions of -rw----r--). Setting file permissions is a very simple method to protect privacy.

Remember, if you ever need access to a file, the superuser is able to access any file on the system regardless of the permissions set.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

PC World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?