Users and groups

Linux is designed as a multi-user operating system. Multi-user support allows each user of the computer to have their own desktop configuration and separate identities on the computer and, most importantly, it allows users to protect their files from viewing and modification by others. If you’re sharing a home computer with several family members, you can benefit from the protection of your files offered by multi-user support. In this column we show you how users and groups operate under Linux and how you can take advantage of this system to provide file security.

First, we’ll see how users and groups are stored in your system.

The /etc/passwd file is where all user information is kept. This is a text file with each line corresponding to an individual user. Below is an example entry:

al:4NibSWQ8Zz4KY:1234:1001:Alastair Cousins:/home/al:/bin/bash

Each value in /etc/passwd is separated by a “:”. From left to right, the format of each entry is:

username:password:userid:groupid:name:homedirectory:shell

Of interest, Linux encrypts all passwords stored in this file. If you see an “x” in place of your password, your system may have the shadow password system installed. The shadow password system stores passwords in a separate file, /etc/shadow, for additional security.

A database of groups is kept in the /etc/groups file. This is another text file with each line corresponding to a group. The format of this file is:

groupname:password:groupid:users

If you look at the /etc/passwd file on your computer you will notice that all users have a unique userid, but some may share the same groupid. By modifying the /etc/passwd file, users can be grouped together by assigning each an identical groupid. Users can be members of multiple groups if they are added in the /etc/groups file.

The superuser

Every Linux system has a special user account, known as the super-user, or root, which is able to read, write and change permissions and ownership of any file. The superuser is most commonly used for installing and removing software and performing system maintenance.

If you are logged in as a normal user, you can become the superuser at any time by typing su in a shell and entering the superuser password. If successful, the prompt in the shell will change from a ‘$’ to a ‘#’, indicating you are now the superuser. To return to the normal user state, type exit.

Controlling file access

Linux uses a very simple, yet powerful, system for specifying the access each user has to a file. To demonstrate, we will create a file and use the chmod and chown commands to change its access permissions and ownership. To create a file and view its permissions, type the following in a shell:

$ echo “test” >> perms_example.txt $ ls -l perms_example.txt

The second command will produce an output similar to the following:

-rw-r--r-- 1 dad parents 5 Feb 1 08:38 perms_example.txt

This output shows the permissions on the file (rw-r--r--), the owner (dad) and the group the file belongs to (parents).

The representation of permissions may seem strange to you at first. Permissions of read (r), write (w) and execute (x) can be set for three categories of user in the system: owner, group and others. The permissions displayed by the ‘ls -l’ command show the settings for each of the three groups sequentially. In our example, the owner of the file may read and write to the file whereas members of the group ‘staff’ and everybody else may only read the file.

The chmod command is used to modify the permissions on a file. In the following example we assign read and write permissions for all members of the group parents:

$ chmod g+rw perms_example.txt

Each set of permissions can be specified with the chmod command. In this case, ‘g’ has been used to indicate the ‘group’ permissions. The other sets can be specified with ‘u’ for owner and ‘o’ for others; ‘a’ can be used to modify all three sets at once. The ‘+’ adds the permissions following it to the specified group. Using ‘-’ would remove them.

You can change the owner and/or group to which a file belongs with the chown command. For example:

$ chown fred:kids perms_example.txt

This command changes the file owner to the user ‘fred’ and the group to ‘kids’. By setting the permissions on individual files it is possible to control the access other users have to them. In our example, the kids in the family may want to block their siblings from reading and writing to their files, while allowing the parents to view the contents (this would mean permissions of -rw----r--). Setting file permissions is a very simple method to protect privacy.

Remember, if you ever need access to a file, the superuser is able to access any file on the system regardless of the permissions set.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?