Users and groups

Linux is designed as a multi-user operating system. Multi-user support allows each user of the computer to have their own desktop configuration and separate identities on the computer and, most importantly, it allows users to protect their files from viewing and modification by others. If you’re sharing a home computer with several family members, you can benefit from the protection of your files offered by multi-user support. In this column we show you how users and groups operate under Linux and how you can take advantage of this system to provide file security.

First, we’ll see how users and groups are stored in your system.

The /etc/passwd file is where all user information is kept. This is a text file with each line corresponding to an individual user. Below is an example entry:

al:4NibSWQ8Zz4KY:1234:1001:Alastair Cousins:/home/al:/bin/bash

Each value in /etc/passwd is separated by a “:”. From left to right, the format of each entry is:

username:password:userid:groupid:name:homedirectory:shell

Of interest, Linux encrypts all passwords stored in this file. If you see an “x” in place of your password, your system may have the shadow password system installed. The shadow password system stores passwords in a separate file, /etc/shadow, for additional security.

A database of groups is kept in the /etc/groups file. This is another text file with each line corresponding to a group. The format of this file is:

groupname:password:groupid:users

If you look at the /etc/passwd file on your computer you will notice that all users have a unique userid, but some may share the same groupid. By modifying the /etc/passwd file, users can be grouped together by assigning each an identical groupid. Users can be members of multiple groups if they are added in the /etc/groups file.

The superuser

Every Linux system has a special user account, known as the super-user, or root, which is able to read, write and change permissions and ownership of any file. The superuser is most commonly used for installing and removing software and performing system maintenance.

If you are logged in as a normal user, you can become the superuser at any time by typing su in a shell and entering the superuser password. If successful, the prompt in the shell will change from a ‘$’ to a ‘#’, indicating you are now the superuser. To return to the normal user state, type exit.

Controlling file access

Linux uses a very simple, yet powerful, system for specifying the access each user has to a file. To demonstrate, we will create a file and use the chmod and chown commands to change its access permissions and ownership. To create a file and view its permissions, type the following in a shell:

$ echo “test” >> perms_example.txt $ ls -l perms_example.txt

The second command will produce an output similar to the following:

-rw-r--r-- 1 dad parents 5 Feb 1 08:38 perms_example.txt

This output shows the permissions on the file (rw-r--r--), the owner (dad) and the group the file belongs to (parents).

The representation of permissions may seem strange to you at first. Permissions of read (r), write (w) and execute (x) can be set for three categories of user in the system: owner, group and others. The permissions displayed by the ‘ls -l’ command show the settings for each of the three groups sequentially. In our example, the owner of the file may read and write to the file whereas members of the group ‘staff’ and everybody else may only read the file.

The chmod command is used to modify the permissions on a file. In the following example we assign read and write permissions for all members of the group parents:

$ chmod g+rw perms_example.txt

Each set of permissions can be specified with the chmod command. In this case, ‘g’ has been used to indicate the ‘group’ permissions. The other sets can be specified with ‘u’ for owner and ‘o’ for others; ‘a’ can be used to modify all three sets at once. The ‘+’ adds the permissions following it to the specified group. Using ‘-’ would remove them.

You can change the owner and/or group to which a file belongs with the chown command. For example:

$ chown fred:kids perms_example.txt

This command changes the file owner to the user ‘fred’ and the group to ‘kids’. By setting the permissions on individual files it is possible to control the access other users have to them. In our example, the kids in the family may want to block their siblings from reading and writing to their files, while allowing the parents to view the contents (this would mean permissions of -rw----r--). Setting file permissions is a very simple method to protect privacy.

Remember, if you ever need access to a file, the superuser is able to access any file on the system regardless of the permissions set.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?