User Permissions in Linux

Today, GNU/Linux based operating systems are considered to be among the most secure available. They're used by a majority of the largest super computers we have available, far outpacing the amount of computers running UNIX or Windows. And one of the reasons Linux holds its reputation for security is the way it handles user access. Its user and group control functions was developed around the time of the first UNIX systems, and these controls allow file owners to control access to reading, execution, and writing of files, directories, processes and other system tools.

This access control system inside Linux OSs fundamentally works by assigning each object in its file system two attributes: owner and group. Owner is a user that owns any given file or directory. The owner has unlimited access to the files/directories, and has full control of other users' permissions to these files/directories. A group consists of multiple users that have access to any given file or directory. A system user could belong to multiple user groups. 

The id -a command will return the user and group that's currently using the file. The command 
  $ /usr/bin/id -a
will give you something like this:
  uid=1000(username) gid=1000(groupname1) groups=1000(groupname1), 1001(groupname2)

In this case, groupname1(gid=1000) is the effective group, and the group groupname2(gid=1001) is not. As you can expect, a user in a group that has access permission will also be allowed access. Which gid is considered effective is important when creating new directories and files. The list of system users is located in /etc/passwd, and list of groups is located in /etc/group. If that looks kinda weird to you, the /etc/passwd file used to store passwords in previous versions of this system, but this list is now located in /etc/shadow. You can pull the file up using $ sudo /bin/grep username /etc/shadow, though access to this file is usually restricted to normal users.

Another command you'll likely use a lot is the stat command, that will look something like:

 $ /usr/bin/stat /etc/fstab | grep "Access: ("
Access: (0644/-rw-r--r--) Uid: ( 0/root) Gid: ( 0/root)

What this command is doing here is returning the attributes of a file. So we can see in our example, that the /etc/fstab file is owned by the user root (uid=0) within a group of the same name. The access rights are displayed here in form of the 0644 and of the access attributes as (-rw-r--r--).

Each digit in the 0644 can go from 0 to 7 (base 8). We can look at this number in binary (base 2) and it will look like 110 100 100 which we can then compare to the analoguous attributes rw-r--r--. As you can see, these sequences become almost identical (every letter a 1, every dash a 0). Each of the letters can either be (read), w (write), and x (execute). The format there is a rwx slot for every "level" of permissions (user, group, world). So we get a rw- for user, r-- for group, and r-- for world in this example. You might notice there's another dash in the front of that original readout (-rw--r--r--). The first symbol (which is a "-" in this case) is defined by the file type. The dash (-) is for a regular file, but you might also see d for a directory, for a symbolic link file, c for character device file, p for named pipe, s for socket, and b for block file.

So let's get back to the original numerics though (0644). The attributes here break down as follows; read (4), write (2), and execute (1). They combine together arithmetically, so the 6 in the sequence is a combination of read and write (and 2) but not execute (1).  

With the information in our example in mind, we can conclude that the file owner (root) can read and write to the /etc/fstab file, but not execute it. The group root, however, can only read it. 

We talked earlier about passwords stored in the /etc/shadow file, that normally can't be read by regular users. Let's use our stat command to see its attributes:

$sudo /usr/bin/stat /etc/shadow | grep "Access: ("
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 42/ shadow)


Just like we expected, only root user has read/write access, the group has only read access, and everyone else is locked out entirely.

Besides the stat utility, there are a few other methods of going through permissions for files and directories. One of the more popular alternatives is the ls utility with a -l flag, which will also return user permissions in the rwx format we talked about earlier. It looks something like this:

$ /bin/ls -l /etc/fstab
-rw-r--r-- 1 root root 1047 jan 11 2018 /etc/fstab

You can see how similar the return values are to the ones for the stat command. 

There's also the umask utility, which sets default permissions for all new files and directories. By default, it will assign permissions in the form of 0022 which, if you look at our earlier example, means the newly created file will have full access permissions, and the group and other users will only have read and execute rights.

The utility chmod is the standard method of controlling these access rights in Linux. 

If we have a text.txt file with 0644 rights and want to change it so that every user can write to it, you'll use chmod to do something like this:

$ touch text.txt
$ /bin/ls -lh text.txt

$ /bin/chmod 666 text.txt
$ /bin/ls -lh text.txt


Now you can write to the file with something like:
# su Jack -s /bin/bash
$ echo hello > test.txt
$ cat test.txt
hello


There's also an utility for permissions called Access Control Lists (abbreviated ACL) that allows for access permissions to be delegated with much more granularity. However, I think we've been here long enough and our coverage of ACL will have to wait for another article. 

Hope this was helpful to you, and if you have any questions about this article or anything else ServerSuit, leave a comment or reach out through our Twitter and Facebook. Like and follow us for ServerSuit updates and our follow up articles. 

Until Next Time!

January 08 2018

Add or review comments

Please leave your comment

Existing comments

Comments 66


mapcrmzed
Wow because this is great job! Congrats and keep it up. https://shop4shoe.com
aubfnyzed
Regards for sharing your neat web site. https://shop4shoe.com
bnwxkwzed
Surprisingly individual pleasant site. Immense info offered on couple of clicks. https://shop4shoe.com
hyypafzed
Great web website! It looks very good! Keep up the excellent job! https://shop4shoe.com
olsfgvzed
Appreciate it! This is definitely an superb web site. https://shop4shoe.com
qhjzeczed
Maintain the good work and generating the group! https://shop4shoe.com
ciidqyzed
How are you, well put together web page you've gotten there. https://shop4shoe.com
hczhzdzed
Cool webpage you possess in here. https://shop4shoe.com
qzljcdzed
Highly enlightening, looking forwards to coming back again. https://shop4shoe.com
fmeqslzed
Thanks a lot for sharing your amazing web-site. https://shop4shoe.com
qacwrkzed
Cool internet site you've gotten in here. https://shop4shoe.com
njslbjzed
Unbelievably individual friendly site. Tremendous details available on few clicks. https://shop4shoe.com
sawnpzzed
You've remarkable thing at this point. https://shop4shoe.com
xmpwxnzed
Love the website-- extremely user friendly and whole lots to see! https://shop4shoe.com
qewdnczed
Thanks pertaining to offering these superior articles. https://shop4shoe.com
mpnbtized
I adore this site - its so usefull and helpfull. https://shop4shoe.com
grvzntzed
Sustain the good work and delivering in the crowd! https://shop4shoe.com
iplpupzed
Thanks with regard to offering this type of superior subject matter. https://shop4shoe.com
wvinktzed
Thanks, this website is extremely helpful. https://shop4shoe.com
vqohglzed
Great internet site! It looks really good! Maintain the excellent job! https://shop4shoe.com
khxytbzed
You're a very valuable website; couldn't make it without ya! https://shop4shoe.com
sbkpiozed
You've got amazing thing in this article. https://shop4shoe.com
fozzkhzed
Wow cuz this is excellent job! Congrats and keep it up. https://shop4shoe.com
zctivnzed
I love this website - its so usefull and helpfull. https://shop4shoe.com
zvaoouzed
You've gotten very good info these. https://shop4shoe.com
ukghlvzed
Great looking site. Presume you did a great deal of your very own html coding. https://shop4shoe.com
kxilkozed
Thank you! It is definitely an remarkable webpage! https://shop4shoe.com
gbcutazed
Greetings, great web-site you've got right now. https://shop4shoe.com
kmbovyzed
Wow cuz this is great work! Congrats and keep it up. https://shop4shoe.com
ydgwiized
Merely want to express Now i am lucky that i stumbled on your web site. https://shop4shoe.com
obszqszed
Hi there, neat webpage you've got there. https://shop4shoe.com
tpwvjqzed
Thanks very practical. Will share website with my buddies. https://shop4shoe.com
ebqtrmzed
Incredible, such a handy webpage. https://shop4shoe.com
exptnkzed
Great website! It looks very expert! Keep up the excellent work! https://shop4shoe.com
gmeerfzed
You're a really valuable web site; couldn't make it without ya! https://shop4shoe.com
abpicuzed
Wonderful internet site you have right here. https://shop4shoe.com
iutuhezed
Sustain the awesome job !! Lovin' it! https://shop4shoe.com
nwvywuzed
Wow, lovely site. Thnx ... https://shop4shoe.com
uyqwemzed
Many thanks really beneficial. Will share site with my friends. https://shop4shoe.com
nelccezed
You have among the best web sites. https://shop4shoe.com
gvrozfzed
Great looking internet site. Presume you did a bunch of your very own coding. https://shop4shoe.com
wclfmyzed
Wow....such a advantageous internet site. https://shop4shoe.com
aehbsezed
I like this site - its so usefull and helpfull. https://shop4shoe.com
jhmlmlzed
Nice webpage you possess right here. https://shop4shoe.com
cxjnhkzed
Rather revealing looking forwards to visiting again. https://shop4shoe.com
qpsitqzed
Especially educational....looking frontward to returning. https://shop4shoe.com
zoejifzed
Just simply want to point out I'm thrilled that i happened onto your internet page! https://shop4shoe.com
mhboyrzed
Thanks with regard to delivering many of these amazing written content. https://shop4shoe.com
etyzfczed
You're a really beneficial web site; couldn't make it without ya! https://shop4shoe.com
dsnglczed
I love this website - its so usefull and helpfull. https://shop4shoe.com
aygrhpzed
Your advice is extremely fascinating. https://shop4shoe.com
kaaytyzed
You have got possibly the best internet websites. https://shop4shoe.com
nakiyozed
Nice internet site you've here. https://shop4shoe.com
bchblgzed
Just simply needed to stress Now i'm delighted I stumbled onto your website. https://shop4shoe.com
JalVibplalk
<a href="http://cbdoilwalm.com/">buy hemp </a> [url=http://cbdoilwalm.com/]buy hemp oil [/url] cbd vape
JalVibplalk
<a href=" https://cbdoilww.com/ ">tru bliss cbd gummies </a> <a href="https://cbdoilww.com/">best cbd for pain </a> [url=https://cbdoilww.com/]buy cbd oil cure cbd oil [/url] [url=https://cbdoilww.com/]cbd tincture [/url]
ReishKetassilm
<a href="https://cbdoilww.com/">cbd oil reviews </a> [url=https://cbdoilww.com/]trubliss cbd [/url] best cbd oil 2020 [url= https://cbdoilww.com/ ]cbd oil with thc [/url] <a href=" https://cbdoilww.com/ ">cali naturals cbd </a>
ReishKetassilm
<a href="https://cbdoilww.com/">cbd oil for sleep </a> [url=https://cbdoilww.com/]cbd superbugs [/url] walgreens cbd products [url= https://cbdoilww.com/ ]what does cbd do [/url] <a href=" https://cbdoilww.com/ ">cbd hemp oil </a>
ReishKetassilm
<a href="https://cbdoilww.com/">best cbd for pain </a> [url=https://cbdoilww.com/]what is the difference between hemp oil and cbd oil [/url] buy cbd oil cure cbd oil [url= https://cbdoilww.com/ ]what is hemp [/url] <a href=" https://cbdoilww.com/ ">where can i buy cbd oil </a>
ReishKetassilm
<a href="https://cbdoilww.com/">buy hemp </a> [url=https://cbdoilww.com/]cbd [/url] cbd oil [url= https://cbdoilww.com/ ]cbd vape [/url] <a href=" https://cbdoilww.com/ ">buy cbd </a>
JalVibplalk
<a href=" https://cbdoilww.com/ ">buy cbd oil </a> <a href="https://cbdoilww.com/">buy hemp oil </a> [url=https://cbdoilww.com/]buy cbd oil [/url] [url=https://cbdoilww.com/]buy cbd oil [/url]
ReishKetassilm
<a href="https://cbdoilww.com/">cbd cream </a> [url=https://cbdoilww.com/]cbd vape [/url] hemp cbd [url= https://cbdoilww.com/ ]buy cbd [/url] <a href=" https://cbdoilww.com/ ">cbd </a>
ReishKetassilm
<a href="https://cbdoilww.com/">buy cbd oil </a> [url=https://cbdoilww.com/]cbd online [/url] cbd tinctures [url= https://cbdoilww.com/ ]buy cbd oil [/url] <a href=" https://cbdoilww.com/ ">hemp cbd </a>
ReishKetassilm
<a href="https://cbdoilww.com/">buy cbd oil </a> [url=https://cbdoilww.com/]cbd oil [/url] cbd oil online [url= https://cbdoilww.com/ ]cbd online [/url] <a href=" https://cbdoilww.com/ ">cbd online </a>
JalVibplalk
<a href=" https://cbdoilww.com/ ">cbd oil </a> <a href="https://cbdoilww.com/">cbd oil online </a> [url=https://cbdoilww.com/]cbd [/url] [url=https://cbdoilww.com/]cbd tinctures [/url]
casino games play casino online casinos [url=http://casinorealmoneysoe.com]online casinos[/url] best online casinos
casino games play casino online casinos [url=http://casinorealmoneysoe.com]online casinos[/url] best online casinos

Get notified about new publications and product updates.
Please note we do not share information to anyone.