This is the seventh post in the Linux Series and last time I wrote about the users and file persmissions etc and also a little about groups. This post will explain in details what are groups and also how we can change file permissions with chmod commdand.
What are Groups?
Groups in Linux is a way to organize users that have the same permissions on the filesystem. It is a collection of users that have the same permissions and is for security measures.
The superuser or root user is part of the root group and has all the access on the operating system and admin privillages and if a new user is created and added in the root group that user will also have the same permissions as the root user. It can read, write or modify any file it want and can navigate to any directory. If a user from a group create a new file any other user of the same group can access that file and modify or write to it.
List of all the groups and its member users are stored in the /etc/group file and you can see all the detials by running cat command with /etc/group as the first argument. Now on to creating groups and assigning users to it.
How to create groups?
To create a new group addgroup command id used.
root@User:/$ addgroup linux-group
To add users to the group
To add users to the newly created groups simply use the usermod command with following commands.
root@User:/$ usermod -a -G new-group new-user
Here usermod is the command name -a is the flag for append to append a user to group new-group with -G as the flag and lastly the name of the user new-user or whatever the name of the user is.
To remove the user from the group
To remove the user from the group run the follwoing command.
root@User:/$ gpasswd -d new-user new-group
Removing user new-user from group new-group
gpasswd -d means delete the user from the group.
Permissions to the Group
The permissions to the groups are assigned and managed in the visudo file that the root user has access to. and to add permissions for the group and user to have access to certin commands we open the visudo file by just the filename in the command and edit the permissions.
root@User:/$ visudo
--- visudo file starts ---
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
%new-group ALL=/usr/bin/ls
# You type % sign and the name of the group
# following ALL for all users and
# the name of the commands the group
# can have access to separated with
# commas and must include the path to command
--- visudo file ends ---
File Permissiosn
Now I will navigate to the /tmp directory and run the following command.
root@User:/tmp$ ls -l
total 4
-rw-r--r-- 1 root root 0 Feb 7 14:04 file.txt
drwxr-xr-x 5 root root 4096 Jan 19 00:10 tutorial
ls command with list flag -l for list view with details about the files. Here you can see the first ten characters -rw-r--r-- or drwxr-xr-x and both files have different characters in them. These are called file permissions and next post will be about modifying and chaging these permissions for users and groups.
zainsci