Linux Users and Permissions

In Linux, file permissions are essential to security and determine who can access, modify, or execute files and directories. Linux follows a robust permission system that provides fine-grained control over users, groups, and other entities.

Here's a brief overview of Linux users and permissions

• Users: Linux allows multiple users to access a system concurrently. Each user has a unique username and user ID (UID). The first user created during the system installation is typically the administrative user, also known as the ”root" user, with UID 0. Regular users have non-zero UIDs.

• Groups: Users can be organized into groups, which helps simplify permission management. Each group has a unique group name and group ID (GID). Users can belong to multiple groups, but each user has a primary group associated with them.

• File Permissions: Linux file permissions are divided into user (owner), group, and other categories. For each category, three types of permissions are available: read (r), write (w), and execute (x). The permission types can be assigned or denied individually for each category.

• Permission Representation: Linux uses symbolic and numeric notation to represent permissions. Symbolic notation includes characters such as ”r" for read, ”w" for write, and ”x" for execute, while numeric notation uses three digits to represent the permission combinations.

• Changing Permissions: You can modify permissions using the chmod command. The chmod command can be used with the symbolic or numeric notation to add or remove permissions for users, groups, or others. For example, chmod u+w myfile allows the owner to modify the file.

• Ownership: Every file and directory in Linux has an owner and group associated with it. The owner typically controls the file, and the group permissions apply to all group members. The chown command is used to change ownership, and the chgrp command is used to change the group.

• Superuser (root): The root user has unrestricted access to the system and can modify any file or execute any command. It is crucial to exercise caution when using the root account to prevent accidental damage to the system.

User and Group Identifiers

In Linux, each user and group is assigned a unique identifier (ID) known as the User ID (UID) and Group ID (GID), respectively. The operating system uses these IDs internally to identify and manage user and group permissions and ownership.

Here are some critical points about user and group identifiers in Linux:

1. User IDs (UID): Each user account in Linux is assigned a UID. The root user has a UID of 0, reserved for the superuser. Regular user accounts typically have UIDs starting from 1000 and incrementing sequentially. UID 1 is reserved for the daemon account, and other UIDs might be assigned to system accounts or services.

2. Group IDs (GID): Similar to users, groups in Linux are assigned a GID. The root group usually has a GID of 0. Regular groups typically have GIDs starting from 1000 and incrementing sequentially. GIDs can be associated with multiple users, allowing users to share common permissions and access.

3. /etc/passwd and /etc/group: User and group information, including their IDs, is stored in the system files "/etc/passwd" and "/etc/group". These files provide a mapping between user/group names and their respective IDs, along with other account-related information.

4. Changing User and Group IDs: Changing user or group IDs should be done cautiously, as it can impact file ownership and permissions. The usermod command is used to modify user account properties, including the UID. The groupmod command is used to change group properties, including the GID.

5. File Ownership: Each file and directory in Linux has an owner (user) and group associated with it. File permissions are enforced based on these ownership attributes. The owner of a file can modify its permissions, and the group permissions apply to all group members.

6. UID and GID Conflicts: Conflicting UIDs or GIDs may lead to file ownership issues or access problems.

How to find the UID and GID

sudo cat /etc/passwd

The columns are as follows:

• Column 1 – Name
• Column 2 – Password – If the user has set a password on this field, then it is indicated with the letter (x).
• Column 3 – UID (User ID)
• Column 4 – GID (Group ID)
• Column 5 – Gecos – Contain general information about the user and can be empty.
• Column 6 – Home directory
• Column 7 – Shell – The path to the default shell for the user.

Permissions

Permissions are divided into 4 categories of users:

• Owner
• Group
• Others
• All

There can be a combination of read (r), write (w), and execute (x). They can be assigned easily with the plus and minus signs to add or remove certain permissions. These modifications are done using the chmod command.

Binary references

We can use numbers as well to set the permissions of a file. Here is a simple table to demonstrate this.

• read: 4
• write: 2
• Execute: 1
• No permission: 0

For example, we need to ensure that only I can view or modify my SSH keys directory. We can do this by running the following:

chmod 0600 ~/.ssh

This will deny all others the right to view the contents. I on the other hand will be able to read (4) and write (2).

Ownership

The chown command is used to set the ownership of a file.

chown kinaro:kinaro text.txt

This sets the ownership of the file to user 'kinaro' and group 'kinaro' as’.

Other Attributes

• 'd' - Directory

• '_' - No special permissions

• 'l' - Symbolic link

• 's' - Setuid/setgid bit. Represented as an ‘s’ in the read portion of the owner or group permissions.

Significance of permissions

Restricting access to only the users that are allowed. A good example is a user's home directory. We do not want other users viewing their files and making changes. Another example would be configuration files. We don't want every user to be able to modify the bootloader, firewall, and system files.