sign in sign up
<<
Home , Umask

Islamic University of Gaza

Faculty of Engineering

Department of Computer Engineering

ECOM 4010: Operating Systems Lab

Eng. Mahmoud A. Ammar Eng. Hala O. Abu Radi

Users, Groups and permissions

Lab. 04

2011-2012 ECOM 4310 Lab.4

Users . Every user is assigned a unique User ID number ( UID ).  UID 0 identifies root. . Users' names and UIDs are stored in /etc/. . Users are assigned a home directory and a program that is run when they log in (usually a ). . Users cannot read, or execute each other’s' files without permission. . You can run the id to show the UID for the current user.

Groups . Users are assigned to groups. . Each group is assigned a unique Group ID number ( gid ). . GIDs are stored in /etc/group. . Each user is given their own private group.  Can be added to other groups for additional access. . All users in a group can share files that belong to the group.

Linux Security . Every file is owned by a UID and a GID. . Every runs as a UID and one or GIDs.  Usually determined by runs the process. . Three access categories:  Processes running with the same UID as the file ( user ).  Processes running with the same GID as the file ( group ).  All other processes ( other ).

1

Operating System ECOM 4310 Lab.4

Permission Types . Four symbols are used when displaying permissions:  r: permission to read a file or list a directory's contents.  : permission to write to a file or create and remove files from a directory.  x: permission to execute a program or change into a directory and do a long listing of the directory.  -: no permission (in place of the r, w, or x).

Examining Permissions . File permissions may be viewed using –l.  $ ls -l /etc/passwd. -rwxr-xr-x 1 root root 23652 Apr 2 2008 /bin/login

File permission owner group File types: 1. - : regular file. 2. d : directory. 3. L : . 4. b : block. 5. c: character. . File type and permissions represented by a 10 character string.

User management tools . Graphical tools:  system-config-users

2

Operating System ECOM 4310 Lab.4

. Command-line:  useradd  usermod  userdel [-r] . Example:

userdadd Mahmoud Adding user named Mahmoud usermod –L Mahmoud Mahmoud is locked to enter his account usermod –U Mahmoud Non-locking. usermod –g IUG Mahmoud Moving user named Mahmoud to group named IUG. userdel –r Mahmoud Deleting this user.

Group Management . Command-line:  groupadd  groupmod  groupdel . Example:

groupdadd IUG Adding group named IUG groupmod –g 700 IUG Modifying group id to 700. groupdel IUG Deleting this group.

3

Operating System ECOM 4310 Lab.4

Changing File Ownership . Only root can change a file's owner. . Only root or the owner can change a file's group. . Ownership is changed with :  chown [-R] user_name file|directory . Group-Ownership is changed with :  chgrp [-R] group_name file|directory . Both are changed with chown:  chown [-R] user_name : group_name file|directory

Changing Permissions – Symbolic Method . To change access modes:  [-R] mode filename . Where mode is:  u,g or o for user, group and other.  + or - for grant or deny.  r, w or x for read, write and execute. . Examples: file1 - rw- r-- r-- chmod ug=rwx file1 - rwx rwx r-- chmod o+x file1 - rwx rwx r-x chmod g-w file1 - rwx r-x r-x chmod o=r file1 - rwx r-x r- chmod u=rw, g=r, o=r file1 - rw- r-- r--

4

Operating System ECOM 4310 Lab.4

Default Permissions – Numeric Method . Default permission for directories is 777 minus umask. . Default permission for files is the directory default without execute permission. . umask is set with the umask command. . Non-privileged users' umask is 002.  Files will have permissions of 664  Directories will have permissions of 775 . root's umask is 022.

Changing Permissions – Numeric Method . Uses a three-digit mode number:  First digit specifies owner's permissions.  Second digit specifies group permissions.  Third digit represents others' permissions. . Permissions are calculated by adding:  4 (for read).  2 (for write).  1 (for execute). . Example: chmod 640 file1

5

Operating System ECOM 4310 Lab.4

Exercise: Login to the system as root. 1. Add multiple users named: user1, user2, user3, and user4. 2. Add two groups named: IUG and CCAST. 3. Add other users with default group IUG named : user5 and user6. 4. Move user1 and user2 to the CCAST group and remove their default groups. 5. Read the file named /etc/passwd and look the records for the added users. 6. Switch to user1 and give full permission to the users in the same group with you. 7. step 6 by user2. ( read, write and execute files and directories ). 8. Test step 6 by user3. ( read, write and execute files and directories ). 9. Switch to user5 and give full permission to the other users. 10. Test step 9 by user6. ( read, write and execute files and directories ). 11. Test step 9 by user4. ( read, write and execute files and directories ). 12. Switch to user6 and touch three files in the home directory. 13. Change the owner of the first file to user4. 14. Change the group of the second file to user4. 15. Change the owner and group of the third file to user3 in the same command line. 16. Execute the ls command to see changes. 17. Switch to root and lock the account for user3. 18. Test step 17 by trying to login as user3. 19. Login as root and unlock user3. 20. Delete user1 and user2. 21. Delete the group named CCAST. 22. Change the user id to 1000 for user5. 23. Change the group id to 1001 for IUG group. 24. Read the file namd /etc/group. 25. init 0.

6