Users and Privileges

-

Users and Privileges in Linux

Understanding users and privileges in Linux is essential for managing system security and access control. Linux is a multi-user operating system, which means that multiple users can access the system simultaneously, each with their own unique permissions and capabilities.

User Categories
In Linux, users can be categorized into three main types:

  1. Owner: The user who created the file or directory, typically has full permissions (read, write, execute).
  2. Group: A set of users that can share access to files. Permissions can be granted to all members of the group.
  3. Others: All other users on the system who are not the owner or part of the group. Their permissions are usually more restricted.

Permission Categories

In the output of the ls -la command, file permissions are displayed as a series of characters. The "rwx" notation indicates permissions associated with a file or directory. Here's a breakdown of what each permission category represents:

  • Read (r): Allows the entity to read or view the contents of a file or the names of files within a directory.
  • Write (w): Enables the entity to modify or write to a file or add, delete, or rename files within a directory.
  • Execute (x): Grants the entity the permission to execute a file or enter a directory. For directories, execute permission is required to access its contents.

The permissions are displayed in three sets of three characters:

  • The first set represents the owner's permissions.
  • The second set represents the group's permissions.
  • The third set represents the permissions for other users.

For example, consider the following ls -la output:

-rwxr-x--- 1 user group 4096 May 10 12:34 myfile.txt

  • -rwxr-x---: The first character indicates that it is a regular file. The following three characters (rwx) represent the owner's permissions (read, write, and execute). The next three characters (r-x) represent the group's permissions (read and execute). The last three characters (---) represent the permissions for other users (no permissions).
  • 1: Indicates the number of hard links to the file.
  • user: Refers to the owner of the file.
  • group: Refers to the group assigned to the file.
  • 4096: Indicates the file size in bytes.
  • May 10 12:34: Specifies the date and time of the last modification.
  • myfile.txt: Represents the name of the file.

If a permission is not granted for a particular entity, a hyphen (-) is displayed in its place. Additionally, the output can include special permissions, ownership details, and timestamps.

Commands for Managing Users and Permissions

Managing Users and Their Permissions. Key Commands for User Management.

  1. chmod (Change Mode):

    • Explanation: Changes the permissions of a file or directory.
    • Example: chmod +x script.sh adds execute permission to script.sh.

  2. adduser:

    • Explanation: Creates a new user account.
    • Example: adduser john creates a user named john and prompts for details like password and user information.

  3. deluser:

    • Explanation: Deletes a user account from the system.
    • Example: deluser john removes the user john and their home directory if specified.

  4. su (Switch User):

    • Explanation: Allows a user to switch to another user account.
    • Example: su jane switches to the user account jane after entering her password.

  5. passwd:

    • Explanation: Changes the password for a user account.
    • Example: passwd john allows the root user to change the password for john.

  6. groups:

    • Explanation: Displays the groups a user belongs to.
    • Example: groups john shows all groups that the user john is a member of.

  7. /etc/sudoers:

    • Explanation: Contains configuration information for the sudo command, specifying who can execute what commands with superuser privileges.
    • Example: Modifying this file requires the visudo command to prevent syntax errors.

  8. sudo -l:

    • Explanation: Lists the commands a user can run with sudo privileges.
    • Example: sudo -l shows which commands the current user can execute as a superuser.

  9. useradd:

    • Explanation: Adds a new user to the system with default settings.
    • Example: useradd john creates a user without prompting for additional information unless specified.

  10. userdel:

    • Explanation: Deletes a user account and optionally removes the user’s home directory.
    • Example: userdel -r john deletes the user john and their home directory.

Advanced Permission Concepts

Special Permissions

  1. Setuid (Set User ID):

    • When set on an executable file, it allows the file to run with the permissions of the file owner, usually the root user.
    • Example: The command chmod u+s /usr/bin/passwd sets the Setuid bit on the passwd command, allowing users to change their passwords.

  2. Setgid (Set Group ID):

    • When set on a file, it allows the file to run with the permissions of the file’s group. When set on a directory, new files inherit the group of the directory.
    • Example: Setting chmod g+s /shared/dir on a directory ensures that any files created inside inherit the group of dir.

  3. Sticky Bit:

    • When applied to directories, it restricts file deletion to the file’s owner, even if others have write permissions.
    • Example: chmod +t /tmp sets the Sticky Bit on the /tmp directory, preventing users from deleting files owned by others.

Important Notes

Some of these commands require administrative privileges, and caution should be exercised when modifying system files or working with user accounts. Understanding how to manage users and permissions is vital for maintaining a secure and efficient Linux environment.

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: Ping

-
Ping Command Overview The `ping` command is a fundamental utility used in network diagnostics. It checks the reachability of a host on an Internet Protocol (IP) network and measures the round-trip time for messages sent from the originating host to a destination computer. The command uses the Internet Control Message Protocol (ICMP) to send echo request packets and listens for echo replies. Origin and Development The `ping` command was developed in 1983 by Mike Muuss as a diagnostic tool for the ARPANET. Since then, it has become a standard utility available on most operating systems, including Linux, Windows, and macOS, making it an essential tool for network administrators and users. Basic Functionality The `ping` command serves several functions: - Tests connectivity to a specified host. - Measures the time taken for packets to travel to the destination and back. - Provides statistics about packet loss and round-trip time. Key Command Syntax 1. Basic Syntax:    ```    ping [options]
Read more

Common Network Commands: Route

-
Route Command Overview The route command is a part of the older net-tools package used in Linux systems for viewing and manipulating the IP routing table. It provides information about how packets are routed through the network and allows for the addition, deletion, and modification of routes. Origin and Development Historically, the route command has been a primary tool for managing network routing in Linux. However, it has largely been replaced by the ip command from the iproute2 package, which offers more advanced features and capabilities. Despite this, route is still commonly used in many Linux distributions for its simplicity and familiarity. Basic Functionality The route command serves several functions: - Displays the current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Display Routing Table:    ```    route -n    ```    The -n option prevents DNS
Read more

John The Ripper

-
John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w
Read more