CHAPTER 6
2. Change the line on the hostname file to the desired hostname. 3. Change the second line on the hosts file to the desired hostname. 4. Save and close both files. 5. Reboot.
For each category of users, read, write and execute access rights can be granted or denied.
read write
execute
The Linux file permission is divided into three groups: File Type Owner Group Others d rwx rwx r-x rwrwr--
u g o a
r w x -
read access is granted to the user category defined in this place write permission is granted to the user 2 or w category defined in this place execute permission is granted to the user 1 or x category defined in this place 4 or r
File and directory permissions can only be modified by their owners, or by the superuser (root), by using the chmod system utility.
Syntax: chmod options files
Note: chmod accepts options in two forms: symbolic or octal modes.
adds the specified permission to the specified user group removes the specified permission from the specified user group Assigns the specified permissions to the specified user group
The sample file has read and write permission for both user and group while other users can only read it. To add write permission to other users, run the ff. command:
0 Feb
9 23:20 sample
As seen above, other users has now write permission to the sample file. To add execute permission to all users, run the ff.:
0 Feb
9 23:20 sample
As seen above, all users has now execute permission to the sample file. To remove the execute permission to all users, run the ff.:
As seen above, all permissions to the sample file was denied to group and other users.
To set read and write permission for owner, and only read access for group and others, using the octal system:
$ chmod 644 sample -rw-r--r-- 1 prescilla prescilla 0 Feb 9 23:20 sample
Note: 644 means read and write permission for owner, read for group and others.
Note: the octal digit 666 grants read (r) and write (w) permissions to all users.
Note: the octal digit 777 grants read (r), write (w) & execute (x) permissions to all users.
UNDERSTANDING UMASK
When a user create a file/directory under Linux, he/she create it with a default set of permissions. The user file-creation mode mask (umask) is a four-digit octal number use to determine/control these default set of permissions. By default most Linux distribution has set it to 0022 (022) for root and 0002 (002) for normal user.
UNDERSTANDING UMASK
UNDERSTANDING UMASK
The base permission for newly created files are 0666 (rw-rw-rw) while directories has a base permission of 0777 (rwxrwxrwx). To compute for the final permission of newly created files/directories, the umask value is subtracted from the base permission.
UNDERSTANDING UMASK
Normal user:
777 002 = 775 (directories) 666 - 002 = 664 (files)
Root user:
777 022 = 755 (directories) 666 022 = 644 (files)
UNDERSTANDING UMASK
Therefore, a normal user will have the following default permissions:
0 Feb 24 15:28 p1
To change its owner and group at the same time, use chown and add a colon (:) after the user name:
$ chown prescilla: p1 $ ls l p1 -rw-rw-r-- 1 prescilla prescilla 0 Feb 24 15:28 p1
As seen above, prescilla can also belong to several other secondary groups i.e. adm, disk, dip, etc.
useradd m <username>
By default, useradd will not create a home directory for the new user, unless you add the m option. If you need to set a different path for the users home directory, use the d option.
$ man useradd
USERADD OPTIONS
Options Meaning -d Specifies the users home directory -m Create the user's home directory if it does not exist. -s -g -G -e -c Specifies the name of the user's login shell Specifies the users primary group Specifies the users secondary groups Specifies the date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name.
-f
Specifies the number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.
OR
$ chage -I -1 -m 0 -M 99999 -E -1 username
adduser <username>
Since username and passwords are stored in clear text format make sure only you can read/write the file. Use chmod command: $ chmod 600 users.txt
$ newusers users.txt
Verify that your /etc/group, /etc/passwd and /etc/shadow files are updated:
less /etc/group less /etc/passwd
less /etc/shadow
su - username
You will be prompted to enter the password. After the authentication process, you are working on the system using the permissions of that user .
$ sudo i
where you replace <username> with the name of the user (without the <>).
userdel userName
To remove the user's home directory pass the -r option to userdel, enter:
$ userdel -r aye
Note: The above command will remove all files along with the home directory itself and the user's mail spool. Please note that files located in other file systems will have to be searched for and deleted manually.
When aya tries to login either graphically or via text console, she will be greeted with the following messages:
Your account has expired; please contact your system administrator.
Invalid password.
Permission denied.
$ gedit /etc/shadow
To remove an account expiry date, run:
$ usermod e -1 user-account
Note: You can also use chage command to set expiry date to -1.
END OF CHAPTER 6