Monday, January 18, 2010

Addin Users and set permissions.

CREATING AND ADDING PERMISSIONS
Adding New Users
#useradd testuser
#passwd testuser
 
Create group
#groupadd testgroup
 
Add User to group
#usermod testgroup testuser
 
List file and directory permissions
#ll
#ls -l
Example;
#ls -l myfile
-rwxr-x--- 1 george administrators 10 2006-03-09 21:31 myfile
Its name, "myfile";
Its permissions, "-rwxr-x---";
Its owner, "george";
Its group, "administrators";
drwxr-xr-x 2 root root 4096 Oct 16 11:06 Desktop
"d" says it is a directory.
 
Letter Permission
r Read
w Write
x Execute, Go through (for directories)
- No permission
 
Letter Type of users
 
u User (owner of the file)
g Group (group to which belong the file)
o Other (users who are neither a member of the Group nor the owner of the file)
a All (everybody)
 
 
Specify permissions
 
#chmod g+w myfile
g represents the group of the file (administrators).
w represents the write permission.
+ represents the fact that the permission is added.

#chmod o+r myfile (adds read permission to the others on myfile)

#chmod ug+rx myfile (adds read and execute permissions to both the owner (user) and the group on myfile)

#chmod a-rwx myfile (removes all permissions to everybody (all) on myfile)

#chmod a=rx *.txt (defines permissions to be read and write to everybody on all files suffixed by .txt)
 
Specify permissions using numbers
 
Permission Value
- 0
x 1
w 2
r 4
ex: #chmod +x testfile (Set executable permissions)
Permission Value
--- 0
--x 1
-w- 2
-wx 3
r-- 4
r-x 5
rw- 6
rwx 7
#chmod 755 myfile (rwxr-xr-x, all rights to the owner, other people only read and execute)
#chmod 644 myfile (rw-r--r--, owner car read and write, other people only read)
#chmod 777 myfile (can be considered bad practice in some cases, full permissions to everybody.)
 
Changing file owner or group : chown, chgrp
#chown testuser myfile
#chgrp testgroup myfile
#chown testuser:testgroup myfile
For tmp folders...
#ls -l
drwxrwxrwt 10 root root 4096 2006-03-10 12:40 tmp
The "t" in the end of the permissions is called the "sticky bit". It replaces the "x" and indicates that in this directory, files can only be deleted by their owners, the owner of the directory or the root superuser. This way, it is not enough for a user to have write permission on /tmp, he also needs to be the owner of the file to be able to delete it.
In order to set or to remove the sticky bit, use the following commands:
chmod +t tmp
chmod -t tmp
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)