Recently I received the question via email -- "...How do I change user rights under UNIX? I am using Red Hat Enterprise Linux and my background includes Windows network..."
This is one of the fundamental questions asked by new Linux system administrators. As many of you may already know, both Linux and Windows are multi-user and control access to resources is based upon user id or usernames. Further users grouped into groups for ease of management and security.
However, Linux (and UNIX) stores and process user database in different format.
The root user
- The root user is the super user.
- The root user can control entire Linux system including files, process, applications etc. The root user has full access to system.
- You should not use root for day-to-day tasks as root has full system access.
- Never ever, give root password to anyone.
For more information see What defines a user account?
- User database is stored in /etc/passwd file
- User passwords and password expiry information stored in /etc/shadow file
- User group information is stored in /etc/group file
UNIX/Linux User rights
There are two types of user rights (traditional):
- File level user rights or permissions granted using chmod and chown command
- Administrative (root) level rights granted using sudo.
If you type the following command:
$ ls -l
Youâ€™ll see something like the following:
-rw-r--r-- 1 vivek webusers 14814 2006-07-26 13:25 working-nixcraft.txt
Look at 3rd, 4th and last columns.
- vivek is username or the owner of the file (userid)
- webusers is group name, so all users in webusers can access file working-nixcraft.txt
- working-nixcraft.txt is the file name.
As the root user you can change or setup user file related rights/permission using chmod and chown command.
Task: change file owner and group
Consider following example:
$ ls -l foo.txt
-rw-r--r-- 1 vivek webgroups 8 2006-08-08 17:57 foo.txt
Change files ownership to tony user:
# chown tony foo.txt
# ls -l foo.txt
-rw-r--r-- 1 tony webgroups 8 2006-08-08 17:57 foo.txt
Change foo.txt group to ftpusers:
# chown tony:ftpusers foo.txt
# ls -l foo.txt
-rw-r--r-- 1 tony ftpuseers 8 2006-08-08 17:57 foo.txt
You can also operate on files and directories recursively using -R option. For example setup /var/www/html ownership to user lighttpd including subdirectories:
# chown -R lighttpd /var/www/html
Task: change files access rights/permissions
You need to use chmod command. Please refer the old article - how Linux file permissions work.
Task: Grant administrative rights to a normal user
You need to use sudo tool. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers configuration file. Please refer previous article for more information.
A note for Ubuntu Linux users
You can use chmod and chown command to setup user rights. Make sure you prefix all commands with word (command) sudo:
$ sudo chown tony:ftpusers foo.txt
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop