Unix Users and Groups
Basic info
Each user has a primary group and a list of supplementary groups. The primary group is used mainly when creating new files. The list of groups (primary and all supplementary) are used for granting access.
A file has a user-owner and group-owner. Any particular user is either the file owner, in the file's group, or other.
- The user who is the user-owner is the file's owner.
- Users who are not the file's owner but whose primary or supplementary groups include the file's group are in the file's group.
- All other users are in the "other" category.
The user permissions (rwx------ 0700) grant access to the owner.
The group permissions (---rwx--- 0070) grant access to users who are in the file's group.
All other users get other permissions (------rwx 0007).
The setuid bit (--s------ 4000):
- If set on an executable file then the program gets the permissions of the file's owner while it runs.
- Turn on: chmod u+s foo
- Turn off: chmod u-s foo
The setgid bit (-----g--- 2000):
- If set on an executable file then the program gets the permissions of the file's group while it runs.
- If set on a non-executable file then the file has mandatory file/record locking.
- If set on a directory then all files created in that directory get the same group as the directory, and directories created in that directory also have the setgid bit set (without the setgid bit the group of a newly created file is the primary group of the user who created the file).
- Turn on: chmod g+s foo
- Turn off: chmod g-s foo
The sticky bit (--------t 1000):
- If set on a directory then files in the directory may only be renamed/deleted by the owner of the file or the owner of the directory. (Without the sticky bit anyone with write access to the directory can do that.)
- Turn on: chmod o+t foo
- Turn off: chmod o-t foo
The umask is a per-process value that indicates which permission
bits to turn off when creating a file. See and set its value with the umask shell command.
Creating files
When a file is created:
Its owner is the user creating the file.
Its group is the primary group of the user creating the file.
- If the file is created in a directory with the setgid bit set, then the group is the group of the directory
Its permissions are 0666 & ~umask. The umask is a per-process value that indicates which permission bits to turn off when creating a file.
Create new user
This creates a new user and adds them to /etc/password.
It also creates a group of the same name and assigns it as the primary group. The -m option causes a home directory to be created with default files.
sudo useradd -m -s /bin/bash username
Useful options:
-m - create the home dir and cp files from /etc/skel
-s /bin/bash - set shell
Create new group
sudo groupadd name_of_new_group
Add existing user to existing group
This adds the user to the group so the group will be in the users list of supplementary groups.
sudo usermod -a -G name_of_group username