BytesOfProgress

Wiki


User Accounts / permissions

Becoming root

For many Commands you need access to the administrator account of the machine. You can put "sudo" at the beginning of a command to execute it with admin rights, as long as your user account has been added to the sudo group. If that does not work, you can log in to the administrator account called "root". You can check whether you are logged in as root or not by simply looking at your Terminal: If there is a "#" sign just before the prompt, you are logged in as root, if there is a "$" sign, you are logged in as a regular user. Here are some examples:

Using "admin" commands without logging in as root


  $ sudo apt install apache2
    

Becoming root


  $ su
    

Often, the regular "su" is enough, but sometimes you will need to not only switch to the root user, but simulate a whole login from the root account. This means that the "root's" environment variables, working directory, and other settings are fully loaded, just as if they had logged in directly. You can do this by executing the following command:


  $ su -
    

or, if your account is in the sudo group:


  $ sudo -i
    

Exiting root account


  # exit
    


Logging into different accounts


  $ su username
    


How do user groups work?

In Linux, user groups serve as a foundational element for managing user permissions and access control within the system. Groups are essentially collections of user accounts, organized to simplify the administration of file permissions, system resources, and collaborative tasks.

Each group is identified by a unique Group ID (GID), a numeric value that is used internally by the system.

A user in Linux can be associated with one or more groups, consisting of a primary group and supplementary groups. The primary group is specified in the "/etc/passwd" file, while supplementary groups grant additional permissions to the user. This group-based approach is particularly valuable for scenarios where multiple users require shared access to files, directories, or system resources.

The "/etc/group" file contains information about groups on the system, such as group names, GIDs, and the list of users belonging to each group. Administrators can use various commands to manage groups and users effectively:


Creating a new user


  # useradd username
    

Or, to create a new user and also create a home directory for them:


  # useradd -m username
    

Deleting a user


  # userdel username
    

Changing a user's password


  # passwd username
    

Or, if you want to change the password for the user you are currently logged in:


  # passwd
        

Creating a group


  # groupadd mygroup
        

Deleting a group


  # groupdel mygroup
        

Adding a user to a group


  # usermod -aG mygroup username
        

Removing a user from a group


  # gpasswd -d username mygroup
        



How do permissions work?

File and directory permissions are a crucial aspect of access control, determining who can read, write, or execute a file or directory. These permissions are organized into three categories: user (owner), group, and others. Each category has three basic permission types: read (r), write (w), and execute (x).

Permissions are assigned based on the octal number system (0-7), which represents each permission type as a digit. In this system:

Read (r) is represented by the value 4.

Write (w) is represented by the value 2.

Execute (x) is represented by the value 1.

To express multiple permissions, these values are added. For example, read and write permissions (rw) would be represented by 6 (4 + 2).

Thus, we can give a user read and write privileges for a file by executing:


  # chmod u=rw filename
    

This can also be expressed using the octal system:


  # chmod 600 filename
    

Similarly, you can give read-write permissions to a group by executing this:


  # chmod g=rx filename
    

We can revoke these permissions by replacing "=" with "-", like this:


  # chmod g-rx filename
        



back