Linux: User vs group permissions

linux permissions file-permissions home-directory
5,365

First off, it's important you understand that when looking at a directory or file, traditional Unix permissions only know to differentiate between:

  • The user
  • The user's group
  • Anybody else

These permissions are reflected in the rwxrwxrwx notation, called modes. r stands for read, w for write and x for execute. Their meaning is pretty much what they're named after, only that the execute permission allows you to recurse a directory tree.

So, /home/testser belongs to user testuser, and it can change things in its directory but nothing else. What does that root indicate for the home directory?

root here is the group the directory belongs to. That means that any user in the root group will have the permissions as indicated by the second rwx part of the permissions notation. For example, drwxr-xr-x would mean that anybody in the root group can only read and list that directory, but not write to it.*

In this example with testuser, let's say that it belongs to the group root. Does that mean it has the union of the privileges of testuser and root apply to this user?

The user's privileges apply to this directory because it belongs to them. If the testuser also happens to be in the group root, then the privileges in that group would also apply. If neither is the case, only the permissions from the third part would apply.

Let's say you're on a computer science class and there's a computer where both alice and bob belong to the group students. Everyone of them has a home directory with rwxr-x--- permissions, with ownership of alice:students or bob:students. That would mean any student can list and read the contents of every other student, but they cannot modify the files of their colleagues.

Also, I noticed that for a new user I create, there's a new group that gets created, named the same as the name of the user. What's the purpose of this?

This allows you to give more flexible control over permissions. Sometimes you don't want to have a group that's shared amongst users. Especially for home folders, you don't want anybody else to even read them. This is why it's a good idea to chown -R testuser:testuser /home/testuser, because no group permission setting (even a rwx one) would be a security concern.

* Well, not exactly, since any root user can do anything, but if the group were something else, then the above would hold true.

Share:
5,365

Related videos on Youtube

musicliftsme
Author by

musicliftsme

Updated on September 18, 2022

Comments

  • musicliftsme
    musicliftsme over 1 year

    I'm fairly new to Linux and testing around with it. I'm SSHing into the server, and I created a testuser while logged in as root ussing adduser. I noticed that it didn't create a home directory, so I created that as well using mkdir.. The directory is listed as drwxr-xr-x 2 root root when I do ls -l.

    So, I changed the owner of the new home directory using chown. Now it looks like drwxr-xr-x 2 testuser root, but I don't know what to do about the root (group right?). I'm confused with all of these users, groups, and their permissions.

    1. So, /home/testser belongs to user testuser, and it can change things in its directory but nothing else. What does that root indicate for the home directory?

    2. In this example with testuser, let's say that it belongs to the group root. Does that mean it has the union of the privileges of testuser and root apply to this user?

    3. Also, I noticed that for a new user I create, there's a new group that gets created, named the same as the name of the user. What's the purpose of this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Give a group write permission to a folder
How to I use Linux Groups to restrict read, write, execute access by other users to a directory?
How to install when permission denied to /usr/local/bin/
Fix permissions of server after accidental chmod debian
How to setup nfs share for users with write permissions
Why I can't access to this directory after that I use the chown command?
"Unable to Display Current Owner" & Access Denied when trying to take ownership
Group member cannot create files/directories in folder
Remove ACLs in Linux permissions
Is it safe to chmod 777 everything?