Difference between revisions of "Linux:group"

From HypertWiki
Jump to navigation Jump to search
(moved to htyp)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[[Techniques]]: [[Linux]]: [[Linux:group|group]]
{{to htyp}}
 
In Linux and other Unix-based operating systems, a '''group''' is an entity to which a [[Linux:user|user]] may belong and which confers certain "privileges" or "rights" to its member users.
 
==How Groups Are Used==
Groups play a significant role in system [[Linux:security|security]]. Ideally, a system administrator can define roles which the various users might play (e.g. scanner operator, webmaster, developer), create a group for each of those roles, and then assign the necessary rights (for performing those functions) to each ''group'', rather than to each ''user''. When managing users, it is then only necessary to assign a new user to the group(s) corresponding to that user's role(s); this reduces the amount of work necessary to properly implement security (thus encouraging proper security to be implemented) as well as reducing the chances of inadvertantly giving a user unneeded permissions and thereby creating a security risk.
 
==Details==
*Every [[Linux:file|file]] (including [[Linux:directory|directories]]) has a set of '''permissions''', an '''owner [[Linux:user|user]]''' and an '''owner group'''. Every file or directory's permission set is composed of twelve bits, but the meaning of the bits is slightly different for directories than for files.
*'''File permissions''' contain three groups of three bits each. The first set of three applies if and only if the current user is the same as the file's owner user; the second set applies only if the current user belongs to the file's owner group (except for the file's owner user), and the third set applies to everyone else. There are some additional specialized bits. Going from Most Significant Bit (MSB) to Least (LSB):
**'''Bit 11''': "set user ID" -- set user ID on execution
**'''Bit 10''': "set group ID" -- set group ID on execution
**'''Bit 09''': "sticky" -- largely obsolete; used on early Unix systems. See [[chmod]] for more information.
**'''Bits 8-0''': rwx (owner user), rwx (owner group), rwx (everyone else): r = can read file, w = can write file, x = can execute file
*'''Directory permissions''' are similar:
**'''Bit 11''': "set user ID"
**'''Bit 10''': "set group ID"
**'''Bit 09''': "sticky" --
**:'''1''' = files in that directory may be unlinked or renamed only by root or their owner.
**:'''0''' = anyone able to write to the directory can delete or rename files.
***The sticky bit is commonly found on directories, such as /tmp, that are "world-writable" (rwxrwxrwx)
**'''Bits 8-0''': same as for files, except "x" means "can enter (chdir into) directory"
==Commands==
Commands used for managing users, groups and permissions include:
*Groups:
**[[groupadd]] -- create a new group
**[[groupdel]] -- delete an existing group
**[[groupmod]] --
*Users:
**[[useradd]] -- create a new user
**[[userdel]] -- delete an existing user
**[[usermod]] -- modify a user account
*Permissions:
**[[chmod]] -- change permissions on a [[Linux:file|file]] or [[Linux:directory|directory]]
**[[chgrp]] -- change a file's owner group

Latest revision as of 18:01, 14 October 2005

VYPLGO2.64pxh.png This page has been moved to HTYP, the HyperTwin Yellow Pages.