Linux:group

From HypertWiki
Revision as of 23:40, 9 June 2005 by Woozle (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Techniques: Linux: group

In Linux and other Unix-based operating systems, a group is an entity to which a user may belong and which confers certain "priveleges" or "rights" to such users.

How Groups Are Used

Groups play a significant role in system security. Ideally, a system administrator can define roles which the various users might play (e.g. scanner operator, webmaster, developer), create a group for each of those roles, and then assign the necessary rights (for performing those functions) to each group, rather than to each user. When managing users, it is then only necessary to assign a new user to the group(s) corresponding to that user's role(s).

Details

  • Every file (including directories) has a set of permissions, an owner user and an owner group. Every file or directory's permission set is composed of twelve bits, but the meaning of the bits is slightly different for directories than for files.
  • File permissions contain three groups of three bits each. The first set of three applies if and only if the current user is the same as the file's owner user; the second set applies only if the current user belongs to the file's owner group, and the third set applies to everyone else. There are some additional specialized bits. Going from Most Significant Bit (MSB) to Least (LSB):
    • Bit 11: "set user ID"
    • Bit 10: "set group ID"
    • Bit 09: "sticky" -- largely obsolete; used on early Unix systems. See chmod for more information.
    • Bits 8-0: rwx (owner user), rwx (owner group), rwx (everyone else): r = can read file, w = can write file, x = can execute file
  • Directory permissions are similar:
    • Bit 11: "set user ID"
    • Bit 10: "set group ID"
    • Bit 09: "sticky" --
      1 = files in that directory may be unlinked or renamed only by root or their owner.
      0 = anyone able to write to the directory can delete or rename files.
      • The sticky bit is commonly found on directories, such as /tmp, that are "world-writable" (rwxrwxrwx)
    • Bits 8-0: same as for files, except "x" means "can enter (chdir into) directory"
wiki file: https://hypertwins.org/mw/index.php?title=Linux:group&oldid=658