Scribd
Upload
6 views26 pages

Chapter 4

Uploaded by

zsam20710
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views26 pages

Chapter 4

Uploaded by

zsam20710
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

University May 8, 1945 GUELMA

faculty of Mathematics, Computer Sciences, Physics and Chemistry


Computer Science department
First year Computer Engineer
Semester 1: Introduction to Operating Systems 1

Dr FERKOUS chokri
2

The ' /etc/passwd ' file is a text file with one record per line. Each describing a user
account. Each record consists of seven fields separated by colons ' : ' symbol.
1 2 3 4 5 6 7

mohamed:x:1001:1002:SALMI mohamed:/home/mohamed:/bin/bash
1. Username: The First field is username. It is used when 5. Gecos Field (General Electric Comprehensive
a user log in. It should be between 1 to 32 characters in Operating Supervisor / System ): It is commentary
length. Case-sensitive, usually all lowercase. that describes the person or account.
2. Password: An 'x' in the password field. It's mean the Typically, this is a set of comma-separated values
actual encrypted password information being stored in a including the user's full name and contact details.
separate shadow password ( '/etc/shadow' ) file. 6. Home Directory: The path t the user's home directory
•Setting this field to an asterisk ( '*' ) is the typical way •The absolute path to the directory the user will be
to deactivated an account to prevent it being used. when they log in. Usually '/home/username'
3. User Identifier ( UID ): The user identifier.
7. Program or Shell: program or Shell that is started
The number that the operating system uses for internal
every time the user logs into the system. Often set
purpose.
to '/bin/bash' to provide access to the bash shell.
4. Group Identifier ( GID ): The group identifier.
Dr FERKOUS Chokri
The number identifies the primary group of the user.
3

The /etc/shadow is a text-based password file. The shadow file stores the hashed
passphrase (or “hash”) format for Linux user account with additional properties related to
the user password. This shadow file is directly accessible only to the root user.

Dr FERKOUS Chokri
4

N° commands Description
1 useradd Add accounts to the system
2 usermod Edit account attributes
3 userdel Removes accounts from the system
4 groupadd Add groups to the system
5 groupmod Edit group attributes
6 groupdel Remove groups from the system

Dr FERKOUS Chokri
5

$ sudo groupadd group_name


The /etc/group file contains group account information. This information can be essential
for troubleshooting, security audits, and ensuring users can access the resources they need.
Understand each field of the file to make life easier as a sysadmin.
The fields in the /etc/group file are: groupname:password:GID:groupMembers
group_name: It is the name of group. If
you run ls -l command, you will see this Group members: It is a list of user
name printed in the group field. names of users who are members of
the group. The user names, must be
[Link]: Generally password is not separated by commas.
used, hence it is empty/blank. It can store
encrypted password. This is useful to
implement privileged groups.

Group ID (GID): Each user must be assigned a group


ID. You can see this number in your /etc/passwd file. Dr FERKOUS Chokri
6

Change GID: We can add the -g option to change the group ID of an existing group:
$ sudo groupmod -g 2040 groupName

$ sudo groupmod -g 2040 Students

Change Group name: We can add the -n option to change the group name of an
existing group:
$ sudo groupmod -n newName OldName

$ sudo groupmod -n Teachers enseignants

Dr FERKOUS Chokri
7
Delete a Group

$ sudo groupdel groupName

Dr FERKOUS Chokri
8

$ useradd -d homedir -g nomdugroupe -m -s shell -u userid usrName

N The option Description


1 -d homedir to choose another location for the home directory
2 -g group Name to specify a different GID or group name
3 -m To create the home directory
4 -s shell we can change the used shell using the option -s (or –shell)
5 -u userid to create a new user with a specific UID
6 usrname The username used to open the session
7 -c add extra information for a user by adding comments

Example:
$ useradd -g 1001 -m -c “GUELMI SALIM” salim
Dr FERKOUS Chokri
9

Create a User on Linux also requires attention regarding security. So, change the
password on Linux should be a must-have skill. For good practices, we should
change the password frequently.
Regular users only can change their passwords. The root user and users that have
sudo rights, for example, can change passwords on Linux from another user’s and
determine how the password can be defined or modified.

The user can only log in if we define a password. The passwd command can help
us to achieve that goal.
To change password on Linux from another user account, you can execute
the passwd command, followed by the user name. For example, to change the
password of a user called SALIM, perform the following command:
Example:
$ sudo passwd SALIM
Dr FERKOUS Chokri
10

The usermod command allows you to make changes to an existing account from the
command line. It uses the same arguments as the useradd command, plus the -l
argument which allows you to change the account name.
For example, to change the account name wassim to mohammedwassim and to
change the home directory accordingly, you will need to issue the following command

$ usermod -d /home/mohammedwassim -m -l wassim mohammedwassim

Dr FERKOUS Chokri
11

userdel command in Linux system is used to delete a user account and related files. This
command basically modifies the system account files, deleting all the entries which refer to
the username LOGIN. It is a low-level utility for removing the users.
Syntax:
userdel [options] LOGINNAME
userdel -f: This option forces the removal of the specified user account. It doesn’t matter that
the user is still logged in. It also forces the userdel to remove the user’s home directory and
mail spool, even if another user is using the same home directory or even if the mail spool is
not owned by the specified user.
userdel -r: Whenever we are deleting a user using this option then the files in the user’s home
directory will be removed along with the home directory itself and the user’s mail spool. All
the files located in other file systems will have to be searched for and deleted manually.

Example: $ userdel -r mohammedwassim


Dr FERKOUS Chokri
12

All the three owners (user owner, group, others) in the Linux system have three types of
permissions defined. Nine characters denotes the three types of permissions.
[Link] (r) : The read permission allows you to open and read the content of a file. But you
can't do any editing or modification in the file.
[Link] (w) : The write permission allows you to edit, remove or rename a file. For
instance, if a file is present in a directory, and write permission is set on the file but not on
the directory, then you can edit the content of the file but can't remove, or rename it.
[Link] (x): In Unix type system, you can't run or execute a program unless execute
permission is [Link] in Windows, there is no such permission available.

Permission On a file On a directory


r (read) read file content (cat) read directory content (ls)
w (write) change file content (vi) create file in directory (touch)
x (execute) execute the file enter the directory (cd)
Dr FERKOUS Chokri
13

Understanding Linux file permissions (how to find them, read them, and change them) is an
important part of maintaining and securing your systems.
The ls command along with its -l (for long listing) option will show you metadata about
your Linux files, including the permissions set on the file.
mohamed@ferkous-VPCEH2J1E:/temp/$ ls -l
total 20
drwxrwxr-x 3 mohamed Groupe1 4096 ‫أكتوبر‬24 12:05 informatique
-rw-rw-r-- 1 karim Groupe4 0 ‫أكتوبر‬24 12:01 [Link]
-rw-rw-r-- 1 khadidja Groupe2 0 ‫أكتوبر‬24 12:01 [Link]
drwxrwxr-x 2 mohamed Groupe1 4096 ‫أكتوبر‬24 12:03 system

File Name

Modification last date


File size
The group owner(G)
File permission The owner(U)

Dr FERKOUS Chokri
14

Look at the above snapshot, there are ten characters


(-rw-rw-r--) before the user owner. We'll describe
these ten characters here.

position characters ownership


1 - denotes file type
2-4 rw- permission for user; When you are the User owner, then the user owner
permission applies to you. Other permissions are not relevant to you.
5-7 rw- permission for group; When you are the Group then the group permission
applies to you. Other permissions are not relevant to you.
8-10 r-- permission for other; When you are the Other, then the other permission applies
to you. User and group permissions are not relevant to you.
Dr FERKOUS Chokri
15

You can change the permissions with chmod command accordingly to your need.
Below are some examples to change the permissions for different groups.
To add permissions to a group.
Syntax: chmod <groupName> +<permissionName> <fileName>
where: <groupName> u means user, g means group, o means others
Example: chmod u+x file
chmod g-x file
chmod u-w file
chmod ug+rwx [Link]
To add permission to all the groups together
Syntax: chmod a+<permissionName> <fileName>
Example: chmod a+w file

Dr FERKOUS Chokri
16

To set explicit permission


Syntax: chmod <groupName>=<permissions> <fileName
Example: chmod o=rw file
chmod u=rwx,g=rw,o=r file

Dr FERKOUS Chokri
17

Setting Octal Permissions: Octal permissions can also be set for the groups.
For example, to set r octal will be 4, to set w octal will be 2, to set x octal will be 1.
binary octal permissions
000 0 ---
001 1 --x
010 2 -w-
011 3 -wx
100 4 r--
101 5 r-x
110 6 rw-
111 7 rwx

From this we can conclude that:


777 = rwxrwxrwx
765 = rwxrw-r-x
654 = rw-r-xr-- Dr FERKOUS Chokri
18

Dr FERKOUS Chokri
19

While creating a file or directory, by default a set of permissions are applied. These default
permissions are viewed by umask command.
For safety reasons all Unix OS doesn't provide execution permission to newly created files.
Adding execution permission is up to you.

The umask command works by stripping away permissions as the file is created. On the
system, the default umask is currently set to the octal value of 022. Here is what it looks like
in the terminal.
$ umask
0022
To understand with which permissions files and directories are made when umask is set to
022, simply subtract that value from the default permissions Linux sets for files and
directories before umask which is 666 for files and 777 for directories.
New files: 666 - 022 = 644
New directories: 777 - 022 = 755
Dr FERKOUS Chokri
20

A umask value of 026 for a directory sets permissions for the owner to read, write and
execute, for a group to only read and execute, and for other users to only have execute
capability since 777 – 026 = 751.
[mohamed@univ-guelma]# umask 026
[mohamed@univ-guelma]# umask
0026

Dr FERKOUS Chokri
21

UMASK

Basic permissions
002 (--- --- -w-) 022 (--- -w- -w-) 077 (--- rwx rwx)
000 000 010 000 010 010 000 111 111

Remove writing rights for


Remove writing rights Remove all rights for group
group members (g) and others
for others (o) members (g) and others (o)
(o)
777 (rwx rwx rwx)

rwx rwx rwx (777) rwx rwx rwx (777) rwx rwx rwx (777)
-___ ___ _w_ (002) -___ _w_ _w_ (022) -___ rwx rwx (077)
111 111 111
directory

rwx rwx r_x (775) rwx r_x r_x (755) rwx ___ ___ (700)

111 111 111 111 111 111 111 111 111


 000 000 010  000 010 010  000 111 111
111 111 101 111 101 101 111 000 000
666 (rw_ rw_ rw_)

rw_ rw_ rw_ (666) rw_ rw_ rw_ (666) rw_ rw_ rw_ (666)
-___ ___ _w_ (002) -___ _w_ _w_ (022) -___ rwx rwx (077)
110 110 110

rw_ rw_ r__ (664) rw_ r__ r__ (644) rw_ ___ ___ (600)
file

110 110 110 110 110 110 110 110 110


 000 000 010  000 010 010  000 111 111
110 110 100 110 100 100 110 000 000 Dr FERKOUS Chokri
22

The chown command allows you to change the user and/or


group ownership of a given file, directory, or symbolic link.
In Linux, all files are associated with an owner and a group
and assigned with permission access rights for the file
owner, the group members, and others.
The chown command expressions takes the following form:
$ chown [OPTIONS] USER[:GROUP] FILE(s)

USER is the user name or the user ID (UID) of the new owner.
GROUP is the name of the new group or the group ID (GID).
FILE(s) is the name of one or more files, directories or links.

NB: Numeric IDs should be prefixed with the + symbol.


Dr FERKOUS Chokri
23

USER - If only the user is


specified, the specified user will
become the owner of the given
files, the group ownership is not
changed.

Dr FERKOUS Chokri
24

:GROUP - If the User is UID of mohamed GID of Groupe1


omitted and the group is
prefixed with a colon :, only
the group ownership of the
files is changed to the given
group. GID of Groupe2
NB: By default, on success, chown doesn’t produce any output and returns zero.
Dr FERKOUS Chokri
25

Dr FERKOUS Chokri
26

GROUP, name of the new group, or the group ID (GID). Numeric GID must be
prefixed with the + symbol.
FILE(s), name of one or more files.
example:
$ chgrp +1004 [Link]
$ chgrp students [Link]
Dr FERKOUS Chokri

You might also like