bash: Users and Permissions

See list of users:

$ cat /etc/passwd

Opens a new shell as user username:

$ su username

Opens a new shell as user username, using their environment:

$ su - username

Create new user username:

$ useradd username

Some options include:

• -c (Specify comment for account)
• -k (Specify alternative skeleton directory)
• -M (Don't create a home dir for user)
• -r (Create user as system account)
• -s (Specify alternative shell for user)

More examples:

• $ useradd -Ms /bin/bash -c Test Comment username (Multiflag syntax)
• $ useradd -D (View default values for new users)
• $ useradd -D -s /sbin/nologin (Change default shell for new users)

$ userdel username

Deletes user account.

• -r (Deletes user's home and mail directories as well)

$ passwd username

Changes user's password. Some options include:

• -e (Expires password and forces user to make new one at next login)
• -S (Outputs the status of the password for a given account)
• –stdin (Pull the new password from standard input)

$ usermod -flags username

Used for modifying accounts. Some options below:

• -l (Changes username)
• -c (Changes comment)
• -L (Locks account)
• -U (Unlocks account)
• -g (Primary group)
• -G (Secondary group)

Example, to change a user's shell:

$ usermod -s /sbin/nologin username

See list of groups:

$ cat /etc/group

Create new group newgroupname:

$ groupadd newgroupname

Change name of group oldgroupname to newgroupname:

$ groupmod -n newgroupname oldgroupname

Remove user username from group oldgroupname:

$ gpasswd -d username oldgroupname

Change user's primary group:

$ usermod -g newgroupname username

Add user to a supplementary group:

$ usermod -aG newgroupname username

Set default permissions to 600 on new files and 700 on new directories:

$ umask 0077

$ chmod 600 filename

Changes permissions of filename to 600. Further uses of chmod:

• $ chmod a+r filename (Adds read permissions for everyone.)
• $ chmod u-x,g-wx,o-rwx filename (Removes read permissions from others, write permissions from group and others, and execute permissions for everyone.)
• $ chmod u+rwx,g+rx filename (Adds read and execute permissions for owner and group, and write permissions for owner.)
• $ chmod -R u+X directoryname/ (Recursively adds execute permissions for owner if appropriate, such as a directory, but ignores if inappropriate, such as most files.)
• $ chmod u+s,g+s filename (Sets the SUID and SGID execution bits.)

Change owner of filename:

$ chown user filename

Change owner and group of filename:

$ chown user:group filename

Change group of filename:

$ chgrp group filename

• One octal value contains the permissions for one of the three security levels (owner, group, and others)
• The 4 digits in umask values correspond to (in order) the sticky bit, owner permissions, group permissions, and then other's permissions.
• The umask value is subtracted from default octal values (777 for directories, 666 for files). A umask of 022 on a file would thus leave resulting permissions of 644.
• The -R (recursive) flag can be used on chown, chgrp, and chmod, to apply changes to all subdirectories and files on the folder specified in the command.
• SUID says if the file is executed by a user, it runs under the permissions of the file owner.
• SGID forces all new files created in a shared directory to be owned by the directory's group.
• Sticky bit says if the file remains in memory after the process ends.

• 0 — (No Permissions)
• 1 –x (Execute-only)
• 2 -w- (Write-only)
• 3 -wx (Only write and execute)
• 4 r– (Read-only)
• 5 r-x (Only read and execute)
• 6 rw- (Only read and write)
• 7 rwx (Full Permissions)

• 0 (All bits are cleared)
• 1 (The sticky bit is set)
• 2 (The SGID bit is set)
• 3 (The SGID and sticky bits are set)
• 4 (The SUID bit is set)
• 5 (The SUID and sticky bits are set)
• 6 (The SUID and SGID bits are set)
• 7 (All three bits are set)

• Previous Page: ← Managing Processes
• Next Page: Managing Files & Archives →
• Back to Index