User Tools

Site Tools

tools:bash:users-permissions

This article is Part 4 in a series of cheat-sheets on the command line shell, bash. (Previous Page | Next Page)

bash: Users and Permissions

User Management

See list of users:

$ cat /etc/passwd

Opens a new shell as user username:

$ su username

Opens a new shell as user username, using their environment:

$ su - username

useradd

Create new user username:

$ useradd username

Some options include:

  • -c (Specify comment for account)
  • -k (Specify alternative skeleton directory)
  • -M (Don't create a home dir for user)
  • -r (Create user as system account)
  • -s (Specify alternative shell for user)

More examples:

  • $ useradd -Ms /bin/bash -c Test Comment username (Multiflag syntax)
  • $ useradd -D (View default values for new users)
  • $ useradd -D -s /sbin/nologin (Change default shell for new users)

userdel

$ userdel username

Deletes user account.

  • -r (Deletes user's home and mail directories as well)

passwd

$ passwd username

Changes user's password. Some options include:

  • -e (Expires password and forces user to make new one at next login)
  • -S (Outputs the status of the password for a given account)
  • –stdin (Pull the new password from standard input)

usermod

$ usermod -flags username

Used for modifying accounts. Some options below:

  • -l (Changes username)
  • -c (Changes comment)
  • -L (Locks account)
  • -U (Unlocks account)
  • -g (Primary group)
  • -G (Secondary group)

Example, to change a user's shell:

$ usermod -s /sbin/nologin username

Group Management

See list of groups:

$ cat /etc/group

Create new group newgroupname:

$ groupadd newgroupname

Change name of group oldgroupname to newgroupname:

$ groupmod -n newgroupname oldgroupname

Remove user username from group oldgroupname:

$ gpasswd -d username oldgroupname

Change user's primary group:

$ usermod -g newgroupname username

Add user to a supplementary group:

$ usermod -aG newgroupname username

File Permissions

umask

Set default permissions to 600 on new files and 700 on new directories:

$ umask 0077

chmod

$ chmod 600 filename

Changes permissions of filename to 600. Further uses of chmod:

  • $ chmod a+r filename (Adds read permissions for everyone.)
  • $ chmod u-x,g-wx,o-rwx filename (Removes read permissions from others, write permissions from group and others, and execute permissions for everyone.)
  • $ chmod u+rwx,g+rx filename (Adds read and execute permissions for owner and group, and write permissions for owner.)
  • $ chmod -R u+X directoryname/ (Recursively adds execute permissions for owner if appropriate, such as a directory, but ignores if inappropriate, such as most files.)
  • $ chmod u+s,g+s filename (Sets the SUID and SGID execution bits.)

chown

Change owner of filename:

$ chown user filename

Change owner and group of filename:

$ chown user:group filename

chgrp

Change group of filename:

$ chgrp group filename

File Permissions Notes

  • One octal value contains the permissions for one of the three security levels (owner, group, and others)
  • The 4 digits in umask values correspond to (in order) the sticky bit, owner permissions, group permissions, and then other's permissions.
  • The umask value is subtracted from default octal values (777 for directories, 666 for files). A umask of 022 on a file would thus leave resulting permissions of 644.
  • The -R (recursive) flag can be used on chown, chgrp, and chmod, to apply changes to all subdirectories and files on the folder specified in the command.
  • SUID says if the file is executed by a user, it runs under the permissions of the file owner.
  • SGID forces all new files created in a shared directory to be owned by the directory's group.
  • Sticky bit says if the file remains in memory after the process ends.

Octal Values

  • 0 — (No Permissions)
  • 1 –x (Execute-only)
  • 2 -w- (Write-only)
  • 3 -wx (Only write and execute)
  • 4 r– (Read-only)
  • 5 r-x (Only read and execute)
  • 6 rw- (Only read and write)
  • 7 rwx (Full Permissions)

Sticky Bits

  • 0 (All bits are cleared)
  • 1 (The sticky bit is set)
  • 2 (The SGID bit is set)
  • 3 (The SGID and sticky bits are set)
  • 4 (The SUID bit is set)
  • 5 (The SUID and sticky bits are set)
  • 6 (The SUID and SGID bits are set)
  • 7 (All three bits are set)


This article is part of a series on Command Line
Linux, MacOS & BSD
Shells: Bash (Getting Started - Shortcuts & Piping - Managing Processes - Users & Permissions - Files & Archives - Customization) - zsh
Emulators/Multiplexers: tmux
Windows
PowerShell

tools/bash/users-permissions.txt · Last modified: 2025/01/04 03:37 by Humphrey Boa-Gart

Find this page online at: https://bestpoint.institute/tools/bash/users-permissions