OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents | Next >

Owners, Group Members, And Everybody Else

When we were exploring the system back in Chapter 3, we may have encountered a prob- lem when trying to examine a file such as /etc/shadow:


[me@linuxbox ~]$ file /etc/shadow

/etc/shadow: regular file, no read permission [me@linuxbox ~]$ less /etc/shadow

/etc/shadow: Permission denied

[me@linuxbox ~]$ file /etc/shadow

/etc/shadow: regular file, no read permission [me@linuxbox ~]$ less /etc/shadow

/etc/shadow: Permission denied


The reason for this error message is that, as regular users, we do not have permission to read this file.

In the Unix security model, a user may own files and directories. When a user owns a file or directory, the user has control over its access. Users can, in turn, belong to a group consisting of one or more users who are given access to files and directories by their owners. In addition to granting access to a group, an owner may also grant some set of access rights to everybody, which in Unix terms is referred to as the world. To find out in- formation about your identity, use the id command:


[me@linuxbox ~]$ id

uid=500(me) gid=500(me) groups=500(me)

[me@linuxbox ~]$ id

uid=500(me) gid=500(me) groups=500(me)


Let's look at the output. When user accounts are created, users are assigned a number called a user ID or uid which is then, for the sake of the humans, mapped to a username. The user is assigned a primary group ID or gid and may belong to additional groups. The above example is from a Fedora system. On other systems, such as Ubuntu, the output may look a little different:



[me@linuxbox ~]$ id

uid=1000(me) gid=1000(me) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(v ideo),46(plugdev),108(lpadmin),114(admin),1000(me)

[me@linuxbox ~]$ id

uid=1000(me) gid=1000(me) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(v ideo),46(plugdev),108(lpadmin),114(admin),1000(me)


As we can see, the uid and gid numbers are different. This is simply because Fedora starts its numbering of regular user accounts at 500, while Ubuntu starts at 1000. We can also

Owners, Group Members, And Everybody Else


see that the Ubuntu user belongs to a lot more groups. This has to do with the way Ubuntu manages privileges for system devices and services.

So where does this information come from? Like so many things in Linux, from a couple of text files. User accounts are defined in the /etc/passwd file and groups are defined in the /etc/group file. When user accounts and groups are created, these files are modified along with /etc/shadow which holds information about the user's password. For each user account, the /etc/passwd file defines the user (login) name, uid, gid, the account's real name, home directory, and login shell. If we examine the contents of

/etc/passwd and /etc/group, we notice that besides the regular user accounts, there are accounts for the superuser (uid 0) and various other system users.

In the next chapter, when we cover processes, we will see that some of these other “users” are, in fact, quite busy.

While many Unix-like systems assign regular users to a common group such as “users”, modern Linux practice is to create a unique, single-member group with the same name as the user. This makes certain types of permission assignment easier.


Top OS Cloud Computing at OnWorks: