Bhawesh's blog

Creating Users and Groups and changing their permission

bhawesh mehta's photo
bhawesh mehta
·

2 min read

ls -ltr

This command is used to check the permission of directory and files inside the current folder

remember the sequence:

rwx:421

r=read

w=write

x=execute

for folder/directory d is written in front of the syntax drwx-rwx-rwx

There are 3 sections in the above syntax:

first section of rwx is for user/creator

the numerical equivalence of rwx is 4+2+1=7

so if we want to give the user/owner the read write and execute permission we need to allot the numerical equivalence to 7

Second Section represent set of users in a single group

all those users in that group which are the part of creater users will have the access rights according to the numerical values.

Imagine the user/creator of file is ubuntu in this case and the ubuntu user is in common group with the other user named test_user and group name is test_group

now if we want to give read write access to the test_group of which the creator itself is a part of then we have to allot no 7

Let's go through the snippets below now to check this

Creating user1 using useradd command

Checking the user created in /etc/passwd file using the below command

Setting Password for the group using sudo passwd test_user1

Switching to test_user1

Check if the user has changed by typing the following commands

now lets try to access the directory of ubuntu user being test_user1

We will get this error while trying to access the redis_image directory

Adding test_user1 to group test_group

What is ACL ?
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

Use of ACL :
Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.

Basically, ACLs are used to make a flexible permission mechanism in Linux.

setfacl and getfacl are used for setting up ACL and showing ACL respectively.

getfacl test/declarations.h


1) To add permission for user
setfacl -m "u:user:permissions" /path/to/file

2) To add permissions for a group
setfacl -m "g:group:permissions" /path/to/file

Example:

lets's add test_user1 permission for the file Docker inside my redis_image