Linux Users, Groups and file_directory permissions.docx

7/29/2019 Linux Users, Groups and file_directory permissions.docx

1/9

10 October 2012 Configuration of users, groups and file/directory permissions

Since this is my first foray into Linux I had no idea what to write about in relation to

being a Unix Administration. After looking at the topics I chose configuration of users, group,

and file/directory permissions for several reasons. The first is that I did spend some time many

years ago setting up an active directory infrastructure so I am hoping to relate how to set up

users in Linux to mirror that structure; if that is at all possible. The second reason is that one of

the first thing an server administrator would have to do after booting and loading a file system

would be to define permissions to allow people to get access to either the application or data

on the server. I suspect that a lot of thought would have to be put into doing this, if it is not

done correctly it will be ad hoc or have to be redone multiple times to get it right. Having to

redo it might require all of the users to lose access while it is being redone. I think explaining

how to set up the file/directory permissions relating to the access capabilities of the

user/groups will also be interesting to learn. Finally the other reason that I chose this topic is

that it has the most words so I in my thinking if it took that long to describe the topic hopefully

there will be enough material to fill up a research paper.

My goal in doing the research is to gain an understanding on these topics and pass that

information on to anyone that is as clueless as I currently am on Linux. I will accomplish this by

separating the two topics into individual sections and then finally tying them all together to

show how they interrelate. By focusing on how to implement them in an enterprise

perspective I will be looking at scalability and ability to change without impacting a large

number of people. First I will focus on how to set up users and some considerations about how

the users should be defined in groups. For the file directories and permissions I will try to


2/9


research and write about considerations and alternatives for setting up directories and

permissions in a server environment that supports peoplesHome directories.

In my paper I am assuming that I am building a server from scratch without any

knowledge on how to do so. The server purpose will be to be a repository for the companies

Home directories, where the employees will save most of their information that is either

work related or personal. From my research it appears that the first thing I should do is to set

up the users. The users in turn will set up directories based on the permissions I have given

them. Generally speaking I am thinking that the user groups should somewhat replicate the

organizational structure. I would be careful with some of the names of the organizations and

not be as concerned about them as I have known, through time, that organizations change their

names and therefore the structure of the directories will get dirty fairly quickly given this. I

would be hesitant to use the specific names but if I didnt do that in the beginning everyone will

wonder how to navigate to get to their specific data. Also, one of the critical pieces that I need

to focus on are the types of users to create useful group names and then I have to be sure to

only give those users and groups access to the directories that will be necessary for them to

perform their jobs and nothing more. There are several groups predefined in Linux but none

other than the user group named user really fit the business needs for any particular

business. The group naming structure really needs to be thought out so that it makes sense

and is consistent throughout the server environment. I am going to use my team as an

example of the types of groups I would create. I manage a team that is subdivided by

technology. My first thought is to create an overall group called IntOps for my management


3/9


team and I to be located in. Next I would create groups based called Network, Distributed, and

Voice for each of the technology areas. I would also create a group called Private that would

house information that each team member might need but shouldnt be opened to the general

populace. The first thing that needs to be kept in mind is when a user is added to Linux the

default group that the user is added to using the same name as the user name, unless

otherwise specified ( Ippolito ). The first command below sets up a group name called network

and the second command creates a userid called Dave and places that userid in the Network

group as well as a supplemental group Private. (Them creates a home directory for Dave):

Groupadd Network

Useraddmg NetworkG Private Dave

According to the article below from Dartmouth.edu, Every user on a Unix system has a

unique username, and is a member of at least one group (the primary group for that user).

Every directory and file on the system has an owner, and also an associated group. It also

has a set of permission flags which specify separate read, write and execute permissions for the

'user' (owner), 'group', and 'other' (everyone else with an account on the computer) (Dartmouth)

Given the information above, once a user is added then that user can create a directory

structure that inherits that users attributes by using the mkdir command. The directory structure

will be created under whatever directory group the user is currently in. Assume for the example

below that there is already a group called IntOps and that the user Dave has write permissions for

that group. If I logged on as Dave and changed the directory to /IntOps, I could create a

directory called /by performing the $ mkdirNetwork command. This directory then inherits


4/9


the group that I belong to, in this case Network. Anyone else in the Network group should be

able to access the directory with the same permissions as I have. Another useful command I saw

was using thep option on the mkdir command; that option will create a directory tree under the

parent directory that I am in. As an example, suppose I was in my /IntOps/Network directory

and wanted to create a nested directory called /class/cis206/notes/commands. Instead of creating

each directory individually, I could use the command $ mkdir p

/class/cis206/notes/commands and assuming that none of the directories all ready exist this

command will create them.

The next part of my research paper I am going to talk through basic file and directory

permissions and what each field means when looking at them. After executing a lsl command

the following output is shown:

Drwxr-x--- 2 Dave Network 12050 Oct 10 2012 /home/info

The information below provided the definitions for the fields in the line above.

Field 1: a set of ten permission flags.

Position Meaning

1 directory flag, 'd' if a directory, '-' if a normal file,

2,3,4

read, write, execute permission for User (Owner) of file = Dave can read, write and

execute out of this directory

5,6,7 read, write, execute permission for Group = group Network can read and execute

8,9,10 read, write, execute permission for Other = others can neither read, nor write, nor


5/9


execute

Field 2: link count

Field 3: owner of the file = Dave

Field 4: associated group for the file = Network

Field 5: size in bytes = 12050

Field 6-8: date of last modification = Oct 10 2012

Field 9: name of file = /home/info

("Dartmouth.edu")

In order to build a server from scratch with user groups and directories matching it will

take a lot of time and studying to understand organizational structure or other logical grouping

of those users. The structure that I have attempted above tries to align the user group names

to the directory structure names so that it is easy for an administrator to debug an issue that

might be occurring. If I had a new user in Network that couldnt access a file in Voice and I

thought I had given them permission to do so, I could go to the /IntOps/Voice directory and

look to confirm that the user permissions were set correctly.

Where I work the security team wont allow people to use a workstation version of

Linux so starting this class everything was new to me. Having had no previous experience in

Linux this research project has done a lot for me in providing a basic understanding of how to

set up user/groups and how setting these up tie back to file and directory permissions. In the

beginning when I started the research I had lofty goals of understanding LDAP and setting up a


6/9


pseudo active directory structure in Linux but the more I learned I figured out that Linux

natively has some advantages and disadvantages of trying to fit into a Windows permissions

structure. The specific scenario of setting up a new server with new users has to be one of the

easiest for a new person research and implement. As I continue to gain experience in Linux and

get more knowledgeable I am sure I will look back at this paper and realize how silly I was in

setting up the structure with people/groups/files/permissions but right now I think what I have

proposed has some merit. In conclusion this research exercise has been quite fruitful and

worth the extra effort to gain deeper knowledge in Linux administration.


7/9


References:

Lngstedt, Nana. "Linux's Directory Structure." tuxtfiles.org. N.p., 22 2005. Web. 26 Oct 2012.

.

"Understanding File Permissions on Unix: A Brief Tutorial."Dartmouth.edu. Dartmouth

College. Web. 26 Oct 2012. .

Ippolito , Greg. "Managing Group Access." Yolinux.com Tutorial. N.p.. Web. 26 Oct 2012.

.


8/9


Supplemental information:

The default directory structure for Linux is below:

/ = the root directory, this is the starting point in the directory structure

/boot = the directory that Linux uses to store what it needs to boot up

/etc = where the configuration files for Linux are stored

/bin = where Linux stores its binary files that the system needs to operate such as shell,

ls and grep

/usr = directory where user applications are stored, typically this is the largest directory

/home = directory for personal files

/root = super user root directory ( Lngstedt)

After doing some research on the subject it appears that it is necessary to run a product

called Samba on the file server. According to the Fedora Project, link below, Samba allows me

to share files to the Windows environment. I realize that that it is necessary to do this but in

reality most environments wont be exclusively Linux so it is wise to consider the broader user

base when setting up a file and/or print server. Samba comes with three Daemons that allow it

to communicate correctly with the Windows environment they are SMDB, RMDB and

WINBINDD. The last service allows Windows users to appear as Unix users. The Samba

distribution allows the Linux server to communicate using Microsoft proprietary proctocols


9/9


including MS-RPC and Netbios. Once it is setup correctly simply do a net use command on

the client to attach (mount) the Linux systems files to the Windows client.

Documents

Linux Users, Groups and file_directory permissions.docx