Upload
haind01
View
220
Download
0
Embed Size (px)
Citation preview
7/29/2019 Linux Users, Groups and file_directory permissions.docx
1/9
10 October 2012 Configuration of users, groups and file/directory permissions
Since this is my first foray into Linux I had no idea what to write about in relation to
being a Unix Administration. After looking at the topics I chose configuration of users, group,
and file/directory permissions for several reasons. The first is that I did spend some time many
years ago setting up an active directory infrastructure so I am hoping to relate how to set up
users in Linux to mirror that structure; if that is at all possible. The second reason is that one of
the first thing an server administrator would have to do after booting and loading a file system
would be to define permissions to allow people to get access to either the application or data
on the server. I suspect that a lot of thought would have to be put into doing this, if it is not
done correctly it will be ad hoc or have to be redone multiple times to get it right. Having to
redo it might require all of the users to lose access while it is being redone. I think explaining
how to set up the file/directory permissions relating to the access capabilities of the
user/groups will also be interesting to learn. Finally the other reason that I chose this topic is
that it has the most words so I in my thinking if it took that long to describe the topic hopefully
there will be enough material to fill up a research paper.
My goal in doing the research is to gain an understanding on these topics and pass that
information on to anyone that is as clueless as I currently am on Linux. I will accomplish this by
separating the two topics into individual sections and then finally tying them all together to
show how they interrelate. By focusing on how to implement them in an enterprise
perspective I will be looking at scalability and ability to change without impacting a large
number of people. First I will focus on how to set up users and some considerations about how
the users should be defined in groups. For the file directories and permissions I will try to
7/29/2019 Linux Users, Groups and file_directory permissions.docx
2/9
10 October 2012 Configuration of users, groups and file/directory permissions
research and write about considerations and alternatives for setting up directories and
permissions in a server environment that supports peoplesHome directories.
In my paper I am assuming that I am building a server from scratch without any
knowledge on how to do so. The server purpose will be to be a repository for the companies
Home directories, where the employees will save most of their information that is either
work related or personal. From my research it appears that the first thing I should do is to set
up the users. The users in turn will set up directories based on the permissions I have given
them. Generally speaking I am thinking that the user groups should somewhat replicate the
organizational structure. I would be careful with some of the names of the organizations and
not be as concerned about them as I have known, through time, that organizations change their
names and therefore the structure of the directories will get dirty fairly quickly given this. I
would be hesitant to use the specific names but if I didnt do that in the beginning everyone will
wonder how to navigate to get to their specific data. Also, one of the critical pieces that I need
to focus on are the types of users to create useful group names and then I have to be sure to
only give those users and groups access to the directories that will be necessary for them to
perform their jobs and nothing more. There are several groups predefined in Linux but none
other than the user group named user really fit the business needs for any particular
business. The group naming structure really needs to be thought out so that it makes sense
and is consistent throughout the server environment. I am going to use my team as an
example of the types of groups I would create. I manage a team that is subdivided by
technology. My first thought is to create an overall group called IntOps for my management
7/29/2019 Linux Users, Groups and file_directory permissions.docx
3/9
10 October 2012 Configuration of users, groups and file/directory permissions
team and I to be located in. Next I would create groups based called Network, Distributed, and
Voice for each of the technology areas. I would also create a group called Private that would
house information that each team member might need but shouldnt be opened to the general
populace. The first thing that needs to be kept in mind is when a user is added to Linux the
default group that the user is added to using the same name as the user name, unless
otherwise specified ( Ippolito ). The first command below sets up a group name called network
and the second command creates a userid called Dave and places that userid in the Network
group as well as a supplemental group Private. (Them creates a home directory for Dave):
Groupadd Network
Useraddmg NetworkG Private Dave
According to the article below from Dartmouth.edu, Every user on a Unix system has a
unique username, and is a member of at least one group (the primary group for that user).
Every directory and file on the system has an owner, and also an associated group. It also
has a set of permission flags which specify separate read, write and execute permissions for the
'user' (owner), 'group', and 'other' (everyone else with an account on the computer) (Dartmouth)
Given the information above, once a user is added then that user can create a directory
structure that inherits that users attributes by using the mkdir command. The directory structure
will be created under whatever directory group the user is currently in. Assume for the example
below that there is already a group called IntOps and that the user Dave has write permissions for
that group. If I logged on as Dave and changed the directory to /IntOps, I could create a
directory called /by performing the $ mkdirNetwork command. This directory then inherits
7/29/2019 Linux Users, Groups and file_directory permissions.docx
4/9
10 October 2012 Configuration of users, groups and file/directory permissions
the group that I belong to, in this case Network. Anyone else in the Network group should be
able to access the directory with the same permissions as I have. Another useful command I saw
was using thep option on the mkdir command; that option will create a directory tree under the
parent directory that I am in. As an example, suppose I was in my /IntOps/Network directory
and wanted to create a nested directory called /class/cis206/notes/commands. Instead of creating
each directory individually, I could use the command $ mkdir p
/class/cis206/notes/commands and assuming that none of the directories all ready exist this
command will create them.
The next part of my research paper I am going to talk through basic file and directory
permissions and what each field means when looking at them. After executing a lsl command
the following output is shown:
Drwxr-x--- 2 Dave Network 12050 Oct 10 2012 /home/info
The information below provided the definitions for the fields in the line above.
Field 1: a set of ten permission flags.
Position Meaning
1 directory flag, 'd' if a directory, '-' if a normal file,
2,3,4
read, write, execute permission for User (Owner) of file = Dave can read, write and
execute out of this directory
5,6,7 read, write, execute permission for Group = group Network can read and execute
8,9,10 read, write, execute permission for Other = others can neither read, nor write, nor
7/29/2019 Linux Users, Groups and file_directory permissions.docx
5/9
10 October 2012 Configuration of users, groups and file/directory permissions
execute
Field 2: link count
Field 3: owner of the file = Dave
Field 4: associated group for the file = Network
Field 5: size in bytes = 12050
Field 6-8: date of last modification = Oct 10 2012
Field 9: name of file = /home/info
("Dartmouth.edu")
In order to build a server from scratch with user groups and directories matching it will
take a lot of time and studying to understand organizational structure or other logical grouping
of those users. The structure that I have attempted above tries to align the user group names
to the directory structure names so that it is easy for an administrator to debug an issue that
might be occurring. If I had a new user in Network that couldnt access a file in Voice and I
thought I had given them permission to do so, I could go to the /IntOps/Voice directory and
look to confirm that the user permissions were set correctly.
Where I work the security team wont allow people to use a workstation version of
Linux so starting this class everything was new to me. Having had no previous experience in
Linux this research project has done a lot for me in providing a basic understanding of how to
set up user/groups and how setting these up tie back to file and directory permissions. In the
beginning when I started the research I had lofty goals of understanding LDAP and setting up a
7/29/2019 Linux Users, Groups and file_directory permissions.docx
6/9
10 October 2012 Configuration of users, groups and file/directory permissions
pseudo active directory structure in Linux but the more I learned I figured out that Linux
natively has some advantages and disadvantages of trying to fit into a Windows permissions
structure. The specific scenario of setting up a new server with new users has to be one of the
easiest for a new person research and implement. As I continue to gain experience in Linux and
get more knowledgeable I am sure I will look back at this paper and realize how silly I was in
setting up the structure with people/groups/files/permissions but right now I think what I have
proposed has some merit. In conclusion this research exercise has been quite fruitful and
worth the extra effort to gain deeper knowledge in Linux administration.
7/29/2019 Linux Users, Groups and file_directory permissions.docx
7/9
10 October 2012 Configuration of users, groups and file/directory permissions
References:
Lngstedt, Nana. "Linux's Directory Structure." tuxtfiles.org. N.p., 22 2005. Web. 26 Oct 2012.
.
"Understanding File Permissions on Unix: A Brief Tutorial."Dartmouth.edu. Dartmouth
College. Web. 26 Oct 2012. .
Ippolito , Greg. "Managing Group Access." Yolinux.com Tutorial. N.p.. Web. 26 Oct 2012.
.
7/29/2019 Linux Users, Groups and file_directory permissions.docx
8/9
10 October 2012 Configuration of users, groups and file/directory permissions
Supplemental information:
The default directory structure for Linux is below:
/ = the root directory, this is the starting point in the directory structure
/boot = the directory that Linux uses to store what it needs to boot up
/etc = where the configuration files for Linux are stored
/bin = where Linux stores its binary files that the system needs to operate such as shell,
ls and grep
/usr = directory where user applications are stored, typically this is the largest directory
/home = directory for personal files
/root = super user root directory ( Lngstedt)
After doing some research on the subject it appears that it is necessary to run a product
called Samba on the file server. According to the Fedora Project, link below, Samba allows me
to share files to the Windows environment. I realize that that it is necessary to do this but in
reality most environments wont be exclusively Linux so it is wise to consider the broader user
base when setting up a file and/or print server. Samba comes with three Daemons that allow it
to communicate correctly with the Windows environment they are SMDB, RMDB and
WINBINDD. The last service allows Windows users to appear as Unix users. The Samba
distribution allows the Linux server to communicate using Microsoft proprietary proctocols
7/29/2019 Linux Users, Groups and file_directory permissions.docx
9/9
10 October 2012 Configuration of users, groups and file/directory permissions
including MS-RPC and Netbios. Once it is setup correctly simply do a net use command on
the client to attach (mount) the Linux systems files to the Windows client.