Understanding Linux File Permissions and Ownerships

Image
From one of our previous articles "How to manage Linux Users and Groups" we discussed on how Linux becomes a multi-user OS, what is a user and a group with their configurations. By design, even though Linux allows multiple users can use the same computer in the same time without affecting others, Linux doesn't allow you to access or modify files belonging to other users. If Linux allows you to do it, that would be a security risk. But somehow they have implemented a security measure to mitigate that security risk. With that we can make sure only desired users and groups can access the relevant files and directories.

If we take a small demonstration. Here, we will log in as a normal user and try to access a root directory.


It gave a permission denied error when accessing. Why ? That's because /root directory is owned by user root. Only a privileged user can access or modify that.

So, Linux introduces two kind of factors which tells who can access or modify a file as w…

SUDO: What is it in Linux ?


Here, we are discussing about a very important topic in Linux. In a previous article about different types of users, we mentioned the name super users. In this article we are going in deep with super users topic in Linux. You will be learned each an every corner should be known.

Who is a super user in Linux ?

A privileged user who can gain root access for system administration.  Simply any user can be a superuser. But to gain that, root user should grant that user with superuser privileges. After becoming a superuser, it can switch to root immediately or can gain root power temporally for administrating the systems. All the commands needed for everything will be discussed below.

 Where do you need superuser access ?

  • Administrating packages
  • User administration
  • Accessing root owned files
  • Operating system level administration
Above mentioned are a few places where you need superuser access. When a normal user tries to do above, they will get "Permission denied" message. Why does this happens ? Why only a superuser can do it all ? That's because those are root's things. 

Guess we need to install Apache in our operating system. Package installation guide will be discussed later. yum install <package name> is the command used for installation. 

Install Apache in linux

We have tried installation in Cent OS. But if this was done in Ubuntu (another distribution of Linux), yum command is not working. you have different set of commands for working under Ubuntu.

Another example. Guess you need to add a user named "osanda". useradd <username> is used for that.

useradd command in Linux

See. For all administrating operations you need super user access. 

Understand superuser has a great power and with a considerable responsibility. To log into root account, you just need to type the command "su -" and give root password. Then you logged as root into the system. But, It is good for practice if you use superuser power with "sudo" command without logging as root directly. 

What is SUDO ? 

"sudo" stands for superuser do and it is a way to access root power without having root password. How do you use it ? Simply prefix sudo for any command and then it means you are running the command with super privileges.  
For the examples mentioned above can be done successfully with commands as below. 
sudo yum install httpd and sudo useradd osanda
Guess you need to reboot the system now, you can use sudo shutdown -r now

* Note that /etc/sudoers is the configuration file for sudo access. But for good practices, you should not change that configuration file. Because if you have done a mistake when changing, it will not be alerted to you. So you will save a configuration file with errors. 

* In order to do a change in sudo access you must use command "visudo" and to do changes. Here if you are doing something wrong, "visudo" will alert you about the mistake. Then you can correct it and save. 

How to configure SUDO access ?

There are several methods to grant users with sudo access. 
  • Add the user to wheel group ( with password or without password )
  • Add users separately in /etc/sudoers file ( use visudo for good practice )
  • Create a seperate file for the user inside of /etc/sudoers.d directory and grant access. 
We will discuss the above methods one by one. 

1 ) Add the user to wheel group

What is a group ? 

A group is a group of one or more users. Note that every user is in a group. Once a user is created, a group is also created default with the user's name.  You can check it with "id" command. id <user's name> will give someone else details. It will showed  the user's user id, group id, groups and more details. These things will be discussed in another article in the future. 

Likewise, wheel group is a administrating group. Someone in wheel group, he can gain sudo access. Now we will discuss how to do it. 

Before doing the below, please login into root account. Because still we are normal users. Until we become super users, need to switch to root. Use the command "su -" and give root password. You will log in with a # prompt. 

1.1 ) Run "visudo" command to check whether wheel group is activated. 

visudo in Linux

In the below of visudo page, you can find two lines with wheel word. In the first line, remove # and make it as %wheel as above. That allows users in wheel group can gain sudo access giving their passwords ( Note that you only need to give your password, not root password ). In the second line of wheel, it states that users in wheel group can gain sudo access without password. 

So, for now we will use with giving passwords. Do the change and save the file with ":wq" command. Now you have activated wheel group. 

1.2 ) Add the user to wheel group. 

usermod command in Linux

Above administrating users commands will be discussed later. For now follow as above mentioned. 

As you can see the above image, now we have added the user student to the wheel group. Let's check does it work. 

Get back to your account with su - student ( student is my username, you can use your username )
Try with sudo su command to gain root access. You should be able to login to root account. 

Now you are a super user. 

Very well. Now we discussed how to be a grant access with adding user to wheel group. 

2 ) Add users separately to the /etc/sudoers file with with their names

2.1 ) For this we will create another user and set a password as below.

useradd command in Linux

As student user is super user, it can add users. 

2.2 ) Add the user osanda to /etc/sudoers file ( use visudo for that )

* Before we granted student user to access sudo entering it's password. Now we will make user osanda to gain sudo access without password. 


Add the line osanda    ALL=(ALL)    NOPASSWD:  ALL  at the end of the visudo file. Save it. 
Now test user osanda for sudo access. 


As above, user osanda can go to root without giving password. This is the second way of granting sudo access. Now we will see the 3rd third. 

3 ) Add a file with user's name to /etc/sudoers.d directory

This seems like to the previous method. 

First we will create another user named "screwlinux" and gave a password. 

3.1 ) Go to directory /etc/sudoers.d and create a file with users name


And it's content should be as below.


Now check the new user for sudo access if  it works. 



Awesome. It also works. 

So, from this article we discussed what is SUDO ? For what do we use it ? How to configure it ? 
For more reference please refer man pages. man sudo,  sudo --help, info sudo. 

Other resources 

Cheers!.


Comments

Popular posts from this blog

Different types of users in linux

Understanding Linux File Permissions and Ownerships