Linux user, groups and permissions
Show all groups
cat /etc/group
#List group names
cut -d: -f1 /etc/group
List users in a specified group
getent group www-data
www-data:x:1002:user1,user2,user3
#Get a nice comma separated list of users
grep ^www-data: /etc/group | cut -d: -f4
user1,user2,user3
Create a group
sudo groupadd admins
Add user to group
sudo usermod -aG admins user1
Check what groups a user belongs to
groups user1
Set group ownership to a folder
sudo chown -R :admins /some/path
Set setgid on folder
Make sure all files and folders created in this folder inherit the group from the parent folder
sudo chmod g+s /some/path
Use sticky bit on folder
Make sure no other user than the owner to remove or modify a file.
sudo chmod +t /some/path
Set permissions to the folder
sudo chmod -R 2775 /some/path
2 sets the setgid bit so that new files inherit the group.
7 gives the owner full rights (read, write, execute).
7 gives the group full rights (read, write, execute).
5 gives other read and execute rights.
Set special permission to certain file types
sudo chmod 777 /some/path/*.sh
List ACL (Access Control List)
getfacl -R /some/path
Result:
# file: some/path
# owner: nobody
# group: admins
# flags: -s-
user::rwx
group::rwx
other::r-x
# file: some/path/file.sh
# owner: root
# group: admins
user::rwx
group::rwx
other::rwx
Set default ACL
Note the group 'admins' on the group setting.
sudo setfacl -R -m d:u::rwx /some/path
sudo setfacl -R -m d:g:admins:rwx /some/path
sudo setfacl -R -m d:o::rx /some/path
Check:
getfacl /some/path
Result:
getfacl: Removing leading '/' from absolute path names
# file: some/path
# owner: root
# group: admins
# flags: -s-
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:admins:rwx
default:mask::rwx
default:other::r-x
Remove a user from a group
sudo gpasswd -d user1 admins
Run source on behalf on another user as root/sudo user
sudo -u user1 bash -c 'source ~/.bashrc'
Knowledge keywords: