Linux user, groups and permissions

Show all groups

cat /etc/group

#List group names
cut -d: -f1 /etc/group

List users in a specified group

getent group www-data
www-data:x:1002:user1,user2,user3

#Get a nice comma separated list of users
grep ^www-data: /etc/group | cut -d: -f4
user1,user2,user3

Create a group

sudo groupadd admins

Add user to group

sudo usermod -aG admins user1

Check what groups a user belongs to

groups user1

Set group ownership to a folder

sudo chown -R :admins /some/path

Set setgid on folder

Make sure all files and folders created in this folder inherit the group from the parent folder

sudo chmod g+s /some/path

Use sticky bit on folder

Make sure no other user than the owner to remove or modify a file.

sudo chmod +t /some/path

Set permissions to the folder

sudo chmod -R 2775 /some/path

2 sets the setgid bit so that new files inherit the group.
7 gives the owner full rights (read, write, execute).
7 gives the group full rights (read, write, execute).
5 gives other read and execute rights.

Set special permission to certain file types

sudo chmod 777 /some/path/*.sh

List ACL (Access Control List)

getfacl -R /some/path

Result:
# file: some/path
# owner: nobody
# group: admins
# flags: -s-
user::rwx
group::rwx
other::r-x

# file: some/path/file.sh
# owner: root
# group: admins
user::rwx
group::rwx
other::rwx

Set default ACL

Note the group 'admins' on the group setting.

sudo setfacl -R -m d:u::rwx /some/path
sudo setfacl -R -m d:g:admins:rwx /some/path
sudo setfacl -R -m d:o::rx /some/path

Check:
getfacl /some/path
Result:
getfacl: Removing leading '/' from absolute path names
# file: some/path
# owner: root
# group: admins
# flags: -s-
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:admins:rwx
default:mask::rwx
default:other::r-x


Remove a user from a group

sudo gpasswd -d user1 admins


Run source on behalf on another user as root/sudo user

sudo -u user1 bash -c 'source ~/.bashrc'
Knowledge keywords: