Access and Security
User accounts are used in the Linux world to provide users with access to the computer and to files that they should have access to. But even more importantly, accounts are used to keep out people who should not have access to the computer and the network. They keep valid users from interfering with each others usage of the computer and prevent others from accessing files that they should not. You generally would not want someone else to be able to delete or modify your files, for example, and the security features provided by logging in to different accounts prevents other users from doing anything to view or damage your files.
Protecting the network and the data stored on the network is based on the user accounts created by the Linux system administrator. A user cannot access any resources on a Linux system without logging on with an account ID and password. The administrator, root, creates an account for each authorized user and assigns an initial password.
File Permissions and Ownership
File permissions and file ownership are one aspect of security provided by Linux and they are related to user accounts. Each file and directory on a Linux system has an owner and a set of access permissions. Unless the ownership and permissions are set correctly, users cannot access their files.
It is important to understand a bit about file ownership and permissions in the context of user accounts and their ability to work with files. It is also important to understand some special permissions. The permissions settings of a file may also be known as the file mode.
There are three categories of permissions, each category providing (r)ead, (w)rite, and e(x)ecute access to the file. The permission categories are (u)ser, (g)roup, and (o)ther. The listing below shows several files and directories along with their ownership and permissions.
The first field contains the file type and its permissions. The “-” in the first column indicates that this is a regular file while a “d” indicates a directory. The following six characters are the file permissions.
Table 1: File type and file permissions by category of user.
In Figure 1, the (u)ser dboth owns the file bookmarks.html which is a file containing exported Firefox bookmarks. The permissions for the (u)ser are rw- which means that user dboth can read and write this file. The Group and Other permissions are empty which means that no one else can read or modify this file.
In general, group ownership of files means that you can share files with other users in the same group. If a file has a group ownership of author, for example, and Fred and David are both members of the author group and the file has permissions of rw-rw—-, both David and Fred can read and write (modify) the file.
The “other” category access permissions may allow other users — those that are not you and that are not members of the group that owns the file — can read but not write the file. The file Short.SIG has permissions rw-r–r– This allows other users to look at the file’s contents but not to change it.
Short.SIG is a data file rather than an executable program so there is no x permission set. An executable file might have the permissions rwxrwxr– so that the user and group can read, write and execute the file, but others can only view its contents.
If you are unable to read or to modify a file it is most likely due to the fact that the file’s permissions are restricting you from doing so. Check the file’s permissions, and if you think you should have access to the file, contact your system administrator to change them for you or to add your account to a group that does have the correct permissions for you to access the file.
There are several different file types. Of course most are regular files which can be anything from text files, word processing files, spreadsheets and so on. Regular files have no entry in the type column so show only the dash “-” in the listing.
Other types you are likely to encounter are directories which have a type of “d” in the type column, named pipes denoted with “p” and symbolic links which are denoted with an “l”.
By virtue of logging in using your account ID and password, you are granted access to read and write files that are located in your home directory because you are the owner of those files. You can create new files and directories in your home directory and modify them as you see fit.
Your account does not provide you enough rights to access other user’s home directories let alone view or modify the files located there. Your account does not have sufficient rights to alter any important system files, although you may be able to see them and view the contents of some of them.
There is a common practice to create account IDs using the first letter of your first name and your last name. Thus the person Jo User would have an ID of juser. Notice that it is also common practice for the ID to be all lower case. Case is important in Linux, so the ID JUser is not the same as juser.
Your Home Directory
Your home directory is where files that belong to you are stored. Another word for directory is folder.
When you create files in your home directory or in any of the subdirectories in your home directory, they are created with the appropriate ownership and permissions to allow you to read and write them. This should allow you to create new documents and spreadsheets and so on, and then to be able to modify them as needed and store them beck to the disk after they have been modified.
You can change the permissions of the files that you own using the chmod command.
Special Accounts – root
A Linux computer has many accounts even if no other human actually uses the computer on a regular basis. Most of those accounts are used by Linux when it performs particular functions. One of those accounts is that of root. The root account is present on all Linux computers and it allows the person logged in as root to read, change and delete any file on the computer regardless of who owns the files. The root account is restricted by file permissions, but root can change the permission of any file on the computer.
The root account can do anything and everything on a Linux computer. The only person who normally has the root password to a Linux computer is the system administrator.