Pages

Sunday, December 9, 2012

Linux group and permission and owner

Linux group and permission and owner:
View all group:
    getent group
    getent group | grep apache (apache is a group name and searching)
    getent group 92 (get group details by group id 92)
    groupadd -g200 deploy ( add a group id=200 and name=deploy)
View all user details:
    useradd pritom ( add a user, name=pritom)
    passwd pritom (set user password)
    getent passwd
    getent passwd | grep root (root is a user name and searching)
    getent passwd 91 (get user details by user id 91)
    usermod -G deploy apache ( add existing user to existing group, group=deploy, user=apache)
    useradd -G deploy pritom3 ( add user=pritom3 to group deploy on creating)


Change file owner:
chown -Rv root:deploy  /skel
chown -Rv root  /skel

root=user
deploy=group
skel=folder
-R=recursive
-v option, chown will list what it did (or didn't do) to the file.

chgrp - change the group ownership of a file
chgrp usergroup somefile
chgrp -Rv usergroup somedir

chmod - modify file access rights
su - temporarily become the superuser
chown - change file ownership
chgrp - change a file's group ownership

chmod 600 some_file
777 (rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting.

755 (rwxr-xr-x) The file's owner may read, write, and execute the file.
All others may read and execute the file. This setting is common for programs that are used by all users.

700 (rwx------) The file's owner may read, write, and execute the file.
Nobody else has any rights. This setting is useful for programs that only the owner may use
and must be kept private from others.

666 (rw-rw-rw-) All users may read and write the file.

644 (rw-r--r--) The owner may read and write a file, while all others may only read the file.
A common setting for data files that everybody may read, but only the owner may change.

600 (rw-------) The owner may read and write a file. All others have no rights.
A common setting for data files that the owner wants to keep private.


Directory permissions:
777 (rwxrwxrwx) No restrictions on permissions. Anybody may list files,
create new files in the directory and delete files in the directory. Generally not a good setting.


755 (rwxr-xr-x) The directory owner has full access. All others may list the directory,
but cannot create files nor delete them. This setting is common for directories that
you wish to share with other users.

700 (rwx------) The directory owner has full access. Nobody else has any rights.
This setting is useful for directories that only the owner may use and must
be kept private from others.


Becoming the superuser for a short while
[me@linuxbox me]$ su
Password:
[root@linuxbox me]#


Changing file ownership:
[me@linuxbox me]$ su
Password:
[root@linuxbox me]# chown you some_file
[root@linuxbox me]# exit
[me@linuxbox me]$

Changing group ownership:
[me@linuxbox me]$ chgrp new_group some_file

Edit /etc/sudoers by command
    visudo
    or
    vim /etc/sudoers
Allow apache to run various commands:
apache ALL=/usr/bin/wat_deploy, /usr/bin/wat_destroy

Allow user apache to run commands without any password i.e. as root without authenticating himself:
apache ALL= NOPASSWD: /usr/bin/wat_deploy, /usr/bin/wat_destroy

Run the command:
$ sudo /usr/bin/wat_deploy

No comments:

Post a Comment