9 – Permissions
see that the Ubuntu user belongs to a lot more groups. This has to do with the way
Ubuntu manages privileges for system devices and services.
So where does this information come from? Like so many things in Linux, from a couple
of text files. User accounts are defined in the /etc/passwd file and groups are defined
in the /etc/group file. When user accounts and groups are created, these files are
modified along with /etc/shadow which holds information about the user's password.
For each user account, the /etc/passwd file defines the user (login) name, uid, gid,
the account's real name, home directory, and login shell. If you examine the contents of
/etc/passwd and /etc/group, you will notice that besides the regular user ac-
counts, there are accounts for the superuser (uid 0) and various other system users.
In the next chapter, when we cover processes, you will see that some of these other
“users” are, in fact, quite busy.
While many Unix-like systems assign regular users to a common group such as “users”,
modern Linux practice is to create a unique, single-member group with the same name as
the user. This makes certain types of permission assignment easier.
Reading, Writing, And Executing
Access rights to files and directories are defined in terms of read access, write access, and
execution access. If we look at the output of the ls command, we can get some clue as to
how this is implemented:
[me@linuxbox ~]$ > foo.txt
[me@linuxbox ~]$ ls -l foo.txt
-rw-rw-r-- 1 me me 0 2008-03-06 14:52 foo.txt
The first ten characters of the listing are the file attributes. The first of these characters is
the file type. Here are the file types you are most likely to see (there are other, less com -
mon types too):
Table 9-1: File Types
Attribute File Type
-
A regular file.
d
A directory.
l
A symbolic link. Notice that with symbolic links, the remaining file
attributes are always “rwxrwxrwx” and are dummy values. The real
file attributes are those of the file the symbolic link points to.
90