Usr and groups in Ubuntu

Pardon the pun, here’s the article:

Ubuntu Linux uses groups to help you manage users, set permissions on those users, and even monitor how much time they are spending in front of the PC. Here’s a beginner’s guide to how it all works.

Users and Groups

Ubuntu is set up for a single person to use when you installed it in your system, but if more than one person will use the computer, it is best for each person to have their own user account. This way each person can have separate settings and documents, and files can be protected from being viewed by the other users on the same PC.

Normally Linux computers have two user accounts—your own user account, and the root account, which is the super user that can access everything on the PC, make system changes, and administer other users. Ubuntu works a little differently, though—you can’t login directly as root by default, and you use the sudo command to switch to root-level access when you need to make a change.

Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the Terminal to to view and edit the groups and users in your system:

sudo vigr /etc/groups

Creating User Accounts

To create a new user, you can head to System –> Administration -> User and Groups, and click the “Add” button to add a new user.

alt

Give the appropriate name that identifies the other user and tick the “encrypt” checkbox to secure their home folder.

alt

Click the “Advanced Settings” button to configure the user’s privileges.

alt

The user management module lists Anna’s privileges under the “User Privileges” tab.

alt

We recommend that you remove the “Administer System” privilege from other user accounts. This is to make sure that other users cannot easily change critical system settings that may jeopardize your Linux box.

Linux File and Folder Permissions

Each file in Linux has a set of user and group permissions, and you can use the ls -l command to show the full set of permissions and attributes from the terminal.

alt

Reading from left to right, each item in the list means:

<permissions> 1 <file owner> <file group> <file size> <file date> <file name>

For instance, in the example showing a file named anki, the permissions are rwxr-xr-x, the file is owned by the root user and belongs to the root group, and it’s 159 bytes.

The permission flag has four components, the first character being the flag, usually used to indicate whether it’s a directory or a file—a directory would show a “d” and a regular file will show a “-“. The next 9 characters are broken up into sets of 3 characters, which indicate user, group, and everyone permissions.

<flag><user permissions><group permissions><everyone permissions>

In this particular example, we’ve got rwxr-xr-x, which can be broken up like this:

<flag><user permissions = rwx><group permissions = r-x><everyone permissions = r-x>

The permissions correspond to the following values:

  • r = read permission
  • w = write permission
  • x = execute permission

This means that for the file in question, everybody has read and execute permissions, but only root has access to write to the file.

Changing Group Ownership of Files and Directories

Anna is a 7th grader and her brother Peter just enrolled in a programming course in a university. Anna will be more interested to use the educational software for her mathematics or geography homework, compared to Peter who is more interested to use software development tools.

We can configure Anna’s and Peter’s access to these applications by assigning them to the appropriate groups from the “Manage Groups” module.

alt

Let’s create two user groups, a K-12 student group, a University student group, and assign the appropriate user accounts to each group.

alt

We should give the K-12 students the privileges to run the educational software.

alt

Linux stores most of the executables under /usr/bin, for example, Linux stores Anki under /usr/bin/anki. If you’re not sure where a file is located, the which command is a convenient way to find out the location from the terminal:

which anki

Let’s assign Anki and Kig to the k12 group using the chown command, which uses the following format:

sudo chown :[group name] [files list]

alt

You can also revoke the read and execute access from other user groups using the chmodcommand.

sudo chown :[group name] [files list]

alt

This command gives the member of K12 group access to Anki and Kig. We should restrict the access rights of the university group from Anki and Kig by removing the read and execute permission from the “Other” groups. The format of the command is:

chmod [ugoa][+-=][rwxXst] fileORdirectoryName

alt

The first command that we executed in the command line removes the read (r) and execute (x) privilege from the “Other” group. The “O” option indicates that we are modifying the access right of the Other group. The ‘-’ option means that we want to remove certain filepermissions specified in the parameters that follow the ‘-’ option. The man page of chmod gives a detailed explanation of these options.

man chmod

Monitoring Computer Usage

Timekpr allows us to set give each user a limited amount of computing time, and you’ll need to add the following PPA to your software sources so that you can install Timekpr from the Ubuntu Software Center.

deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main

Ubuntu Software Center is the easiest way to install Timekpr—just use the search box and it should come right up.

alt

Timekpr allows us to limit the computer usage time by a certain time frame on each day of the month. For example, we can specify the computer time usage for 300 minutes on Sunday and 60 minutes on Monday.

alt

Timekpr will appear on the user’s task bar and lock the desktop when the computing time of the user is up.

alt

 

Originally posted on How to Geek. http://www.howtogeek.com/howto/36845/the-beginners-guide-to-managing-users-and-groups-in-linux/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s