Linux show user rights

Last updated on: 2019-03-07

Authored by: Jered Heeschen

This article explains how to use the ls command to check Linux® file permissions. Being able to check the permissions on a file is useful, especially for troubleshooting. You can ensure that a user can read a particular file, for example, or examine a directory structure to ensure that users can follow the hierarchy to the files that they need.

For a more in depth discussion on Linux file permissions, see Linux file permission concepts.

ls command

Use the ls command (the first letter is a lowercase L) to see what files are in a directory. When run by itself, ls returns a list of the current working directory. You can also specify a directory to list. The following example shows a list of the first few files in the /etc directory on a Gentoo system.

The -h option changes the way file sizes are displayed. When you use the -h option, files sizes are displayed in the human-readable format of kilobytes, megabytes, and so on, rather than in raw bytes. Other linux tools such as df also support this flag. The command df -h shows current disk usage in a easier to read format.

To display hidden files (files with names that start with a period), use the -a option. For example, if you use only ls to look at the root home directory on a clean Linux installation, no files are returned:

However, if you add the -a option, the ls command returns a list of files:

Files that start with a period are often system files and application settings files, and you usually don’t want them included in directory lists. But it’s important to know that they’re there and how to see them. The .bashrc file is especially useful to know about because it contains user environment settings that you can change.

If you combine the -a option with the -l option (see the next section) into -la , you get all the details of the hidden files:

Consider the single period and double period in both directory lists:

The single period (.) refers to the directory itself. This is convenient if you want it to run a command and reference your current directory (for example, when you want to copy a file there).

The double period (..) refers to the parent directory. If you type cd .. the directory changes to the one above the one you’re in, in the file system hierarchy. For example, if your current directory is /root , typing cd .. would take you to / , the very top of the hierarchy.

To get more information about the files in a directory, use the -l option with ls, as shown in the following example.

The file names are on the far right side of each line, and the file details precede the names. The necessary details to check file permissions are (1) the series of letters and dashes on the far left of each line, and (2) the two columns that have root in them (in the preceding example). The rest of this article explains how to interpret and use these details.

Permission details

This section explains the series of letters and dashes that define the file permissions.

The first character: file type

In the preceding examples, the first character in each list was either a dash (-) or the letter d .

A dash (-) indicates that the file is a regular file.

The letter d indicates that the file is a directory, which is basically a special kind of file.

A special file type that you might see is a symlink, sometimes called a soft link. It begins with a lowercase L , as shown in the following example:

A symlink is a pointer to another location in the file system.

Permissions abbreviations

Permissions for files are represented by the following letters.

r refers to the read permission.
w refers to the write permission.
x refers to the execute permission.

The permissions characters

Consider the following example:

The first trio of letters after the file type in a file list ( rwx ) shows the permissions for the user , or file owner.

The next trio of characters (also rwx ) shows the permissions for the group category.

The last trio of characters ( r-x ) shows the permissions for the final category, other . In this example, users who are neither the file owner nor in the group have read and execute permissions but not write, as indicated by the dash (-) in the middle position.

Notice the specific order to the permissions in a trio: read, write, execute. A dash in place of a letter for a permission means that category doesn’t have that permission.

The first number

The number listed after the permissions indicates the link count of a file or the number of contained directory entries, for a directory. This number is not relevant for permissions.

Owner and group

After the number of links, two names are listed. In the preceding example, the names are root and mail .

The first name indicates the owner of the file. The user permissions apply to the owner of the file, so in this case, the user ‘root’ has read, write, and execute permissions for this directory.

The second name is the file’s group. The group permissions apply to any user in the same group as the file, so in this case, those permissions apply to anyone in the mail group.

The rest

The remainder of the file details are the size of the file, the date and time that the file was created or last modified, and the file name.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

Источник

Unix or Linux commands for changing user rights

Recently I received the question via email — “…How do I change user rights under UNIX? I am using Red Hat Enterprise Linux and my background includes Windows network…”

This is one of the fundamental questions asked by new Linux system administrators. As many of you may already know, both Linux and Windows are multi-user and control access to resources is based upon user id or usernames. Further users grouped into groups for ease of management and security.

However, Linux (and UNIX) stores and process user database in different format.

The root user

The root user is the super user.
The root user can control entire Linux system including files, process, applications etc. The root user has full access to system.
You should not use root for day-to-day tasks as root has full system access.
Never ever, give root password to anyone.

User database

User database is stored in /etc/passwd file
User passwords and password expiry information stored in /etc/shadow file

Group database

User group information is stored in /etc/group file

UNIX/Linux User rights

There are two types of user rights (traditional):

File level user rights or permissions granted using chmod and chown command
Administrative (root) level rights granted using sudo.

If you type the following command:

YouÃ¢â‚¬â„¢ll see something like the following:

Look at 3rd, 4th and last columns.

vivek is username or the owner of the file (userid)
webusers is group name, so all users in webusers can access file working-nixcraft.txt
working-nixcraft.txt is the file name.

As the root user you can change or setup user file related rights/permission using chmod and chown command.

Task: change file owner and group

Consider following example:

Change files ownership to tony user:

# chown tony foo.txt
# ls -l foo.txt

Change foo.txt group to ftpusers:

# chown tony:ftpusers foo.txt
# ls -l foo.txt

You can also operate on files and directories recursively using -R option. For example setup /var/www/html ownership to user lighttpd including subdirectories:

No ads and tracking
In-depth guides for developers and sysadmins at Opensourceflare✨
Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

# chown -R lighttpd /var/www/html

Task: change files access rights/permissions

You need to use chmod command. Please refer the old article – how Linux file permissions work.

Task: Grant administrative rights to a normal user

You need to use sudo tool. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers configuration file. Please refer previous article for more information.

A note for Ubuntu Linux users

You can use chmod and chown command to setup user rights. Make sure you prefix all commands with word (command) sudo:

$ sudo chown tony:ftpusers foo.txt

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

This stuff is good for noobs. I wish I had read something like earlier

I’d like to know if there is a quick way to Decrease a user’s rights.
I have a user called user3 but I dont want him to be able to edit or change files under /etc or other system files.
In other words I would like to change rights on the user instead of files/folders.
Is it possible?

Thank You in advance!

i have a user user1 to which i want to give Full admin right like root

I would still like to know what rights I need (not root) to:

* monitor the syslog (via remote ssh ability)
* monitor the disks (via remote ssh ability)
* monitor the ProcessUtilization (via remote ssh ability)

very clear, tnkx!

I have a problem…I accidentally typed in ‘chown -R root:www-data *’. I now have 403 Forbidden Errors. How can I redo this?

I have created user using useradd command. But the created user is not having the full rights. What is the solution for that?

is there something like ” sudo chown vinny * “, cos everytime i go to edit a file, i have to chmod it first

When you do “sudo chown vinny”, you’re giving rights to that user based on your chmod settings for user. So even thought you specify “vinny” as being the owner, you must still specify the “user” permissions.

chmod -R /directory/somefolder u+rwx i believe this is the correct syntax for changing the “user” to allow read write and execution of all files in somefolder, that “user” being “vinny”.

How do I set user rights for a local linux user to rwx on a CIFS mounted windows share.
All I see is root with full rights. but my other user has no rights.
Please advice.

hows the normal user change our password

passwd “username”
*then the system prompts you for the current password and then the new password

Источник

How to Know if a User has Sudo Rights

Wondering if you have sudo rights on your system? It’s easy to verify. Just run any command with sudo. If you don’t have sudo rights, you should see it in the output:

That’s cool! But what about checking if any other user has got sudo rights? You can totally do that. Let me show you how.

How to test whether a user has sudo privileges or not

There are a few ways to check if a Linux user can use sudo or not. Here are a couple of them.

Method 1: Check if user is sudoer with the sudo command

The sudo command itself gives you an option to check if a user can run commands with sudo or not. In fact, it tells you what commands a certain user can run with sudo.

To check the sudo access for a user, run the following command:

If the user can run a few or all commands with sudo, you should see an output like this:

As you can see, the user abhi can run all commands with sudo access. If the user doesn’t have sudo rights, you should see an output like this:

If you want to check whether or not you have sudoer rights and which commands you can run with sudo, you can use the same command, just don’t provide the user name.

This command also shows what commands are forbidden for you to run with sudo. Yes, that’s right. You can configure what commands can be run with sudo and what cannot. This is useful in an environment where the dev team needs to run only a certain applications with sudo. Limiting their use of sudo to these applications only will help the system from unwarranted misuse of the sudo rights by the hands of the developers.

Method 2: Check if user is part of the sudo group

Another way to find out if a user has sudo access is by checking if the said user is member of the sudo group.

There are several ways to check the groups of a user in Linux. The easiest and my favorite way is to use the groups command like this:

If you see the group ‘sudo’ in the output, the user is a member of the sudo group and it should have sudo access.

Bonus Tip: How to find all sudo users in your system

Okay, so you learned to check if a user has sudo access or not. How about listing all the sudoers in your Linux systems?

This is simple if you have followed the article so far. All you need to do is to list the members of the sudo group.

In Linux, there are multiple ways to achieve the same result. Unsurprisingly, you have multiple ways to list the members of a group in Linux.

To list all sudo users of your system, list the members of the sudo group in the following manner:

And this would list all the sudoers:

That’s it. I hope now you know how to find if you have sudo rights or if other users has sudoer rights.

If you have some other cool tip on this topic, please leave a comment below.

Источник

Linux show user rights