Loading Loading Medway Makers>Knowledge

Users and Groups

To find out more about files and directories you can look at The File System now if you like.

Typing id tells me about myself on the system.

   tom@gold:~$ id

   uid=1000(tom) gid=1000(tom) groups=1000(tom), 4(adm), 108(lpadmin)

This tells me that user "tom" has a user id (uid) number of 1000 and that his primary group has a gid of 1000 also . Additionally to this is a list of the groups that tom belongs to. Each group has access rights to various things on the system and because Tom is a member of a particular group it gives him access rights to the things that are accessible to that group. Later we look at access in detail.

Another useful command is who. This tells you who is logged on and the processes running for that user, since when it was running, how long it was idle and what the process numbers are, (called Process IDs or PIDs;

   tom@gold:~$ who -uH

   tom :0 2016-03-10 19:45 1841 (:0)
   tom pts/1 2016-03-11 14:41 . 7419 (:0.0)

The Comment shows the name of the computer that has been logged on to. However because I was logging on to my own system I get (:0) meaning my desktop and (:0.0) meaning the terminal I am running on my desktop.

To find the current process working directory;

   tom@gold:~$ pwd


This is the starting directory for your terminal. Looking at the sub-page Files tells you more about what you can do from here.



In Linux systems file access is controlled as follows.

Access is defined by three permissions;

A set of permissions may be designated by a string such as r-- meaning read only or rw- meaning read and write or --x meaning execute only. These permissions can also be represented as octal and would be 4,6,1 consecutively. These are binary 100, 110 and 001.

Every file belongs to a user and a group and must have permissions set for;

In a Linux commands this is done with a string such as

When a person tries to access a file

Thus one could create a group called "jerks" and use it to deny some people access to a file that was accessible to anybody who was not a member of the group. Of course this is of limited value because it would require the file to belong to the group jerks! Also on most systems a user can remove themselves from a group.

Directory Access

Directories are controlled in the same way but;

Directories also have some other access controls;

By setting the "sticky bit" users can only delete their own files.

TODO what about rename?

set group id bit if set forces a files group to be the directories group.

Access Commands


Add Execute by User permission;

   chmod u+x <file descriptor>

Assign Read Write Execute permission to User, Read Execute permission to Group, Execute permission to Others;

   chmod 751 <file descriptor>
   chmod u=rwx,g=rx,o=x <file descriptor>

Assign Read only permission to file for All that means User Group and Others;

   chmod =r <file descriptor>
   chmod a-wx,a+r <file descriptor>
   chmod 444 <file descriptor>


Change the owner of file or files to "root";

   chown root <file descriptor>

Likewise, but also change its group to "staff";

   chown root:staff <file descriptor>

Change the owner of file or files and subfiles to "root";

   chown -hR root <file descriptor>


Change the group of file or files to "staff";

   chgrp staff <file descriptor>

Change the group of file or files and subfiles to "staff";

   chgrp -hR staff <file descriptor>

© Tom de Havas 2011. The information under this section is my own work it may be reproduced without modification but must include this notice.

Users and Groups

Every user;



Information on users is stored in the file;


Groups are defined in the in the file;


It contains a list of the users that are members of each group.

When you create a file it will be assigned to your primary group. To assign it to another group you must either;

When you switch the system on if it goes directly to the command prompt then it displays a message which it gets from the file


You can display information for your account with the id command.

The following commands are not simple and need to be looked at before use;