Users, Files, Permissions, and warnings about Root

The Linux kernel follows several conventions that were built into the older Unix operating systems. Some of these conventions are similar, and some quite different from the newer "personal computer" operating systems such as Apple's MacOS and Microsoft's MS-DOS and Windows. To be proficient in Linux, these concepts are critical.

While far from complete, these four summaries will help a newcomer get oriented in Linux, and perhaps without risking the stability and security of the system through mistakes and sloppy configurations. Nobody is proficient on their first few experiments, and everyone makes mistakes.

The Filesystem

The Linux kernel creates a single hierarchical resource system. This system employs files, and containers called directories. The idea of files is pretty common to other operating systems, while the idea of directories is often represented as "folders" on graphical systems.

Every file is located in a specific directory. Every directory is also located inside another specific directory. This creates a hierarchy or tree of directories, each one nested in others.

The image here shows one way that this hierarchy is often displayed graphically. One line is highlighted in the picture. This speare directory is located inside the home directory, which is located in the topmost (or root) directory labeled with a slash (/). The indentation helps to describe this nesting behavior of directories in a visual way.

In a text notation, this would also be described as the /home/speare directory. Each nested directory name is included, with slash (/) marks between their names, to describe every directory's position in the whole tree. The topmost (or root) directory has no name at all, just the slash mark.

Even if Linux is aware of more than one hard drive, every file that can be reached by Linux is addressed in this same single tree of files. The way this is done is by mounting the file structures of each device into specific places in the single tree. For example, if a floppy disk is mounted, its files may be found inside the /mnt/floppy directory of the filesystem. When the disk is unmounted, the /mnt/floppy directory will appear empty when examined. This may be a little different for users who are accustomed to "A:" and "C:" device distinctions, but the single tree scheme has its advantages.

There are some files that exist in the Linux tree which have very special purposes. In fact, some are not even "files" in the proper sense of the word, but refer to other resources that the kernel makes available. For example, the entries in /dev each refer to the possible devices that the kernel could access. Those things in the /proc directory refer to the actual processes being managed by the kernel itself.

There are two special entries in every directory called . and .. which act differently. The one-dot entry (.) refers to the same directory that it is in. The two-dot entry (..) refers to the containing directory (also known as the parent directory). Without examining all of their benefits here, it is sufficient to say that these are useful in describing a given directory without starting from the root (/) all the time.

Programs and commands are files, too. Some are installed in the /bin, others in the /sbin, /usr/bin, /usr/sbin, /usr/local/bin, or /usr/local/sbin. The various commands are installed in different locations to group them together, based on whether they are for system maintenance, or for general use. Some programs may even install other files in other locations for security or organizational reasons.

Finding programs is not as hard as it may sound. Whenever the user invokes a command in Linux, the system searches a path, or a known set of locations, in a predefined order. For example, entering the command sendmail would automatically start a search, and eventually find a file by that name in one of the directories named in the PATH variable. The user doesn't need to know in which location it is found, just that it is available on the path. This path variable may be configured for other locations as well, though most users don't need to adjust it.

The locations of some features may be somewhat different from one distribution of Linux to another. Many distributions are now following a general standard calld FHS, the Filesystem Hierarchy Standard. However, not all of the files are standardized yet, and not all of the distributions comply with that standard.

Users and Groups

While industrial computer operating systems have long supported the idea that a single computer is used by many people, this is a relatively new idea to the modern personal computer environments including Apple MacOS and Microsoft Windows. These systems now allow a user to approach the computer and "log in" to their very own preferred settings, such as coloring and favorite fonts.

Linux, having its roots in the older AT&T Unix technologies, has a well-developed multi-user approach built in from the ground up. A single computer can easily support a virtually endless list of authorized users, and the operating system thoroughly tracks and compartmentalizes the capabilities, configurations and resources available to each unique user. Also, groups of users can be organized to share access to various files or other resources.

In Linux, every user is represented by a single "user identifier", which is essentially a number. Associated with that number is a unique "user name", which is usually a short abbreviation or nickname to identify that user on the computer. These user facts (and others) are usually defined in a file called /etc/passwd. A few lines from a typical passwd are shown below.

/etc/passwd (excerpted) root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin speare:x:500:500:Ed Halley:/home/speare:/bin/bash athena:x:501:501:Regs Halley:/home/athena:/bin/bash

Each line represents a separate user on the computer. Some users are for administrative purposes only, while others are intended for regular people to use the system. For example, this machine has only two regular users, speare and athena, while the rest are for specific system oriented processes or maintenance tasks.

Each line is broken up into a number of fields, and the colons (:) separate those fields. The first field is the unique username for the user; this file has users root, bin, daemon, ftp, nobody, speare and athena. The two numeric fields define the user's identifier and their main group's identifier; speare is user 500 and athena is user 501, and they each have their own matching group numbers. The user's "home" directory name and preferred command shell environment are also included; this file shows that root, speare and athena use the /bin/bash Bourne Again SHell environment, while all of the other users have no interactive login environment available to them.

The /etc/group file similarly describes the actual groups of users known to the system. Each user belongs primarily to a single group, but may actually be able to access the resources of several groups, thanks to the configuration specified in the group file. Each line in the file represents a group, offering a unique group name, a unique group number, and a list of user names that can share any group-related resources.

Every single file and directory on a Linux computer is "owned" by a single user known to that computer. Also, every file and directory is considered a resource available to a single group known to the computer. The current owner of a file can assign the ownership to some other user with the chown command.

As mentioned in the /etc/passwd file, every user may potentially have their very own home directory. This is often written as a tilde mark (~), or a tilde and a user's name (~athena). When the tilde notation is used, most programs and environments will automatically look up that user's actual home directory equivalent in the passwd file. For example, if the user above named athena were to type the command (cd ~/artwork), this would change her current directory to the /home/athena/artwork directory.

Some helpful manual pages on your Linux system may be (man 5 passwd), (man 5 group), (man cd), (man chown), and (man chgrp).

Permissions and Privileges

As mentioned earlier, every single file and directory in the Linux filesystem is owned by exactly one user, and exactly one group. Also associated with every file is a set of permissions mode flags. These two features work in tandem and lie at the heart of the security model upon which Linux is built.

By comparing the ownership of a file with the permissions mode of the file, the Linux system can block all unwarranted attempts to access or alter the file contents, while also being able to authorize its use and access by the appropriate users.

The system can show the permissions for any file in a fairly compact way. Decyphering this mode notation may seem confusing at first but comes with practice. Here is an example file listing in the home directory of user speare:

$ ls -l ~speare total 56 drwxrwxr-x 2 speare speare 4096 Jan 6 20:43 bin drwxrwxr-x 2 speare speare 4096 Jan 12 23:37 burn drwx------ 6 speare speare 4096 Jan 22 18:02 evolution -rw-rw-r-- 1 speare speare 1108 Nov 17 16:02 pen.txt -rw------- 1 speare speare 6608 Feb 30 10:52 diary.txt lrwxrwxrwx 1 speare speare 3 Jan 6 20:40 archives -> /mnt/archives

Each line describes another file or directory inside the ~speare (or /home/speare) directory.

Along the right edge, the file names are visible: bin, burn, evolution, pen.txt, diary.txt, and archives.

In the middle, two columns describe the user that owns the files, and the group that is authorized for the files: all of these files belong to speare, which is common for files in a home directory.

Along the left edge of the listing are the ten characters that summarize the system's recorded permissions for each file. These ten characters, such as -rw-rw-r-- may seem like gibberish nonsense at first.

The first character describes the file entry type. The most common types are the letter 'd' for directories and a dash (-) for regular files; you can see that bin, burn, and evolution are directories, while pen.txt and diary.txt are just plain files. The last type shown is less common; an 'l' indicates that archive is just a link to some other file or directory elsewhere. Other types are even more rare in practice.

The rest of the characters in the permissions mode notation are divided in three groups of three. They all either show a letter, such as 'r', 'w', or 'x' to indicate you can, or they show a dash ('-') to indicate you cannot. The letters 'r' stand for the ability to read from the file. The letters 'w' stand for the ability to write to the file. The letters 'x' stand for the ability to have the computer execute the contents of a file or or execute a search on the contents of a directory. There are three such triplets. The first triplet refers to the permissions afforded to the file's owning user, the second group of three refers to the permissions afforded to the file's group, and the last refers to the permissions granted to all other users on the system.

From this example, the system can enforce a few privacy and security facts. Review the listing above, and note specifically,

• bin is a directory that can be searched by anyone, but can only be modified by those in the speare group, or by the user speare himself.
• evolution is more strict; it is a directory that can only be used by the user speare himself, and all other accesses by group-mates and any other users are forbidden. (Since evolution is an email application, this is probably the storage area for private emails, a good thing to protect.)
• While anyone can read pen.txt, and group-mates can also write it, nobody can read or write into speare's diary.txt but himself.

Permissions are principally adjusted through the use of the chmod command. Generally, the owning user can change all of the permission modes; and users in the group can change the group modes. This command is also something that can take time to get used to. For example, typing the command (chmod ug+x pen.txt) would add (+) additional execution (x) permissions for the owning user (u) and group (g) to the file pen.txt.

Every file and every directory in Linux has this same scheme of permission modes and ownership information. Even the devices and the process information are published by the kernel with a complete set of privilege-management information. Careful attention to these modes will help keep a Linux installation secure from unwarranted access, and unintended damage.

Some helpful manual pages on your Linux system may be (man ls), (man chown), (man chgrp), and (man chmod).

Some helpful google searches may be linux file permissions, and linux security privacy tips.

The Root, or Super User

After having built up the expectations for a fine-grained, secure, and auditable permissions system in the previous section, it is now time to discuss the Achilles' Heel of Linux and other Unix-oriented operating systems. The political saying goes, "Power corrupts. Absolute Power corrupts absolutely." There is an absolute power in Unix-style operating systems including Linux, and that power comes with the ability to make some pretty drastic system corruptions.

On every Linux machine there is one user that wields this absolute power. It is called the "super user." Usually its name is root, though changing its name won't lessen its power. Whomever can log in as the root user can do anything which that computer is capable of doing, even if logged in over the network from across the globe.

The danger is not just in your own computer, either; your root user could end up putting other computers at risk also. Linux is a network-capable system. It's able to open up new net connections to just about any other machine on the Internet. It's able to transmit information at the maximum speed of the computer and network cable that is connected. If someone were able to get access to your root user's capabilities, usually through their knowledge of a bug in the software you run, then your computer could be used to cause network outages or further illegal system-cracking behaviors. And the digital evidence may even appear to implicate you.

Where does this power come from? The short answer is explained on the heels of the previous section: unlike all other users, the Linux kernel allows the root user to read, write, delete, copy, modify, or execute just about anything. The kernel ignores all the privilege and permission modes for files and devices, and the kernel grants access to any capability, when the kernel is dealing with a process or a login owned by your root user account.

Enough doom-saying for now. The root user is a necessary component in Linux, if perhaps somewhat over-capable. Whenever a Linux setup is made, the first user configured is the root user, who is ostensibly the person who will have ultimate authority and responsibility for the computer. If something goes drastically wrong, the person with root access is probably going to be the person to fix it.

Many system administration tasks, such as installing new software and configuring hardware devices for use, require the abilities of the super user. The super user root can adjust all the various permissions at once, which is very convenient for install scripts and administrators to employ efficient system upgrades or other household chores.

If a regular user accidentally turns off their own access permissions to one of their files, they would be entirely helpless without some higher authority that could re-adjust them back to normal.

Lastly, there needs to be some kind of authorized user which is able to create and delete the regular user accounts when users come and go. Without the super user root, there is no way to administer the access privileges for a new user, or to prevent arbitrary people from creating new accounts at any time.

However, it is vital to remember that all this beneficial power also comes with the most dire risk of catastrophe. The kernel will protect a regular user from the average data-destroying mistake, but cannot protect the system from mistakes caused while logged in as root.

Thankfully, Linux has a few tools to help with this situation. The su command allows you to switch users for a few moments without shutting down everything you're already doing as a regular user. The Ctrl+Alt+F1 through Ctrl+Alt+F6 "virtual terminals" offer another way of segregating the administrative tasks from the daily activities you may want to perform. And the sudo command allows you to decide which users can also perform some system-administration tasks without having to constantly provide the root account password.

For these reasons, and more, here's a very specific recommendation for anyone who sets up and uses a Linux computer:

Set up a regular user account for everyday use. Use the root account only for system administration tasks. Use your regular user account for everything else.

When you're eager to try new stuff, or when you think you know all there is to every command in Linux, it's easy to just log into the root account to do everything, since the kernel never stops you with those annoying "Permission denied" messages. Many programmers agree that Laziness, Impatience and Hubris are quixotically valuable traits, and they do have their place.

However, since no software is ever 100% free of bugs, and since no user is ever 100% free of mistakes, you and everyone else on the Internet will appreciate the safety that the Linux kernel offers when you're using your regular user account.

Some helpful manual pages on your Linux system may be (man adduser), (man su), (man sudo), and (man chvt).

Some helpful google searches may be linux sudo root howto, linux security hardening howto, laziness impatience and hubris, and linux security auditing tips.

Contact Ed Halley by email at ed@halley.cc. Text, code, layout and artwork are Copyright © 1996-2005 Ed Halley. Copying in whole or in part, with author attribution, is expressly allowed. Any references to trademarks are illustrative and are controlled by their respective owners.