Unix users and permissions and how they interact with web files

When you issue the command ls in Linux you get this sort of thing:

drwxr--r--   1 fred  editors   4096  drafts
-rw-r--r--   1 fred  editors  30405  file1.php
-r-xr-xr-x   1 fred  fred      8460  file2.php

I know that the rwxrwxrwx are the read, write and execute permissions for the current user. And I think I know that 'fred' is the user who owns the file. So I assume fred can write to file1 but no one else can. But what is the extra bit 'editors' and what is the difference between file1 and file2 with respect to one having an ownership of 'fred editors' and the other 'fred fred'?

Also if a web user connects to one of the files, what is their user name and where is this decided? If the server decided that user connecting from the web was going to be fred, does this mean any web user could write to file1?

Any information welcomed, I am resaerching this but just getting confused. Thanks

Columbo

Posted 2010-05-18T10:48:35.260

Reputation:

Answers

The second field, editors, is the "group". No two users have the same user name, but multiple users can be a part of the same group. Using groups allows permissions to be applied to multiple users. For file1 and file2, there is in effect no difference because the "group" permissions and "others" permissions are identical. However, if you had rwxr-----, instead, then the one with "editors" would allow all editors to read the file, while "fred" could read and write, while the second would give only fred read/write/execute permissions, while everybody else wouldn't be able to do anything (assuming that the group "fred" only includes fred, which is typically the case... in order to simplify the permissions mechanism, typically each user has a corresponding group to which only they belong, in case a group isn't being used).

Michael Aaron Safyan

Posted 2010-05-18T10:48:35.260

Reputation: 2 645

"editors" is the group that fred belongs to. Anyone else in that same group shares the same group permissions. That makes it possible to give read, write or execute permissions to a group of different users.

The username of the web user is the same as the username that is associated with the running web server process (usually -- that's somewhat configurable).

And yes, if the server was running as user "fred", anyone who accessed the file would have write permissions.

For more information on unix groups, see the wikipedia entry on the group identifier

Bryan Oakley

Posted 2010-05-18T10:48:35.260

Reputation: 131

Thanks, sorry I am new to this so this is probably very basic but where can I look at and change these users and group? – None – 2010-05-18T10:58:34.830

I had a look at /etc/passwd and the user the owner of the files in the wb directory I'm working in is not in the list. – None – 2010-05-18T11:04:51.150

@Columbo, you can use the "groups" command to list the groups for the current user or for a given user. The list of all groups can typically be found in "/etc/passwd". You can use "chown" to change both the owner and the group for a file, while you can use "chmod" to change the permissions for the file. – Michael Aaron Safyan – 2010-05-18T11:05:13.267

@Columbo, some OSs don't rely on /etc/passwd or augment /etc/passwd with a separate user/group database. – Michael Aaron Safyan – 2010-05-18T11:06:10.613

Thanks, the problem I have is the web site files I am working on are user: 2016 group: sites. When I use the command 'groups 2016' i get the reply "ID:2016 No Such User". – None – 2010-05-18T11:09:25.197