When managing a Linux system with multiple users, you may find that basic user management tools are not sufficient for handling more complex permission requirements. This is especially true when you need to control access to specific resources. For example, you might want certain users in one group to have read and write access to a directory, while others in a different group only have read access. Fortunately, Linux provides powerful mechanisms to achieve this, such as user groups and Access Control Lists (ACLs).
This article will guide you through the process of managing users via user groups and ACLs. You can follow along using any Linux distribution of your choice. While we’ll focus on user groups, we assume you already have some basic knowledge about user creation and management.
For the demonstration, I'll be creating two users: Olivia and Nathan. We'll also create two user groups—Readers and Editors. Olivia will belong to the Editors group, and Nathan will be part of the Readers group. The Readers group should have read-only access to the /DATA directory, while the Editors group needs both read and write permissions. This simple setup will help you understand how to apply these concepts to more complex scenarios.
I’m working on an Ubuntu 16.04 Server, but the commands are generally applicable across most Linux distributions. If your system doesn’t support the sudo command, you’ll need to switch to the root user to execute these commands.
Create Users
The first step is to create the two users. We'll use the useradd command, making sure to create their home directories and set passwords for them.
sudo useradd -m olivia
sudo useradd -m nathan
Once created, you can check the /home directory to confirm their home folders were created.
Next, set passwords for both users:
sudo passwd olivia
sudo passwd nathan
Create User Groups and Add Users
We now create the Readers and Editors groups:
sudo addgroup readers
sudo addgroup editors
(Note: On some systems like CentOS, you may need to use groupadd instead of addgroup.)
Add users to the appropriate groups:
sudo usermod -a -G readers nathan
sudo usermod -a -G editors olivia
Grant Permissions to User Groups
Let’s say we have a directory called /READERS and we want the Readers group to have access. First, change the ownership of the directory:
sudo chown -R :readers /READERS
Then grant read and write permissions to the group:
sudo chmod -R g+rw /READERS
Finally, restrict access for other users:
sudo chmod -R o-rwx /READERS
Now, only the owner (root) and members of the Readers group can access the files in /READERS.
Similarly, for the /EDITORS directory, we can do the following:
sudo chown -R :editors /EDITORS
sudo chmod -R g+rwx /EDITORS
sudo chmod -R o-rwx /EDITORS
Using Access Control Lists (ACLs)
While the above method works, it has limitations when dealing with multiple groups or more complex permissions. That's where ACLs come into play. Using the setfacl command, we can define granular permissions for specific users or groups.
For example, to allow the Readers group to have read access to the /DATA directory:
sudo setfacl -m g:readers:r-x /DATA
To give the Editors group read and write access:
sudo setfacl -m g:editors:rwx /DATA
This way, you can manage access at a much finer level than standard Unix permissions.
Additional Tips
ACLs offer flexibility, allowing you to add users, modify permissions, and even remove access as needed. To learn more about these tools, you can run:
man useradd
man addgroup
man usermod
man setfacl
man chown
man chmod
Solar Inverter,PV Inverter,Energy Storage Inverter,Residential Inverters
Shenzhen Unitronic Power System Co., Ltd , https://www.unitronicpower.com