Ubuntu Server 8: Managing users & groups: How to?

Chris Rees utisoft at googlemail.com
Tue Jul 1 16:13:10 UTC 2008

> Date: Mon, 30 Jun 2008 17:41:27 -0500
> "Robert Dailey" <rcdailey at gmail.com> wrote:
> On Mon, Jun 30, 2008 at 4:21 PM, Jim Rosser <jarosser06 at gmail.com> wrote:
>> You could use Ebox which provides a graphical interface through the
>> network, so you don't have to add a desktop to your server and you still get
>> a Friendly GUI.  You might check out *http://www.ebox*-platform.com to
>> find out more information.
>> On Mon, Jun 30, 2008 at 3:05 PM, Karl Larsen <k5di at zianet.com> wrote:
>>> Robert Dailey wrote:
>>> > Hi,
>>> >
>>> > Is there a way to manage users & groups in Ubuntu Server much like
>>> packages
>>> > are managed in Aptitude? Something graphical on the command line so I
>>> can
>>> > worry a little less about command line parameters. If not, is there a
>>> > tutorial or reference somewhere that describes how to do a couple of
>>> > user/group related things, such as moving a user from one group to
>>> another,
>>> > adding users to and removing users from groups?
>>> >
>>> >
>>>     First there is nothing on the command line that is graphical. You
>>> either use the Command Line tools or punt. I have often wondered why
>>> Server's are not just a desktop running on init 2. That way you can as
>>> owner bring on the desktop to do things like users and groups.
> I have a question also about basic file permissions.
> Keep in mind I've been in Microsoft land for all my life, and I realize you
> guys get pretty pissed off when I refer to linux stuff using Windows
> terminology. However I hope you'll bear with me, I'm still learning.
> >From what I can tell, each file or directory on the system can have a user
> AND a group associated with it. This doesn't make much sense to me. If I'm
> user 'foo', and I have a group named 'test' which I am in, and I assign the
> following to a file:
> USER: foo
> GROUP: test
> I've technically been added to this file 2 times, so which permissions does
> the system choose for me? The ones from the group that I'm in, or the user
> permissions? It would make more sense to add *only* groups to files and
> directories, things would seem more consistent that way. I don't see a point
> in just assigning a single user as  a special case, when all you really need
> to do is assign a group with only 1 user in it.

If you're user:foo and in group:test, a file with user:group foo:test
will have permissions applied to you from the u part of the

     u      g      o      own   group
-   rwx  rwx  rwx     foo     test

The order in which permissions are read and applied goes from left to
right; if you're the file owner (foo) then the first field to match
from left to right is the owner field (u), whethere you are in group
test or not. However, if you are NOT foo, then the next field is read;
if you're in group test group permissions (g) are applied, if not then
other (o) is applied. Example:

[chris at amnesiac]~% ls -l

-rw-r--r--  1 chris  wheel 529156 Nov 29  2004 pjirc_2_1_1_bin.zip

[chris at amnesiac]~% whoami; groups
chris wheel
[chris at amnesiac]~%

The permissions of the file are for me rw (read and write). However;

[chris at amnesiac]~% chmod u=r,og=rw pjirc_2_1_1_bin.zip ; ls -l

-r--rw-rw-  1 chris  wheel  529156 Nov 29  2004 pjirc_2_1_1_bin.zip

[chris at amnesiac]~% echo foo >pjirc_2_1_1_bin.zip

pjirc_2_1_1_bin.zip: Permission denied.

[chris at amnesiac]~%

I now only have read permission, even though I am in group wheel that
has write. So it continues....

On a side note, if you really want, Windows-style ACLs _are_ possible
in Linux, it's just that unless you really need them the simple
user-group-other paradigm covers almost any possible needs. They
simplify everything, and you can tell exactly what you can and can't
do just by looking at nine letters.


More information about the ubuntu-users mailing list