Fedora Linux

The group administrators are in field 4 and group members are in field 5 in this fileso in this case, jane is the group administrator for audit , and jane , richard , andrew , and matthew are group members.

4.7.3. What About...

4.7.3.1. ...the kuser program on the menu?

kuser is a KDE program that provides an alternative to system- config-user . The two programs are functional duplicates, but I think system-config- user looks better.

4.7.3.2. ...editing the password and group files directly?

It is possible but must be done carefully to avoid leaving the system in an unusable state.

The vipw and vigr scripts provide the most convenient way of editing these files; vipw edits /etc/passwd and /etc/shadow , and vigr edits /etc/group and /etc/gshadow . In both cases, the files will be locked to prevent concurrent changes by another program, and the vi editor will be used for editing (the EDITOR environment variable can be used to specify another editor if you'd prefer).

4.7.3.3. ...checking that the password and group files are properly written?

The pwck command can be used to check and repair /etc/passwd and /etc/shadow :

# pwck
user adm: directory /var/adm does not exist
user gopher: directory /var/gopher does not exist
user ident: directory /home/ident does not exist
user torrent: directory /var/spool/bittorrent does not exist
invalid password file entry
delete line Q'? y
pwck: the files have been updated

grpck performs similar checks on /etc/group and /etc/gshadow :

# grpck
invalid group file entry
delete line Q'? y
invalid group file entry
delete line Qascasdcasdarg asdfasdf'? y
grpck: the files have been updated

4.7.4. Where Can I Learn More?

? The manpages for passwd, useradd, usermod, userdel, groupadd, groupmod, groupdel, vipw, vigr, pwconv, grpconv, crypt (3), passwd (5), shadow (5), group (5), and gshadow (5)

4.8. Control Access to Files

All Linux and Unix systems use file permissions or modes to control access to files. Fedora extends this with the user-private-group scheme, which simplifies the configuration of permissions for collaboration.

There are two other mechanisms available for file access control: see Lab 8.2, 'Using SELinux' and Lab 8.3, 'Using Access Control Lists.'

4.8.1. How Do I Do That?

There are three basic file permissions:

read (r)

Grants permission to access the contents of a file. There are no restrictions on what can be done with the file contents, so read permission includes permission to view or process the contents of the file, as well as permission to copy the file. On a directory, read permission enables the display of the list of files in the directory; without read permission, you can access a file contained in the directory only if you know the exact name of the file.

write (w)

Grants permission to write to a file; this includes overwriting existing information, append to the end of the file, and truncate (shorten) the file. On a directory, write permission enables the creation and deletion of files within that directory.

execute (x)

Grants permission to execute the file. If the file is a binary, it can be executed by the kernel; if it is a text file, it is treated as a script. On a directory, execute permission grants access to the contents of the directory (some people refer to execute permission on a directory as search , or passthrough , permission).