Skip to main content

How to Use USERMOD and Special Permissions in Linux

Linux is a powerful and flexible operating system that allows you to manage users and groups, as well as their permissions and access levels. In this blog post, we will cover two important topics related to user and group management in Linux: the usermod command and the special permissions, including SUID, SGID, and the sticky bit.

What is the usermod command?

The usermod command is a command-line utility that allows you to modify an existing user account in Linux. You can use it to change various attributes of a user account, such as the password, the home directory, the default shell, the primary and secondary groups, and more.


The syntax of the usermod command is:

usermod [options] USER

Only root or users with sudo access can invoke usermod and modify a user account. On success, the command does not display any output.

Here are some common options and examples of using the usermod command:

  • To add a comment or a description for a user, use the -c option:
usermod -c "This is a test user" test_user
  • To change the home directory of a user, use the -d option. To move the content of the old home directory to the new one, use the -m option:
usermod -d /home/new_user -m old_user
  • To change the expiry date of a user account, use the -e option and specify the date in YYYY-MM-DD format:
usermod -e 2023-12-31 test_user
  • To change the primary group of a user, use the -g option and specify the group name or ID:
usermod -g developers test_user
  • To add a user to one or more secondary groups, use the -a -G options and specify the group names or IDs separated by commas:
usermod -a -G games,sudo test_user
  • To change the login name of a user, use the -l option and specify the new name:
usermod -l new_user old_user
  • To lock or unlock a user account, use the -L or -U options respectively:
usermod -L test_user # lock the account
usermod -U test_user # unlock the account
  • To set an unencrypted password for a user, use the -p option and specify the password. However, this is not recommended for security reasons. It is better to use the passwd command to change the password interactively:
usermod -p test_password test_user # not recommended
passwd test_user # recommended
  • To change the default shell of a user, use the -s option and specify the absolute path of the shell:
usermod -s /bin/zsh test_user
  • To change the user ID of a user, use the -u option and specify the new ID. This will also change the ownership of the files in the user’s home directory and mail spool:
usermod -u 1234 test_user

For more options and details, you can check the usermod manual page by typing man usermod in your terminal.

What are the special permissions in Linux?

Apart from the regular permissions (read, write, and execute) that can be set for the owner, the group, and the others, Linux also supports some special permissions that provide additional control and flexibility over file and directory access. These special permissions are:

  • Set User ID (SUID): This permission allows a user to execute a file with the privileges of the file owner. This is useful for commands that need to access or modify files that are only accessible by the root user, such as the passwd command. When the SUID bit is set on an executable file, the letter s replaces the x in the user’s execute permission. For example:
-rwsr-xr-x 1 root root 59640 Mar 22  2019 /usr/bin/passwd

This means that any user who runs the passwd command will be able to modify the files /etc/passwd and /etc/shadow, which are owned by root and can only be modified by root. However, the passwd command also checks the user ID of the user who runs it and only allows them to change their own password, not other users’ passwords.

  • Set Group ID (SGID): This permission allows a user to execute a file with the privileges of the file group. This is useful for commands that need to access or modify files that are only accessible by a specific group, such as the wall command. When the SGID bit is set on an executable file, the letter s replaces the x in the group’s execute permission. For example:
-rwxr-sr-x 1 root tty 27416 Mar 22  2019 /usr/bin/wall

This means that any user who runs the wall command will be able to send a message to all users who are logged in, which is normally restricted to the tty group.

The SGID bit can also be set on a directory, which has a different effect. When the SGID bit is set on a directory, the letter s replaces the x in the group’s execute permission. For example:

drwxrwsr-x 2 root staff 4096 Dec 19 17:20 /var/log/test

This means that any file or subdirectory created inside this directory will inherit the group ownership of the parent directory, instead of the primary group of the user who created it. This is useful for sharing files among users who belong to the same group.

  • Sticky bit: This permission restricts the deletion or renaming of files and subdirectories in a directory. Only the owner of the file or subdirectory, the owner of the directory, or the root user can delete or rename the file or subdirectory. This is useful for directories that are writable by multiple users, such as the /tmp directory, which is used for storing temporary files. When the sticky bit is set on a directory, the letter t replaces the x in the others’ execute permission. For example:
drwxrwxrwt 23 root root 12288 Dec 19 17:22 /tmp

This means that any user can create a file or a subdirectory in the /tmp directory, but only the owner of the file or subdirectory, the owner of the /tmp directory (which is root), or the root user can delete or rename it.

How to set and remove the special permissions in Linux?

You can use the chmod command to set or remove the special permissions in Linux, just like you would do for the regular permissions. The syntax of the chmod command is:

chmod [options] mode file

The mode argument can be either symbolic or numeric. The symbolic mode uses letters and symbols to represent the permissions, while the numeric mode uses numbers to represent the permissions.

To set the special permissions using the symbolic mode, you can use the following letters:

  • u for the user or the file owner
  • g for the group
  • o for the others
  • a for all (user, group, and others)
    • to add a permission
    • to remove a permission
  • = to set an exact permission
  • s to set the SUID or SGID bit
  • t to set the sticky bit

For example, to set the SUID bit on a file named test.sh, you can use the following command:

chmod u+s test.sh

To remove the SGID bit from a directory named test, you can use the following command:

chmod g-s test

To set the sticky bit on a directory named test, you can use the following command:

chmod o+t test

To set the SUID, SGID, and sticky bit on a file named test.sh, you can use the following command:

chmod u+s,g+s,o+t test.sh

To remove the SUID, SGID, and sticky bit from a file named test.sh, you can use the following command:

chmod u-s,g-s,o-t test.sh

To set the special permissions using the numeric mode, you can use the following numbers:

  • 4 for the read permission
  • 2 for the write permission
  • 1 for the execute permission
  • 0 for no permission
  • 4 for the SUID bit
  • 2 for the SGID bit
  • 1 for the sticky bit

The numeric mode consists of three or four digits, depending on whether you want to set the special permissions or not. The first digit (optional) represents the special permissions, the second digit represents the user permissions, the third digit represents the group permissions, and the fourth digit represents the others permissions.

For example, to set the SUID bit and the read and execute permissions for the user, the read and execute permissions for the group, and the execute permission for the others on a file named test.sh, you can use the following command:

chmod 4751 test.sh

To remove the SUID bit and set the read and write permissions for the user, the read permission for the group, and no permission for the others on a file named test.sh, you can use the following command:

chmod 0640 test.sh
Labels:

Popular posts from this blog

Cockpit vs. Webmin: A Detailed Comparison for Linux Administration

  Introduction In the realm of Linux system administration, having efficient tools for managing and monitoring servers is crucial. Two popular tools that system administrators often use are  Cockpit  and  Webmin . Both of these tools provide a graphical interface accessible via a web browser, simplifying the management of Linux systems. This blog post will explore what Cockpit and Webmin are, their purposes, a comparison table, and additional information to help you choose the right tool for your needs. What is Cockpit? Overview Cockpit is a web-based graphical interface for managing Linux systems. It is designed to be easy to use, enabling both experienced and novice administrators to manage their systems effectively. Cockpit integrates seamlessly with the system’s existing infrastructure, providing real-time monitoring and management capabilities. Purpose Cockpit is primarily used for: Monitoring system performance and resource usage Managing system services Handli...
Post a Comment
Read more

How to Set Up Custom Screen Resolution on Fedora 38 Permanently

  If you are using Fedora 38 as your operating system, you may have encountered some issues with the screen resolution. The default resolution may not be suitable for your monitor or your preferences, and you may want to change it to a higher or lower value. However, changing the resolution from the Settings menu may not work properly, or it may not persist after a reboot. In this blog post, I will show you how to set up a custom screen resolution on Fedora 38 permanently using some simple commands and configuration files. The first step is to disable the Wayland display server, which is the default display server for Fedora 38. Wayland is a modern and secure display server, but it may not support some custom resolutions or drivers. To disable Wayland, you need to edit the /etc/gdm/custom.conf file as root. You can use any text editor of your choice, such as nano, vim, or gedit. To open the file with nano, for example, you can type the following command in the terminal: sudo nano ...
Post a Comment
Read more

Key Concepts and Tools for a Linux System Administrator

  A Linux System Administrator needs to have a comprehensive understanding of various concepts and tools to manage, configure, and maintain Linux systems effectively. Below is a categorized list of essential skills and tools with brief descriptions. Category Key Concepts & Tools Description Operating System Linux Distributions (e.g., Fedora, Ubuntu, CentOS) Knowledge of different Linux distributions, their package management systems, and unique features. Kernel Configuration and Management Understanding how to configure and optimize the Linux kernel for different workloads. System Boot Process (GRUB, systemd) Familiarity with the boot process, bootloaders, and system initialization processes. Command Line Skills Bash Shell Scripting Ability to write and debug shell scripts for automation of tasks. Core Commands (ls, cp, mv, rm, find, grep, awk, sed) Proficiency in using basic and advanced command-line utilities for system management. File System File System Hierarchy Standard (...
Post a Comment
Read more