A few words about Linux. Access rights, services and commands

A few words about Linux. First of all I will briefly describe the access rights to files and folders. Then service management and basic Linux commands. This information is necessary to understand my other posts about configuring and maintaining virtual environment, web services and so on. То же по-русски.

1. Access rights in Linux/OS X/Unix

I will shortly describe the users access rights in Linux. For UNIX and OS X everything is the same.

All Linux users are divided into four categories:

  • the owner (creator of the file or folder);
  • users belonging to the group;
  • all other users, who are not part of the group, except superuser root;
  • superuser root.

With the last one everything is simple. Because superuser has access to everything and can do everything. Actually, this is very dangerous. Therefore, one should work as root ONLY one can not avoid this and should do it very carefully. Otherwise, one can cause substantial harm to the system, for example to remove half of the server’s file system.

So all other users can only access the files and folders for which they are authorized. Each file or folder in the Linux file system contains information about the owner (creator) and user group, which the owner belongs to. For example the owner is admin and group is localadmins or the owner is poul and group is users. RedHat Linux (CentOS) creates by default for each new user a separate group with a the group name the same, as the user name. For example, it can create a user and a group poul poul.

The access rights in Linux contains thee numbers for each file (folder). They control access to the file owner, group, the file owner belongs to, and all other users. Each number has three bits – reading (r), write (w) and execute (x). When bit is set to 1, it means permitted, if it is set to 0, it means prohibited. For example, 7 means everything is permitted, 1 – permitted only reading, 5 -permitted executing and reading. Recording is prohibited. The first number of the three is the access rights of the owner, the second is the rights of the group, and the third is the rights of all other users.

Thereby:

  • 755 means that everyone is allowed to read and execute, and the owner  is permitted to record;
  • 600 means that reading and writing are allowed only to the owner;
  • 640 means that the owner is allowed to read and write, and users, who are members of the owners group is allowed to read only.

2. Linux Services

Any Linux server consists of the operating system kernel, services, and supporting programs. Some of services (daemons) are started automatically during system startup or manually. Examples of services are the SSH server, WEB-server, database server, etc. In different versions of Linux, the services are managed in different ways. The description here is only valid for RedHat Linux (Cent OS), which we used to create our virtual machine template.

In order to execute a command for the service, one need to create a secure connection to the server via SSH, become root and type in a terminal:

/etc/init.d/servicename command

service name can be, for example, the sshd for server SSH, the httpd for the Apache web-server, mysqld for the MySQL database server.

One can view the list of  registered in the system services with the command:

/sbin/chkconfig

A few words about Linux

Fig. 1. Services

Then, You can see the answer in Fig. 1. Where the left column – service’s names and column 3 – multitasking mode (normal server work).

  • on – the service starts automatically during system startup;
  • off – the service does not start when the system starts.
A few words about Linux

Fig. 2. Servises commands

And one can get a list of available commands for the service by typing in a terminal (Figure 2.)

/etc/init.d/servicename

Basic commands:

  • start – start the service;
  • stop – stop the service;
  • restart – restart the service;
  • reload – reload configuration files without restarting the service;
  • status – display of service status.

<TAB> key

<TAB> key is very useful when one types the names of folders, files or programs. It is enough usually to type the first symbols of the name, then press <TAB> and Linux itself will add the rest to the end of the name, if it has only one variant, or to branching. To view the options, it is necessary to press the <TAB> key again.

For example:

  1. #/sbin/ch<TAB> will give nothing, because there are some variants of the file name, pressing <TAB> again displays a list of them:

chcpu      chkconfig

2. #/sbin/chk<TAB>  will give

/sbin/chkconfig

3. Linux commands

To manage the server over a secure SSH connection we will need following basic Linux commands:

  • ls – display the contents of a folder;
  • cd – go to the folder;
  • mkdir – create a folder;
  • chown – change the owner of the file/folder;
  • chmod – change the access rights of the file/folder;
  • su – become superuser (root);
  • sudo – execute a command as another user;
  • useradd – add a user to the system;
  • passwd – set/change a user’s password;
  • cp – copy files and folders;
  • mv – move files and folders;
  • rm – remove files or folders.

I have described also these commands with more details in my post “Linux commands. The very short description“. If you are using a server on the our virtual machine template, during the Linux service installation process, the installer program will perform all necessary operations – will install and register the service itself, make the necessary changes to the firewall, install and configure the all configuration files and access rights to files. After that you can use the service immediately. When you delete a service, the installer program will make all changes in the reverse order, and no traces of the service on the server will left.

No comments yet.

Leave a Reply