The users on a UNIX system are divided into groups. Every user must be a member of one of the groups. The group information is maintained in the /etc/group file. Although a user may be member of more than one group, he or she has a primary group membership. All other groups are secondary groups for a particular user. The file security and permission system is designed on the group information. A user who creates a file is the owner of that file. The owner of a file has the privilege to assign or revoke file permissions to other users. The owner can assign any permissions to the members of any group of which the owner is a member. All other users of the system who don't belong to this group are considered "others" in UNIX terminology. Sometimes these "other" users are also called "world," and permissions granted to them are "world" permissions.
From this discussion, we conclude that there are three types of users in UNIX. They are:
the owner
the group
others
Every file and directory has a permission set that tells which user has what permission. No one except the owner or the superuser can alter this permission set.
The division of users in this scheme provides a lot of convenience for securing as well as sharing files among different users. Multiple group membership for a user is also very useful. For example, an accounts manager may be a member of the accounts group and the managers group. The accounts manager can then share files related to management tasks with other managers, but the files are still protected from other members of the accounts group. Similarly, there may be an applications group, members of which may be able to run or stop applications on the system. Some of these members may also be assigned some of the system administration tasks and in a special group created by the system administrator.
Top |