 |
Every UNIX system has an account called root, or "Super User". This is
an account that has almost complete control of the system, and is in charge
of maintaining it. It is not constrained by any of the permissions or ownership
of a file, it is able to create, destroy, modify, and view any file on
the system. In addition, the account is able to perform functions such
as adding/deleting users, setting usage limits, disk administration, accounting,
and a whole slew of other administrative tasks. Root may be one person,
or a group of people that are in charge of a system. Usually, the system
administrator will have a normal user account for day-to-day use that does
not have the responsibilities or privileges (and the dangers that accompany
them) of root.
Since UNIX is a multiuser system, it needs a way to keep track of all
the different users. Each user account has a unique name, called a login
ID, that is used to log in to the system with. That name, along with other
information about the account (encrypted password, real name, shell, etc.)
is usually kept in a file called /etc/passwd. Some UNIX systems keep
account information in different places. When an
account on a UNIX system is created, it is assigned a UID which is a number
that the system uses to keep track of who you are. All files are stored
as a numeric owner in the inode information, not as a login id owner. For
example, the root account has a UID of 0. If you do an ls -l on any files
that are owned by root, UNIX sees that the file is owned by UID 0, so it
looks up 0 in the password information. It then pulls out the login-id
of the UID 0 and prints root as the owner.
When an account is created it is assigned to a default group depending
on what type of account it is, and what it is to be used for. Like login
ids, groups are also stored as numbers. Only the root account has the privilege
of creating, deleting, or assigning group membership. If users need to
be in additional groups, then they must be assigned to a secondary group,
in most cases this means the administrator adding them to the /etc/groups
file. /etc/groups is a list of group names, group password (mostly unused),
group ID numbers (GID), and a list of members of the groups.
Each file in the UNIX file system has two types of owners:
- User: The user who owns a file is the only user (other than
root) who
has the privilege to change the permission and group ownership of a file.
- Group: Group ownership on the other hand is merely a way of
granting privileges
to a group of users.
If a file is readable by a group, then only those
in that group can read the file. While users cannot change the ownership
of a file, an owner of a file is permitted to change the group association,
provided they are in the group. If a user is in two groups, firstaid and
student, and a file they own is in the student group, chgrp will allow
them to change the files group ownership to firstaid. Even though users
cannot manipulate groups and group membership on standard UNIX machines,
AFS supports these features, and is available on the WAM machines.
To find out what group a person is in, use the groups
command.
By itself, it will tell you what group(s) you are in, or if you use another
username as an argument, it will tell you what group(s) that person is
in. The command whoami will tell you your username,
although you
probably already know it.
|
