What is the perfect rights management? It is obvious that a completely democratic system would fail within just a few seconds, as everybody would start to abuse the system and mess with things that a computer needs in order to work properly. The trick is to give each person just as many rights as he absolutely needs, in such a fashion that he does not get the sense of being restricted.
This is somewhat easier said than done. Nobody would like (well except for a couple of hackers) to start a program that just formats all of our computer's partitions. Our files are the basics of our work. Within them, we store our everyday work so that tomorrow we can continue. The first line of defense that ensures that accidents do not happen with our files is the rights management system. If you continue reading, you will learn how it works.
This article will look at the subject from the point of view of a Shell/UNIX programmer. Before you start to think of something bad, like a three-headed dragon, it only means that we will work with the terminal. I wrote this article so that you might also comprehend it if you do not have any prior knowledge or experience with this subject.
However, for best effect I recommend that you read my earlier articles related to UNIX. You can find them under my profile or start a search. At least a minimal picture of the File System in UNIX will help you out. For the purposes of this article I used the Ubuntu Linux distribution; however, any other UNIX-based OS will do.
Every user has a login name, a password, and a group to which he or she belongs. UNIX systems hold the list of users and the groups list within a public file in the /etc/passwd and the /etc/group files. In the system, a single user has the privilege to do whatever he wants. This is the root (the system administrator or super user). The most important objective of the rights management system is to protect the operating system. For instance, look at the /etc/passwd file on my system:
The rest of the users’ privileges are limited. Most of the time, a user has unlimited access to his or her own files, but can only access other users' files with some restrictions. The user is identified by the system by the login name, the password, and the group to which he belongs; however, within the system, this is identified with an integral number.
The command that will tell you this is the id.
id
For example:
There are two types of rights when we talk about directories: user and group. Every directory will belong to a user and to a group. This trait is automatically set at the creation of the directory: to the group where the current user belongs and the user himself. We can change this later on this with the chown and the chmod commands. To find out these traits we will use the ls command.
