Managing Ubuntu

Ubuntu GNU/Linux is a multi-user system.  Even if you're the only human being to use the computer, there still exists many user accounts defined on the system.  These are used by Ubuntu in a variety of ways.  By having different accounts own different files in the filesystem, the overall security of the computer is enhanced.  Your user account doesn't have permission to modify files owned by the various system accounts, so the core files used by the operating system cannot be compromised by you.  This is one way that GNU/Linux better protects against computer viruses, for example.

User accounts have a variety of properties, the most important of which are the ID and the name.  Your user account name is the name you use when signing into the system.  Your user acccount ID is how the system deals with you internally.  User account names are friendly labels used to make it easy for humans to interact with the system, but the system doesn't particularly care about names, and instead uses numeric IDs.

There exists a user on every GNU/Linux system with an ID of zero.  This user's name is "root".  This is the super-user account.  The root user can do anything on the computer.  Ubuntu has configured the system to disable the root account by default.  This is a security precaution: if someone can log in as the root user (by guessing the root user password, for example), that person can access any files, and make irreperable damage to the system.  Because Ubuntu has disabled this account, no one can log in as root. 

User accounts belong to one or more groups.  Groups are used to orgnanize users.  Permissions can be granted to denied to groups, thereby affecting all the users of that group.  There are a number of pre-defined groups in a basic installation of Ubuntu GNU/Linux, and additional groups can be created as needed.

As mentioned earlier, files have owners.  Files also have group owners.  Permissions can be assigned to files for the owner, the group owner, and for everyone else.  The combination of owner, group owner, and everyone else allows for surprisingly fine-grained control over access to files.

There are three permissions that can be assigned for each file:

• read: access is granted to view the contents of the file or directory
• write: access is granted to change the contents of a file or directory, or to delete it
• execute: access is granted to run the file (if it is a program) or to change into the directory

These three permissions can be applied for each of the file's owner, group, and everyone else.  For example, let's say you're working on your resume.  You don't want anyone else to modify your resume, but you do want other users of the computer to be able to read it.  You would assign yourself read and write permission, and only read permission to everyone else (in this example, the group doesn't matter).

As another example, consider a team working together on a project.  Each member of the team needs to be able to read and write to the team's files, but no one else should be permitted to access the files.  The team would have a group created, and each member of the team would have their user account added to the group.  A directory would be created somewhere, and this directory would have its group owner set to the team's group.  Permissions on the directory would be set for user and group to have read, write, and execute permissions, while everyone else would have no access to the directory.  By denying access to the directory for "everyone", users who are not members of the team's group cannnot access the contents of that directories' files.

adding, changing, and deleting users
adding, changing and deleting printers
keeping up to date (p. 125)
adding and removing applications (p. 118)