Linux Users Groups and Permissions
Linux Permissions
Section titled “Linux Permissions”Users and Groups
Section titled “Users and Groups”Linux file and directory permissions are based on users and groups. A Linux user is an account on a Linux operation system that allows an individual or entity to log in and interact with the system. There are two types of user accounts - regular and system users. Regular users are for personal use by an individual and system users are meant to be used for system services.
User management
Section titled “User management”Add a new user
Section titled “Add a new user”sudo useradd -m username-mcreates a home directory (e.g./home/username).- After creating, set a password:
sudo passwd usernameDelete a user
Section titled “Delete a user”sudo userdel -r username-rremoves the home directory and mail spool.
Modify a user
Section titled “Modify a user”sudo usermod options username- Example: change login name:
sudo usermod -l newname oldname- Example: change home directory:
sudo usermod -d /new/home usernameGroup management
Section titled “Group management”A Linux group organizes users. A group can contain multiple users and a user can be part of multiple groups. However groups are not hierarchical, meaning you can’t add a group inside another group. Groups are important for managing permissions. Instead of allowing/forbidding access to directories/files for every single user, you can set permissions on a group level that affect multiple users.
Add a group
Section titled “Add a group”sudo groupadd groupnamesudo groupdel groupnameAdd a user to a group
Section titled “Add a user to a group”sudo usermod -aG groupname username-aGappend user to supplementary group(s) (don’t drop existing ones).
Change a user’s primary group
Section titled “Change a user’s primary group”sudo usermod -g groupname username- Every user has one primary group and can belong to multiple supplementary groups.
Check which groups a user is in
Section titled “Check which groups a user is in”groups usernameor
id usernameUseful Files (wher this info lives)
Section titled “Useful Files (wher this info lives)”/etc/passwduser accounts/etc/shadowpasswords (hashed, only root can read)etc/groupgroup definitions and memberships
Linux File and Directory Permissions
Section titled “Linux File and Directory Permissions”1. Viewing Permissions with ls -l
Section titled “1. Viewing Permissions with ls -l”When you run:
ls -lYou might see output like this:
-rw-r--r-- 1 alice students 1234 Sep 7 12:00 notes.txtdrwxr-x--- 2 bob teachers 4096 Sep 7 11:30 projectsBreakdown of columns:
Section titled “Breakdown of columns:”-
File type & permissions
-rw-r--r--file type (-= regular file) and permissions.dat the start means directory.
-
Links number of hard links.
-
Owner (user) who owns the file (
alice). -
Group group ownership (
students). -
Size file size in bytes.
-
Date/Time last modification.
-
Name filename.
2. Understanding Permissions (r, w, x)
Section titled “2. Understanding Permissions (r, w, x)”Permissions are shown in three groups:
-rw-r--r-- u g o- User (owner) first 3 characters (
rw-) - Group next 3 characters (
r--) - Others last 3 characters (
r--)
What r, w, x mean:
Section titled “What r, w, x mean:”-
For files:
rcan read the file’s contents.wcan modify or delete the file.xcan execute the file (if it’s a program or script).
-
For directories:
rcan list directory contents (ls).wcan create/delete files in the directory.xcan enter (cd) into the directory.
3. Setting Permissions
Section titled “3. Setting Permissions”Symbolic Syntax
Section titled “Symbolic Syntax”chmod u+x file.txtu= user,g= group,o= others,a= all+= add,-= remove,== set exactly
Examples:
chmod g+w file.txt # give group write accesschmod o-r file.txt # remove read permission for otherschmod a=r file.txt # set read-only for everyoneOctal Syntax
Section titled “Octal Syntax”Permissions can also be expressed as numbers. You can convert one permission group (r/w/x) to a number by first representing it in binary form. If the permission is set, use letter 1, if it’s not set use letter 0.
r-x=101-w-=010rwx=111---=000
If you read the binary number on the right side as octal number (in this case it’s the same as decimal, because the highest number is 7), you can express the permissions for one group in the form of one letter (0-7)
r-x=101=5-w-=010=2rwx=111=7---=000=0
You can then use three octal letters to set the permissions for user, group and others in one go.
Examples:
644rw-r--r--(owner can read/write, group and others read-only)755rwxr-xr-x(owner full, group and others can read/execute)700rwx------(only owner can access)
Command:
chmod 755 script.sh4. Recursive Permissions
Section titled “4. Recursive Permissions”Apply changes to all files and subdirectories inside a directory:
chmod -R 755 myfolderBe careful! This changes everything inside.
5. Changing Group Ownership with chgrp
Section titled “5. Changing Group Ownership with chgrp”Each file/directory has an owner and a group.
- Change the group:
chgrp teachers notes.txt- Recursive (apply to folder and everything inside):
chgrp -R teachers projects/6. Changing File Ownership with chown
Section titled “6. Changing File Ownership with chown”Each file/directory has an owner and a group.
- Change the owner:
chown alice notes.txt- Change both owner and group:
chown alice:teachers notes.txt- Recursive (apply to folder and everything inside):
chown -R alice:teachers projects/7. Default Permissions with umask
Section titled “7. Default Permissions with umask”When a new file or directory is created, it gets default permissions.
The umask command controls which permission bits are turned off by default.
- Show current umask value:
umask- Example: If
umaskis0022- New files will get
644(rw-r--r--) - New directories will get
755(rwxr-xr-x)
- New files will get
💡 How it works:
- Start with base permissions:
- Files:
666(rw-rw-rw-) → no execute by default - Directories:
777(rwxrwxrwx)
- Files:
- Subtract the umask value (bitwise) to get the final permissions.
- Temporarily change umask (only for current shell session):
umask 0007This would make:
- New files →
660(rw-rw----) - New directories →
770(rwxrwx---)
Question
Section titled “Question”Why does umask have four digits, when we learned that permissions only consist of three groups (user/group/others)?
In reality, there’s also a fourth “special” set of bits at the front, which is why the umask is often displayed as four octal digits.
Permissions are stored as a 16-bit value, but we usually represent the important 12 bits:
[ special | user | group | others ]Special bits (first octal digit):
- setuid (4xxx) – Run file with owner’s privileges.
- setgid (2xxx) – Run file with group’s privileges / directories inherit group.
- sticky bit (1xxx) – On directories, restricts file deletion.
So for example:
-rwsr-xr-x -> 4755Umask in this context
Section titled “Umask in this context”The umask works as a “mask” that removes permission bits from the default.
It applies to all four parts (special | user | group | others).
- Most of the time, the first digit of umask is 0, since you usually don’t want to mask out setuid/setgid/sticky defaults.
Summary Table
Section titled “Summary Table”| Symbol | Meaning (File) | Meaning (Directory) |
|---|---|---|
r | Read contents | List files (ls) |
w | Modify file | Add/remove files |
x | Run as program | Enter (cd) |
- Use
chmodto change permissions. - Use octal (
755) or symbolic (u+r). - Add
-Rfor recursive changes. - Use
chgrpto change group ownership.