The Ultimate Guide to Linux Users, Groups, and Permissions

Understanding how users, groups, and permissions work on Linux can be challenging at first. In this tutorial, we'll explore the basics of system administration for Linux environments. We'll define the different types of users and how to add and remove users to/from the system. Additionally, we'll discuss basic commands like chmod and chown and how they can be used to modify permissions for different users/groups in Linux.

Linux Users

Linux is designed for multiple users to have access to the same system at the same time. There are three types of users in Linux:

System users

System users run non-interactive or background processes. These users don't have their own login or home directory.

Regular users

These users run interactive processes and have their own home directory and login.

Super user

There is only one root or superuser. This user is the ultimate authority on file ownership and permissions. You create new users as the root user.

Linux - Viewing all users

You can view a list of all users on the system via:
$ cat /etc/passwd

This shows every user on the system. Each line represents a user with basic information such as username, user ID, group ID, and the home directory for that user.

Linux - Switching to the root user

How you switch to the root user may vary depending on your Linux distro. For Ubuntu, you can run:

$ sudo su

With other distros, you may be able to switch via just su. Ubuntu doesn't set a password for the root user by default so sudo is required to bypass the password prompt. If you are using Ubuntu and want to set a password for root, you can run sudo passwd root (however this is not recommended).

Linux - Adding a user

As the root user, you can add additional users to the system via:

# useradd <username>

This will add a new user with the specified name to the system. To add a password login for the new user, run:

# passwd <username>

This will prompt you to set a password for the new user.

Linux - Logging in as a new user

Once you've created a password for the new user, you can login via:

# su <username>

It should prompt you for the password. Once entered correctly, you will be logged in as the new user.

Linux - Removing a user

As root user, you can remove a user via:

# userdel <username>

Linux - Difference between su and sudo

The su command is used to switch users. When no username is provided, su switches to the root user by default. The sudo command allows users and groups to access commands they normally wouldn't have access to. By using sudo, you avoid having to switch to the root user to run restricted commands.

In order for a user to run sudo commands, the user must be added to the sudoers file in /etc/ directory. Editing the sudoers file directly is not recommended. Alternatively, the visudo command provides a safe and secure way to edit the sudoer file.

Linux Permissions

Permissions exist to protect a user's files from other users. Run ls -l in any directory to list the files and permissions. After running the command, you should see something like:

-rwxrwxrwx 1 svc-hadoop-platform-dev cperry      33 May 25 15:39 sample.txt
drw-r--r-- 1 svc-hadoop-platform-dev mjones 461 Aug 4 13:06 sample_files
-rw-rw-r-- 1 svc-hadoop-platform-dev mjones 55 Aug 4 13:06 subs.txt
-rwxrwx--- 1 svc-hadoop-platform-dev terryb 56 Aug 16 17:00 otherfile.txt

The first ten characters (-rwxrwxrwx) indicate the permissions for the listed resource. This may seem confusing, but when you break it down it makes more sense.

The first character (d, -) indicates the file type. Normal files are represented by (-) and directories (d). You'll notice the sample_files directory is the only item listed with a (d) as the first character because it is a directory and not a file like the others.

The next three characters are the permissions for the file's owner. Permissions are represented by three characters rwx.

  • r - the user has read access
  • w - the user has write access
  • x - the user has execute permissions

Remember that a hyphen represents restriction of access. Additionally, permissions will always be listed in the same order rwx.

The next three characters are permissions for the file's group.

The last three characters are the permissions for all other users.

Taking the subs.txt line sample output (-rw-rw-r--), we infer that:

  • (-) this is a regular file
  • (rw-) the file owner (mjones) has read/write access to the file
  • (rw-) the file's group has read/write access to the file
  • (r--) all other users only have read only access to the file

With most implementations, the file owner has the most permissions while the group and other users only have a subset of the owner's permissions.

Linux Groups

Groups are a way of managing a collection of users. You can see a full list of groups and their members at /etc/group.

Every user is automatically associated with a group. This means every file you create as a user will be associated with that user's primary group. To run programs or create files with different groups, you can either:

Add a new group

$ newgrp <marketing>

Change groups

chgrp <newgroup>

Linux changing permissions with chmod

As the root user or sudoer, you can change file permissions with chmod. For example:

chmod +rwx sample.txt

This will grant read, write, execute permissions to the file owner for sample.txt. The following will remove the same access.

chmod -rwx sample.txt

You can also grant specific class permissions with u, g, and o. For example:

chmod ug+rw sample.txt //gives read and write access to file owner and group
chmod go-rw sample.txt //denies read and write access to group and outsiders
chmod ugo+rwx sample.txt //gives read, write, execute access to user, group, and outsiders

You can also use the octect method, where the numbers 0-7 represent different permissions for each permission class. For example:

chmod 444 sample.txt
//results in dr--r--r--

This will give read only permissions (4) to the user, the group, and outsiders.

Linux changing ownership with chown

As the root user or sudoer, yuou can change file ownership with chown:

chown mjones sample.txt

If you want to change just the group, you can run:

chown :newgroup sample.txt


Using chown and chmod allows sudoers to change the permissions, owners, and groups associated with files in Linux. Creating users and organizing them into groups is considered best practice for organizing a Linux environment in a safe and secure way.

Your thoughts?