Linux is a multi-user operating system. Every file and directory has an owner, a group, and a set of permissions that control who can access it. Understanding permissions is essential for system administration and security.
Users and Groups
Every user on a Linux system has a unique UID (user ID) and belongs to at least one group. Groups let you manage permissions for multiple users at once.
# Show current user
whoami
# Show user ID and group memberships
id
# Show all groups the current user belongs to
groups
# List all users on the system
cat /etc/passwd
# List all groups on the system
cat /etc/groupUnderstanding File Permissions
Run ls -l to see permissions:
ls -l
# -rw-r--r-- 1 sabaoon devs 4096 Mar 24 10:00 readme.txt
# drwxr-xr-x 2 sabaoon devs 4096 Mar 24 10:00 src/The permission string -rw-r--r-- breaks down like this:
- rw- r-- r--
│ │ │ │
│ │ │ └── Others (everyone else)
│ │ └─────── Group
│ └──────────── Owner
└─────────────── File type (- = file, d = directory, l = link)Each set of three characters represents:
| Character | Meaning | Numeric Value |
|---|---|---|
r | Read | 4 |
w | Write | 2 |
x | Execute | 1 |
- | No permission | 0 |
Reading Permissions
Here are some common permission combinations:
| Permission | Numeric | Meaning |
|---|---|---|
rwx | 7 | Full access |
rw- | 6 | Read and write |
r-x | 5 | Read and execute |
r-- | 4 | Read only |
--- | 0 | No access |
For directories, the meanings are slightly different:
| Permission | Files | Directories |
|---|---|---|
r | Read contents | List files |
w | Modify contents | Create/delete files inside |
x | Run as program | Enter the directory (cd) |
Changing Permissions with chmod
The chmod command changes file permissions. You can use either symbolic or numeric notation.
Symbolic notation:
# Add execute permission for the owner
chmod u+x script.sh
# Remove write permission for others
chmod o-w config.txt
# Set read and write for owner, read for group and others
chmod u=rw,g=r,o=r document.txt
# Add read permission for everyone
chmod a+r public.htmlThe letters mean: u = owner (user), g = group, o = others, a = all.
Numeric notation:
# Owner: rwx (7), Group: r-x (5), Others: r-x (5)
chmod 755 script.sh
# Owner: rw- (6), Group: r-- (4), Others: --- (0)
chmod 640 private.conf
# Owner: rw- (6), Group: rw- (6), Others: r-- (4)
chmod 664 shared-doc.txt
# Apply permissions recursively to a directory
chmod -R 755 /var/www/html/Common permission patterns:
| Numeric | Symbolic | Use Case |
|---|---|---|
755 | rwxr-xr-x | Scripts, public directories |
644 | rw-r--r-- | Regular files, config files |
700 | rwx------ | Private scripts |
600 | rw------- | SSH keys, secrets |
777 | rwxrwxrwx | Avoid this — everyone has full access |
Changing Ownership with chown
The chown command changes the owner and group of a file:
# Change owner
sudo chown alice report.txt
# Change owner and group
sudo chown alice:developers report.txt
# Change group only
sudo chown :developers report.txt
# Or use chgrp
sudo chgrp developers report.txt
# Change ownership recursively
sudo chown -R www-data:www-data /var/www/html/Only the root user (or sudo) can change file ownership.
Managing Users
# Create a new user
sudo useradd -m -s /bin/bash newuser
# Set a password for the user
sudo passwd newuser
# Create a user with a specific home directory
sudo useradd -m -d /home/developer -s /bin/bash developer
# Delete a user (keep home directory)
sudo userdel olduser
# Delete a user and their home directory
sudo userdel -r olduser
# Modify a user (add to a group)
sudo usermod -aG docker sabaoonThe -aG flag in usermod is important — a means append to the group list. Without it, the user would be removed from all other groups.
Managing Groups
# Create a new group
sudo groupadd developers
# Add a user to a group
sudo usermod -aG developers sabaoon
# Remove a user from a group
sudo gpasswd -d sabaoon developers
# Delete a group
sudo groupdel developers
# List members of a group
getent group developersThe Root User and sudo
The root user has unrestricted access to the entire system. Instead of logging in as root directly, use sudo to run individual commands with root privileges:
# Run a single command as root
sudo apt update
# Open a root shell (use sparingly)
sudo -i
# Edit a system file with sudo
sudo nano /etc/hosts
# Check if you have sudo privileges
sudo -lThe sudoers configuration lives in /etc/sudoers. Never edit it directly — use visudo:
sudo visudoSpecial Permissions
Linux has three special permission bits:
SUID (Set User ID) — the file runs as the file owner, not the user who runs it:
# The passwd command uses SUID to write to /etc/shadow
ls -l /usr/bin/passwd
# -rwsr-xr-x 1 root root ... /usr/bin/passwd
# Set SUID
chmod u+s program
# Or numerically: chmod 4755 programSGID (Set Group ID) — files created in the directory inherit the directory's group:
# Set SGID on a shared directory
chmod g+s /shared/projects/
# Or numerically: chmod 2775 /shared/projects/Sticky bit — only the file owner can delete files in the directory (used on /tmp):
ls -ld /tmp
# drwxrwxrwt ... /tmp
# Set sticky bit
chmod +t /shared/uploads/
# Or numerically: chmod 1777 /shared/uploads/Practical Example: Web Server Permissions
Here is a real-world scenario for setting up a web server directory:
# Create web root
sudo mkdir -p /var/www/mysite
# Set ownership to web server user
sudo chown -R www-data:www-data /var/www/mysite
# Set directory permissions (owner: full, group: read+execute, others: read+execute)
sudo find /var/www/mysite -type d -exec chmod 755 {} \;
# Set file permissions (owner: read+write, group: read, others: read)
sudo find /var/www/mysite -type f -exec chmod 644 {} \;
# Add your user to the www-data group for editing
sudo usermod -aG www-data sabaoonSummary
You now understand how Linux permissions work — the read, write, and execute bits, numeric and symbolic notation, ownership, and special permissions. You can create and manage users and groups, and apply the right permissions for common scenarios. Next, you will learn about processes and services.