BV BitVistara

Linux User Management & Permissions

Understanding users, groups, and file permissions for beginners

Linux is a multi-user system where files and directories have permissions that control who can read, write, or execute them. Understanding these concepts is essential for system administration and security. Permissions are represented in two ways: symbolic notation (rwx) and numeric notation (like 755 or 777).

Understanding rwx Permissions

Permissions are divided into three categories, each represented by three characters:

Read (r)

Permission to view or copy file contents. For directories, allows listing contents.

Write (w)

Permission to modify or delete files. For directories, allows creating/removing files.

Execute (x)

Permission to run a file as a program. For directories, allows entering (cd) into it.

Permission Groups

Each file has three sets of permissions for three different groups:

Owner (u)
The user who created or owns the file. Has full control if permissions allow.
Group (g)
Users who belong to the file's group. Share permissions defined for the group.
Others (o)
Everyone else on the system who is not the owner or in the group.

How Numeric Permissions Work (755, 777, etc.)

Numeric permissions use octal (base-8) representation where each digit represents one permission group (Owner, Group, Others). Each digit is the sum of read (4), write (2), and execute (1) permissions:

4 = Read
2 = Write
1 = Execute
7 = 4+2+1 = Read + Write + Execute
6 = 4+2 = Read + Write
5 = 4+1 = Read + Execute
4 = Read only
0 = No permissions
755
Owner: 7 (rwx), Group: 5 (r-x), Others: 5 (r-x)
Common for executable files and scripts.
644
Owner: 6 (rw-), Group: 4 (r--), Others: 4 (r--)
Standard for regular files (config files, documents).
777
Owner: 7 (rwx), Group: 7 (rwx), Others: 7 (rwx)
Full access for everyone. ⚠️ Avoid on production - security risk!
600
Owner: 6 (rw-), Group: 0 (---), Others: 0 (---)
Owner only, private files (like SSH keys, passwords).

Common Commands

$ chmod 755 script.sh          # Set permissions to rwxr-xr-x
$ chmod +x script.sh            # Add execute permission for all
$ chmod u+w file.txt            # Add write for owner only
$ chmod g-r file.txt            # Remove read for group
$ chmod 644 file.txt            # Set to rw-r--r--

$ chown user:group file.txt     # Change owner and group
$ chown user file.txt           # Change owner only
$ sudo chown -R www-data:www-data /var/www  # Recursive ownership

$ groups                        # Show your groups
$ id                            # Show user ID and groups
$ whoami                        # Show current username

User Management Basics

Creating Users

$ sudo adduser newuser           # Interactive user creation
$ sudo useradd -m -s /bin/bash newuser  # Non-interactive

Managing Groups

$ sudo groupadd developers       # Create group
$ sudo usermod -aG sudo user     # Add user to sudo group
$ sudo usermod -aG docker user   # Add user to docker group
$ sudo deluser user              # Delete user

Checking Permissions

$ ls -l file.txt                 # Show permissions
$ ls -la                          # Show all files with permissions
$ stat file.txt                   # Detailed file info

Security Tips

  • Never use 777 permissions - it gives everyone full access
  • Use 755 for directories, 644 for regular files
  • Keep sensitive files (like private keys) at 600
  • Web server files should typically be owned by the web server user (e.g., www-data)
  • Use groups to share access between users rather than opening permissions to everyone