This tutorial will provide you with an explanation of how Linux users organized, what permissions are, how they work, and how to manage them. A number of examples will be provided to illustrate how to set and change permissions for both users and groups.

What are User and Group Permissions?

Linux operating systems have the ability to multitask in a manner similar to other operating systems. However, the Linux’s key difference from others is its ability to have multiple users. Linux was designed to allow more than one user to have access to the system at the same time. In order for this multiuser design to work properly, there needs to be a method to protect users from each other. This is where permissions come in to play.

Read, Write & Execute Permissions

Permissions are the “rights” to act on a file or directory. The basic rights are read, write, and execute.

  • Read – a readable permission allows the contents of the file to be viewed. A read permission on a directory allows you to list the contents of a directory.
  • Write – a write permission on a file allows you to modify the contents of that file. For a directory, the write permission allows you to edit the contents of a directory (e.g. add/delete files).
  • Execute – for a file, the executable permission allows you to run the file and execute a program or script. For a directory, the execute permission allows you to change to a different directory and make it your current working directory. Users usually have a default group, but they may belong to several additional groups

Viewing File Permissions

To view the permissions on a file or directory, issue the command ls -l <directory/file>. Below is sample output for the ls command:

The first ten characters show the access permissions.
The first dash (-) indicates the type of file (d for a directory, s for a special file, and – for a regular file).
The next three characters (rw-) define the owner’s permission to the file. In this example, the file owner has read and write permissions only.
The next three characters (r–) are the permissions for the members of the same group as the file owner (which in this example is read-only).
The last three characters (r–) show the permissions for all other users and in this example, it is read-only.

Working with Users, Groups, and Directories

The following sections will go over the commands needed to create, delete, and modify user accounts. Groups will be covered, as well as commands for creating and deleting directories. You will be provided with the commands and descriptions needed for working with users, groups, and directories.

Creating and Deleting User Accounts

To create a new standard user, use the useradd command. The syntax is as follows:

The useradd command utilizes a variety of variables, some of which are shown in the table below:

Option Description Example
-d <home_dir> home_dir will be used as the value for the user’s login directory useradd <name> -d /home/<user's home>
-e <date> the date when the account will expire useradd <name>** -e <YYYY-MM-DD>
-f <inactive> the number of days before the account expires useradd <name> -f <0 or -1>
-s <shell> sets the default shell type useradd <name> -s /bin/<shell>

You will need to set a password for the new user by using the passwd command. Note, you will need root privileges to change a user password. The syntax is as follows:

The user will be able to change their password at any time using the passwd command with the syntax. Below is an example:

It is important to note that security should always be taken very seriously. Therefore, it is strongly recommended to use unique passwords for each account. Never share or give your password to other users.

To remove a user account, enter the following command:

Issuing the command above will only delete the user’s account. Their files and home directory will not be deleted.

To remove the user, their home folder, and their files, use this command:

Understanding Sudo

Root is the super user and has the ability to do anything on a system. Therefore, in order to have protection against potential damage sudo is used in place of root. Sudo allows users and groups access to commands they normally would not be able to use. Sudo will allow a user to have administration privileges without logging in as root. A sample of the sudo command is as follows:

Before using sudo, it may need to be installed if it is not part of your distribution. The command for Debian is as follows:

For CentOS, the command is as follows:

In order to provide a user with sudo ability, their name will need to be added to the sudoers file. This file is very important and should not be edited directly with a text editor. If the sudoers file is edited incorrectly it could result in preventing access to the system.

Therefore the visudo command should be used to edit the sudoers file. At a command line, log into your system as root and enter the command visudo.

Below is the portion of the sudoers file that shows the users with sudo access.

Changing Directory and File Permissions

To view file permissions and ownership on files and directories, use the ls -al command. The aoption is to show hidden files or all files, and the l option is for the long listing. The output will be similar to the following:

The first column with the ten letters and dashes shows the permissions of the file or directory. The second column (with the single number) indicates the number of files or directories contained in the directory. The next column indicates the owner, followed by the group name, the size, date, and time of last access, and finally the name of the file . For example, using the first line from the output above, the details are as follows:

Chmod Command

The command chmod is short for change mode. Chmod is used to change permissions on files and directories. The command chmod may be used with either letters or numbers (also known as octal) to set the permissions. The letters used with chmod are in the table below:

Letter Permission
r Read
w Write
x Execute
X Execute (only if file is a directory)
s Set user or group ID on execution
t Save program text on swap device
u Current permissions the file has for owner
g Current permissions the file has for users in the same group
o Current permissions the file has for others not in the group

It is important to remember that the first character of the first column of a file listing denotes whether it is a directory or a file. The other nine characters are the permissions for the file/directory. The first three characters are for the user, the next three are for the group, and the last three are for others. The example drwxrw-r– is broken down as follows:

d is a directory

rwx the user has read, write, and execute permissions

rw- the group has read and write permissions

r– all others have read only permissions

Note that the dash (-) denotes permissions are removed. Therefore, with the “all others” group, r– translates to read permission only, the write and execute permissions were removed.

Conversely, the plus sign (+) is equivalent to granting permissions: chmod u+r,g+x <filename>

The example above translates as follows:

In other words, the user was given read permission and the group was given execute permission for the file. Note, when setting multiple permissions for a set, a comma is required between sets.

Changing File OwnershipPermalink

By default, all files are “owned” by the user who creates them and by that user’s default group. To change the ownership of a file, use the chown command in the chown user:group /path/to/fileformat. In the following example, the ownership of the “list.html” file will be changed to the “phuong” user:

To change the ownership of a directory and all the files contained inside, use the recursive option with the -R flag. In the following example, change the ownership of /tmp/abc to the “phuong” user:



Vui lòng nhập bình luận của bạn
Vui lòng nhập tên của bạn ở đây