Users, Groups & Permissions
Learn how Linux manages users, controls access to files, and secures the operating system through ownership and permissions.
Difficulty: Beginner
Estimated reading time: 45 min
Introduction
One of the biggest differences between Linux and many desktop operating systems is this:
Linux was designed as a multi-user system from the beginning.
That means Linux was built with the expectation that:
- multiple users may use the same machine
- users should not automatically trust each other
- applications should run with limited privileges
- access must be controlled carefully
This is where Linux permissions become extremely important.
Permissions control:
- who can read files
- who can modify files
- who can execute programs
- who can manage system resources
Without permissions, Linux systems would be insecure chaos.
Understanding Linux Users
Every process and every file in Linux belongs to a user.
You can display your current user with:
whoami
Example:
john
Linux users are not just for human logins.
Many applications also run under dedicated system users.
Examples:
| Service | Common User |
|---|---|
| Nginx | www-data |
| MySQL | mysql |
| Docker | root |
| SSH | sshd |
This improves security because services become isolated from each other.
The Root User
Linux contains a special administrative user called:
root
The root user has unrestricted access to the system.
Root can:
- modify any file
- install software
- kill any process
- manage users
- reconfigure the entire system
In Linux:
Root bypasses almost all permission checks.
This is extremely powerful.
And extremely dangerous.
Why Root Access Is Dangerous
Imagine accidentally executing:
rm -rf /
As a regular user, Linux may deny access to protected directories.
As root, the system might attempt to delete everything.
This is why Linux encourages:
- limited privileges
- temporary privilege escalation
- separation of responsibilities
Understanding sudo
Instead of logging in directly as root, Linux usually uses:
sudo
Example:
sudo apt update
sudo means:
Superuser Do
It temporarily executes a command with elevated privileges.
This approach is much safer because:
- users operate with minimal privileges by default
- administrative access becomes intentional
- commands can be audited
Groups in Linux
Linux also uses groups.
Groups allow multiple users to share permissions.
Example:
developers
admins
docker
A file can belong to:
- one owner
- one group
This makes collaboration much easier.
Example Scenario
Imagine a web server project.
Users:
alice
bob
charlie
Group:
webdev
All developers can belong to the same group:
sudo usermod -aG webdev alice
Now shared project files can be accessible to everyone inside the group.
Viewing Your Groups
Display your groups:
groups
Example:
john sudo docker developers
This means the user belongs to multiple permission groups.
Understanding File Ownership
Every file in Linux has:
- an owner
- a group
You can view ownership using:
ls -l
Example:
-rw-r--r-- 1 john developers 1200 May 13 app.js
Breakdown:
| Part | Meaning |
|---|---|
john |
File owner |
developers |
File group |
Ownership is fundamental to Linux security.
Understanding Linux Permissions
This section is one of the most important Linux concepts.
Example permission string:
-rwxr-xr--
At first this looks confusing.
But it becomes simple once you break it apart.
Permission Structure
-rwxr-xr--
Structure:
[type][owner][group][others]
Example:
- rwx r-x r--
File Type
The first character represents the file type.
| Symbol | Meaning |
|---|---|
- |
Regular file |
d |
Directory |
l |
Symbolic link |
Example:
drwxr-xr-x
means:
directory
Permission Groups
The remaining characters are split into three sections:
rwx | r-x | r--
| Section | Applies To |
|---|---|
| First | Owner |
| Second | Group |
| Third | Others |
Permission Types
Each section contains three permission types:
| Symbol | Meaning |
|---|---|
r |
Read |
w |
Write |
x |
Execute |
Understanding Read Permission
Read permission allows viewing file contents.
Example:
cat notes.txt
Without read permission:
Permission denied
Understanding Write Permission
Write permission allows modifying files.
Examples:
- editing files
- deleting files
- renaming files
Without write access, modifications fail.
Understanding Execute Permission
Execute permission allows running files as programs.
Example:
./deploy.sh
Without execute permission:
Permission denied
This surprises many beginners.
Linux does not decide executability using file extensions.
Instead:
Linux checks execute permissions.
Real Example
File permissions:
-rwxr-xr--
Breakdown:
| User Type | Permissions |
|---|---|
| Owner | Read, write, execute |
| Group | Read, execute |
| Others | Read only |
Permissions on Directories
Directory permissions behave differently.
| Permission | Directory Meaning |
|---|---|
r |
List contents |
w |
Create/delete files |
x |
Enter directory |
This is extremely important.
You may have read access to a file but still be unable to access it if directory permissions block traversal.
Changing Permissions with chmod
The chmod command modifies permissions.
Symbolic Mode
Example:
chmod +x deploy.sh
This adds execute permission.
Now the script becomes executable.
More Examples
Remove write permission:
chmod -w file.txt
Add read permission for everyone:
chmod +r file.txt
Numeric Permissions
Linux permissions can also be represented numerically.
| Permission | Value |
|---|---|
| Read | 4 |
| Write | 2 |
| Execute | 1 |
Values are added together.
Examples:
| Number | Permissions |
|---|---|
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r– |
Example: chmod 755
chmod 755 script.sh
Breakdown:
| Section | Value | Meaning | |—|—| | Owner | 7 | rwx | | Group | 5 | r-x | | Others | 5 | r-x |
Final permissions:
rwxr-xr-x
This is one of the most common Linux permission setups.
Example: chmod 644
chmod 644 file.txt
Result:
rw-r--r--
Meaning:
- owner can modify
- everyone can read
- nobody else can write
Very common for configuration files.
Changing Ownership with chown
The chown command changes file ownership.
Example:
sudo chown john file.txt
Change owner and group:
sudo chown john:developers file.txt
Recursive ownership:
sudo chown -R john:developers project/
This is very common when managing web applications and Docker volumes.
Real-World Example
Imagine deploying a Node.js application.
Project directory:
/var/www/app
You may need:
sudo chown -R john:www-data /var/www/app
Now:
johnowns the files- web server group can access them
This is a very common Linux workflow.
Why Permissions Matter So Much
Linux permissions provide:
- security
- isolation
- system stability
- multi-user support
Without permissions:
- applications could overwrite each other
- users could access private files
- malware could spread easily
- services could compromise the entire system
Permissions are one of the foundations of Linux security.
Understanding Permission Denied
One of the most common Linux errors:
Permission denied
This usually means one of three things:
| Problem | Explanation |
|---|---|
| Missing read permission | Cannot open file |
| Missing write permission | Cannot modify file |
| Missing execute permission | Cannot run file |
This error becomes much easier to understand once you fully understand permissions.
The Principle of Least Privilege
Linux security follows an important principle:
Give only the minimum permissions required.
Applications should not run as root unless absolutely necessary.
This reduces damage if something goes wrong.
Modern DevOps and cloud infrastructure heavily depend on this principle.
Why Docker and Linux Permissions Are Connected
Containers heavily rely on Linux permission systems.
Docker isolation uses concepts like:
- users
- groups
- namespaces
- filesystem permissions
Understanding Linux permissions makes Docker much easier to understand later.
The Bigger Picture
Permissions are not just about files.
They are part of a much larger Linux philosophy:
- isolation
- security
- controlled access
- process separation
Once permissions start making sense, Linux systems suddenly become far less mysterious.
You begin understanding why Linux infrastructure is structured the way it is.
What Comes Next
In the next chapter, we will explore:
- processes
- process IDs
- foreground and background jobs
- system monitoring
- CPU and memory usage
- process management tools like
ps,top, andhtop
This is where Linux starts feeling like a real operating system instead of just a filesystem.