Linux Users, Groups, and Permissions Explained

Linux is an operating system like Windows or macOS, but it is open‑source and follows Unix design principles. One of its core strengths is how it handles multiple users securely on the same machine.

Understanding users, groups, and permissions helps you control who can do what on a system and prevents accidental or unauthorized access. Let’s understand these concepts with a practical example.

Example scenario

Assume you have an Ubuntu server where your software is deployed, and a team of four members working on it.

1// Acme Team
2
3- Alice (developer)
4- Jimmy (developer)
5- John (deployment)
6- Nami (deployment)

Users

• When Linux is installed, it creates a default user called root.
• The root user has unrestricted privileges on the system.
• Every user in Linux is assigned a User ID (UID).

1# Typical UID ranges:
2
3(0) → root user (superuser)
4(1 – 999) → system / service users (docker, redis, postgres, etc.)
5(1000+) → normal users (alice, john, etc.)

Creating users

Let’s onboard our team to the server.

1# create a user and home directory
2sudo useradd -m alice
3
4# set password for the user
5sudo passwd alice

Groups

• Groups exist so that we don’t manage permissions user‑by‑user.
• A file or directory can belong to one group, but many users can belong to that group.

Creating groups and assigning users

1# create groups
2sudo groupadd developers
3sudo groupadd deployment
4
5# add users to groups
6sudo usermod -aG developers alice
7sudo usermod -aG developers jimmy
8
9sudo usermod -aG deployment john
10sudo usermod -aG deployment nami

Permissions

Assume we have a project directory with the following files:

1project/
2├── index.html
3├── style.css
4└── deploy.sh

Access rules

• Developers should be able to read and write project files.
• Deployment team should be able to execute the deployment script.

Permission basics

In Linux, every file and directory has three permissions:

• read (r)
• write (w)
• execute (x)

Each file or directory:

• Belongs to one user (owner)
• Belongs to one group
• Has permissions defined for:
• • owner
  • group
  • others

Viewing permissions

1ls -l project
2
3# Example output:
4-rw-r--r-- 1 root root 29 Feb 5 12:45 deploy.sh
5-rw-r--r-- 1 root root 5950 Feb 5 12:44 index.html
6-rw-r--r-- 1 root root 8887 Feb 5 12:45 style.css

Understanding ls -l output

1[1] [2]       [3] [4]  [5] [6]             [7]
2-   rw-r--r-- 1   root root 29 Feb 5 12:45 deploy.sh

[1] File type

• - → regular file
• d → directory

[2] Permissions

1rw- r-- r--
2│   │   │
3│   │   └─ others
4│   └─ group
5└─ owner

• r → read
• w → write
• x → execute
• - → permission not granted

Meaning here:

• Owner → read, write
• Group → read only
• Others → read only

Other fields:

• [3] Hard link count
• [4] Owner user (root)
• [5] Owner group (root)
• [6] File size (bytes)
• [7] File name

Changing ownership → chown

chown is used to change the owner and group of a file or directory.

1# -R applies changes recursively
2sudo chown -R root:developers project

Change ownership of only the deployment script:

1sudo chown root:deployment project/deploy.sh

Changing permissions → chmod

chmod controls what actions are allowed on a file or directory.

Symbolic mode

1# u = user, g = group, o = others
2chmod -R u=rw,g=r,o=r project

• user → read, write
• group → read
• others → read

Numeric (octal) mode

Permissions map to numbers:

• r → 4
• w → 2
• x → 1

Example:

• user → rwx → 7
• group → rw- → 6
• others → --- → 0

1chmod 760 deploy.sh

Linux permissions are evaluated in this order:

owner → group → others

Resources

• https://www.redhat.com/en/blog/linux-file-permissions-explained
• https://www.geeksforgeeks.org/linux-unix/introduction-to-unix-system/