Users, Permissions, and Ownership

Understanding Users in Linux

Linux is a multi-user system: many users can exist (and even be logged in) on the same machine at the same time. Understanding users is the foundation for understanding permissions and ownership.

User Accounts and IDs

Internally, Linux does not work with your username directly; it works with numeric IDs.

Each user has:

A username, like alice or root
A user ID: $UID$ (User ID), an integer like 1000
A primary group ID: $GID$
A home directory, e.g. /home/alice
A login shell, e.g. /bin/bash

Viewing Your User Information

Common commands:

whoami — print your current username

  $ whoami
  alice

id — show your UID, GIDs, and groups

  $ id
  uid=1000(alice) gid=1000(alice) groups=1000(alice),27(sudo)

groups — list groups you are a member of

  $ groups
  alice sudo

You rarely need to think about your numeric UID directly, but it’s useful to recognize special ones:

0 — always the root user (superuser)
1–999 (typical desktop) — system and service accounts (may vary by distro)
1000+ — regular human users (default starting point on many distros)

Root vs Regular Users

Root:

UID 0
Unrestricted access to the system (can read/write any file, change any setting)
Typically not used for everyday work for safety

Regular users:

Limited by file permissions and system policies
Cannot, for example, install system-wide software or change system files without special elevation (sudo, covered in its own chapter)

You can check if you are root with:

$ id -u
0   # you are root

or:

$ whoami
root

Ownership of Files and Directories

Every file and directory in Linux has:

An owner user
An owner group
A set of permission bits that apply differently to:

the owner user
the owner group
everyone else (others)

You can see this information using ls -l.

$ ls -l
-rw-r--r-- 1 alice alice  1200 Dec 12 10:23 notes.txt
drwxr-xr-x 2 alice staff  4096 Dec 12 11:00 projects

Breakdown of the first file line:

-rw-r--r-- — type and permission bits
1 — link count
alice — owner user
alice — owner group
1200 — size in bytes
Dec 12 10:23 — modification time
notes.txt — filename

For the projects directory:

drwxr-xr-x — leading d means directory
Owner user is alice
Owner group is staff

The owner and group determine which permission set will be applied when a file is accessed.

Permission Bits: Read, Write, Execute

Linux permissions are represented with three basic flags:

r — read
w — write
x — execute

And they apply to three categories:

User (often abbreviated u) — the owner of the file
Group (often abbreviated g) — members of the file’s group
Others (often abbreviated o) — everyone else

So a typical 10-character permission string:

Example: -rw-r--r--

1st char: file type (- = regular file, d = directory, etc.)
Next 3: rw- — user (owner) permissions
Next 3: r-- — group permissions
Last 3: r-- — others permissions

Another example, for a directory:

drwxr-x---

d — directory
rwx — user can read, write, and enter this directory
r-x — group can list and enter, but not create/delete inside
--- — others have no access

Meaning of r, w, x for Files vs Directories

For regular files:

r — can read the file’s contents
w — can modify the file’s contents (if the directory also permits it)
x — can run it as a program or script (if it’s executable code)

For directories:

r — can list the directory’s contents (ls without errors)
w — can create, delete, or rename files in this directory (subject to rules)
x — can enter the directory (cd) and access items by name

A common pattern for shared directories:

drwxr-xr-x — anyone can list and enter, but only owner can modify contents
drwx------ — only owner can even see or enter the directory (e.g. ~/.ssh)

Numeric (Octal) Permission Notation

Permissions can also be represented using numbers, where:

r = 4, w = 2, x = 1

For each of user/group/others, you add the values:

rwx = $4 + 2 + 1 = 7$
rw- = $4 + 2 + 0 = 6$
r-x = $4 + 0 + 1 = 5$
r-- = $4 + 0 + 0 = 4$
--- = $0 + 0 + 0 = 0$

So a full permission like:

-rwxr-xr-- can be written as:

user: rwx → 7
group: r-x → 5
others: r-- → 4
Combined: 754

You’ll use this numeric form frequently with chmod.

Changing Permissions with chmod

chmod (change mode) modifies the permission bits on files and directories.

There are two main ways to use it:

Symbolic mode (u, g, o, a, +, -, = with r, w, x)
Numeric (octal) mode (chmod 755 file)

Symbolic Mode

Basic structure:

chmod [who][op][permissions] file

Where:

who can be:

u — user
g — group
o — others
a — all (u+g+o)

op can be:

+ — add permission(s)
- — remove permission(s)
= — set permissions exactly

permissions can be any combination of r, w, x

Examples:

# Add execute for user (owner)
chmod u+x script.sh
# Remove write for others
chmod o-w file.txt
# Give read+write to group
chmod g+rw shared.txt
# Remove all permissions from others
chmod o-rwx secret.txt
# Set exact permissions: user=rw, group=r, others=r
chmod u=rw,g=r,o=r document.txt

You can combine multiple operations:

chmod u+x,g-w script.sh

Numeric Mode

When you already know the desired numeric permissions:

# user: rwx, group: r-x, others: r-x
chmod 755 script.sh
# user: rw-, group: r--, others: r--
chmod 644 document.txt
# user: rwx, group: ---, others: ---
chmod 700 secret

Common patterns (for regular files):

644 — normal files: rw-r--r--
600 — private files: rw-------
755 — executable scripts or programs: rwxr-xr-x
700 — private executables or directories: rwx------

For directories, similar numeric values, but you typically need x to enter them:

755 — typical public directory (drwxr-xr-x)
700 — private directory (drwx------)

Recursive Changes

To change permissions for a directory and everything inside it:

# Apply 755 to directory and all its contents
chmod -R 755 mydir

Be very cautious with -R (recursive). It will affect all nested files and subdirectories, which may break things if misused (e.g. on /, /etc, or your entire home directory).

File Ownership: chown and chgrp

Permissions are evaluated based on who owns the file and which group it belongs to. Sometimes you need to change these.

Changing Owner with chown

chown (change owner) sets the owner and optionally the group of a file.

Basic forms:

chown newowner file
chown newowner:newgroup file
chown :newgroup file (change group only)

Examples:

# Change owner to 'alice'
sudo chown alice report.txt
# Change owner to 'alice' and group to 'staff'
sudo chown alice:staff project/
# Change group only to 'www-data'
sudo chown :www-data /var/www/html/index.html

You usually need to be root (or use sudo) to change ownership to another user.

Recursive Ownership Changes

Like chmod, chown also supports recursion:

# Make 'alice' the owner of everything in /srv/project
sudo chown -R alice:staff /srv/project

Again, be very careful with -R; changing ownership system-wide can break services.

Changing Group with chgrp

chgrp just changes the group owner, leaving the user unchanged.

# Change group of file.txt to 'staff'
chgrp staff file.txt
# Change group of directory and all contents
sudo chgrp -R www-data /var/www/html

You can change a file’s group if:

You are the file’s owner and
You are a member of the target group (or you have sufficient privileges)

How Linux Decides Which Permissions Apply

When a process (run by some user) tries to access a file, Linux checks permissions in a specific order:

Is the process’s UID the same as the file’s owner UID?

If yes, apply the user permission bits.

Else, is the process in the file’s group?

If yes, apply the group permission bits.

Else:

Apply the others permission bits.

Only one of these three sets is used for a given access check.

Example

File:

-rw-r----- 1 alice staff  4096 Dec 12 10:00 report.txt

Owner: alice
Group: staff
Others: no permissions

Users:

alice — owner → gets rw-
bob — in group staff → gets r--
carol — not owner, not in staff → gets --- (no access)

So:

alice can read and write report.txt
bob can only read it
carol cannot access it at all

Practical Permission Scenarios

Making a Script Executable

You have a shell script backup.sh:

$ ls -l backup.sh
-rw-r--r-- 1 alice alice  512 Dec 12 12:00 backup.sh

It’s not executable (x is missing). To run it directly:

chmod u+x backup.sh
./backup.sh

Or to make it executable by everyone:

chmod 755 backup.sh

Creating Private Files and Directories

For a private notes file:

touch secrets.txt
chmod 600 secrets.txt   # rw-------, only owner can read/write

For a private directory:

mkdir private
chmod 700 private       # rwx------, only owner can enter/list/use

Shared Project Directory

Suppose you want a group-based shared directory for multiple users in group project.

Basic steps (high-level):

Ensure group exists and users are members (covered in the dedicated user/group chapter).
Create the directory and set group:

   sudo mkdir /srv/project
   sudo chown root:project /srv/project

Set permissions so group can read/write:

   sudo chmod 770 /srv/project   # rwxrwx---

Now:

Members of project can read, write, and enter the directory.
Others have no access.

(For more advanced shared-directory behavior, like preserving group ownership on new files, special bits like setgid are used, which are typically covered in more advanced chapters.)

Quick Reference

View permissions and ownership:

ls -l

Show who you are:

whoami, id, groups

Change permissions:

chmod [options] mode file
Symbolic: chmod u+x file, chmod go-rw file
Numeric: chmod 644 file, chmod 755 script.sh

Change owner and group:

chown user file
chown user:group file
chgrp group file

Apply changes recursively:

chmod -R ... dir
chown -R ... dir
chgrp -R ... dir

Users and groups

Permission types (r, w, x)

Changing permissions

Changing ownership

Using sudo

Comments

Please login to add a comment.

Don't have an account? Register now!