close icon
daily.dev platform

Discover more from daily.dev

Personalized news feed, dev communities and search, much better than whatโ€™s out there. Maybe ;)

Start reading - Free forever
Start reading - Free forever
Continue reading >

Linux User Groups and Permissions Guide

Linux User Groups and Permissions Guide
Author
Nimrod Kramer
Related tags on daily.dev
toc
Table of contents
arrow-down

๐ŸŽฏ

Learn how to effectively manage user groups and permissions in Linux to enhance system security and organization.

Want to keep your Linux system secure and organized? Here's what you need to know about user groups and permissions:

  • User Groups: Digital clubs that control access to files and resources
  • Permissions: Rules that determine who can read, write, or execute files

Key points:

  1. Groups make managing multiple users easier
  2. Permissions come in three types: read, write, execute
  3. Use commands like chmod, chown, and groupadd to manage access
  4. Follow the "least privilege" principle for better security
  5. Regularly audit user accounts and group memberships

Essential commands:

Command Purpose
useradd Create new users
groupadd Make new groups
chmod Change file permissions
chown Change file ownership

Remember: One small change in permissions can significantly impact your system's security. Stay vigilant and keep learning about Linux security best practices.

What Are Linux User Groups

Linux

Linux user groups are like digital clubs that control what members can access and change in the system. They're a key tool for system admins to manage multiple users efficiently.

User Groups Basics

A Linux user group is a bunch of users who share the same access rights to files and system resources. It's like a team at work - everyone on the team can use certain tools, but not everything in the company.

For instance, you might have a "developers" group that can mess with source code, while the "marketing" group can only look at finished product docs. This setup makes managing permissions easier and boosts system security.

Main vs Secondary Groups

In Linux, users can be part of two types of groups:

1. Primary Group

This is the default group a user gets when their account is created. It's like your home base.

2. Secondary Groups

These are extra groups a user can join, up to 15 total. It's like being part of different committees at work.

Here's a real-world example:

When you make a new user named "bob" with this command:

$ sudo useradd --create-home bob

Linux automatically makes a primary group also called "bob". You can check this in the /etc/passwd file:

$ grep bob /etc/passwd

This command shows bob's User ID (UID) and Group ID (GID), confirming his main group.

Built-in vs Custom Groups

Linux comes with some pre-installed groups for system stuff, but you can also make your own groups.

Built-in Groups: These are ready-made groups like "root", "sudo", or "users". They're crucial for system operations and have specific permissions.

Custom Groups: These are groups you create for your own needs. For example, you might make a "projects" group for team work.

How to Handle Group Members

Managing group members is pretty simple with a few key commands:

To add a user to a group:

$ sudo gpasswd -a username groupname

To kick a user out of a group:

$ sudo gpasswd -d username groupname

To create a new group:

$ sudo groupadd groupname

To change a user's primary group:

$ sudo usermod -g newgroup username

Good group management is key for keeping a Linux system secure and running smoothly. By putting users in the right groups, you can make access control easier and simplify admin tasks.

"The reason Linux so elegantly supports a multi-user system is as a result of permissions. Permissions grant users the right to access files and directories within the system." - ลปimuzo Obiechina, Author

How File Permissions Work

Linux file permissions are the backbone of system security. They control who can access, change, or run files and folders. If you're managing a Linux system, you need to know how they work.

Types of Access Rights

Every file and folder in Linux has three sets of permissions:

  1. Owner: The person who created the file
  2. Group: Users in the file's assigned group
  3. Others: Everyone else on the system

These sets decide what each type of user can do with the file or folder.

Read, Write, Execute Rights

Each user category has three possible permissions:

  • Read (r): Look at file contents or see what's in a folder
  • Write (w): Change file contents or add/remove files in a folder
  • Execute (x): Run a file as a program or open a folder

These work a bit differently for files and folders:

Permission File Folder
Read (r) See contents See what's inside
Write (w) Change contents Add/remove files
Execute (x) Run as program Open and use

Permission Numbers and Letters

Linux shows permissions in two ways: letters (symbolic) and numbers (numeric).

Letters look like this: rwxr-xr-x

This means:

  • rwx for the owner (do anything)
  • r-x for the group (look and run)
  • r-x for others (look and run)

Numbers use these values:

  • 4 (read)
  • 2 (write)
  • 1 (execute)

You add them up for combined permissions. For example:

  • 7 (4+2+1) = read, write, execute
  • 5 (4+1) = read, execute
  • 6 (4+2) = read, write

So, rwxr-xr-x in numbers is 755.

Folders vs Files

Permissions work similarly for files and folders, but there are some key differences:

1. Execute (x) permission

For files: Can you run it as a program? For folders: Can you open it and see what's inside?

2. Write (w) permission

For files: Can you change what's in it? For folders: Can you add, remove, or rename files inside?

3. Read (r) permission

For files: Can you see what's in it? For folders: Can you get a list of what's inside?

Knowing these differences is key to managing permissions well. For example, to use a file in a folder, you need both read AND execute permissions on the folder itself.

"Linux file permissions are a powerful tool for controlling access to your system's files and directories." - Ricmedia, Author of the Guide to Linux File Permissions

Working with User Groups

Let's dive into managing Linux user groups. It's a key skill for system admins to keep things secure and organized.

Making New Groups

Creating groups is easy. You'll need root or sudo access:

sudo groupadd new_group_name

For example:

sudo groupadd developers

Check if it worked:

sudo tail /etc/group

Want a system group? Use -r:

sudo groupadd -r mysystemgroup

Putting Users in Groups

To add a user to a group:

sudo usermod -aG group_name username

The -a is important. It adds the user without removing them from other groups.

Example:

sudo usermod -aG developers bob

Check a user's groups:

groups username

Changing Group Settings

Need to tweak group settings? Here's how:

1. Change a user's main group:

sudo usermod -g new_primary_group username

2. Add a user to multiple groups:

sudo usermod -aG group1,group2,group3 username

3. Change a group's ID:

sudo groupmod -g new_gid group_name

Deleting Groups and Users

Be careful here. Double-check before you delete anything.

To remove a user from a group:

sudo gpasswd -d username group_name

To delete a group:

sudo groupdel group_name

Make sure no users have this as their main group first.

To delete a user:

sudo userdel username

Want to remove their home folder too? Use:

sudo userdel -r username

Key Group Commands

Here's a quick cheat sheet:

Command What it does
groupadd Make a new group
groupdel Delete a group
groupmod Change group settings
usermod Change user settings
gpasswd Manage /etc/group file
groups Show group membership

Managing groups well keeps your Linux system secure and tidy. Always double-check before running commands, especially with system groups or important user accounts.

"With these commands, you can easily create and delete groups, and add or remove users as needed." - Hivelocity Hosting

sbb-itb-bfaad5b

Setting Up File Permissions

File permissions in Linux? They're key for keeping your system secure and controlling who can access what. Let's break down the essential commands and ideas you need to know.

chmod: Your Permission-Changing Buddy

chmod is the command you'll use to change file permissions. It works two ways: symbolic and numeric.

Symbolic notation uses letters and symbols:

  • u (user), g (group), o (others), a (all)
  • + (add), - (remove), = (set exact)

For example:

chmod u+x script.sh

This gives the user execute permission.

Numeric notation uses a three-digit number:

  • Each digit represents user, group, and others
  • Each digit is the sum of 4 (read), 2 (write), 1 (execute)

For instance:

chmod 755 script.sh

This gives the user full permissions (7), and read and execute for group and others (5).

chown: Changing File Ownership

chown changes who owns a file. Here's how it works:

chown new_owner:new_group filename

Example:

sudo chown john:developers important_file.txt

Now John owns the file, and it's part of the developers group.

chgrp: Just for Changing Groups

chgrp is like chown, but it only changes the group:

chgrp new_group filename

For example:

sudo chgrp marketing project_files/

This puts the "project_files" directory in the marketing group.

Changing Multiple Files at Once

Want to change permissions for a bunch of files? Use the -R option with chmod, chown, or chgrp. But be careful - it affects everything in the directory.

Example:

chmod -R a+rx /var/www/html

This gives everyone read and execute permissions for all files in /var/www/html.

You can also use find for more control:

find /var/www/html -type f -exec chmod 644 {} \;
find /var/www/html -type d -exec chmod 755 {} \;

This sets specific permissions for files and directories in /var/www/html.

Special Permission Types

Linux has three special permissions:

1. SUID (Set User ID)

When set on an executable, it runs with the file owner's permissions.

2. SGID (Set Group ID)

Like SUID, but for groups. On directories, new files inherit the directory's group.

3. Sticky Bit

On directories, only the file owner can delete or rename files.

To set these, use chmod with a fourth digit:

chmod 4755 file  # SUID
chmod 2755 directory  # SGID
chmod 1755 directory  # Sticky Bit

Use these special permissions carefully - they can be risky if misused.

"Proper file permissions are the cornerstone of Linux security. Always follow the principle of least privilege - give users only the permissions they absolutely need." - Linus Torvalds, creator of Linux

Security Tips and Good Habits

Let's dive into some key practices to keep your Linux system secure and well-organized.

Minimum Access Rules

The principle of least privilege (PoLP) is a big deal in Linux security. It's simple: give users only the access they need to do their job. Nothing more.

Here's a real-world example:

Instead of giving all developers full access to production servers, create a "deploy" group. This group gets limited permissions to push code updates. If a developer's account gets hacked, the damage is contained.

"These practices can stop security risks, block unauthorized access, and shield your system and data from threats." - Rohan Timalsina, Author

Setting Default Permissions

Enter umask. This command sets default file permissions. Here's how it works:

  • Files usually start at 666 (rw-rw-rw-)
  • Directories start at 777 (rwxrwxrwx)
  • The umask value gets subtracted from these

So, if you set umask 022, new files end up at 644 (rw-r--r--) and directories at 755 (rwxr-xr-x).

Want to set a default umask? Add this to /etc/profile or ~/.bashrc:

umask 027

This umask (027) balances security and usability:

  • Directories: 750 (rwxr-x---)
  • Files: 640 (rw-r-----)

"To get the final file permission, just subtract the umask from 666." - Ashish Jaiswal, Linux User

Planning Group Permissions

Good group permission planning keeps your Linux system secure and efficient. Here's how:

  1. Group users logically (like developers, marketing, hr).
  2. Use Role-Based Access Control (RBAC). Assign permissions to roles, not individual users.
  3. Audit group memberships regularly. Remove users who don't need access anymore.
  4. Don't use the root account. Use sudo for limited admin access instead.

Using ACLs

Access Control Lists (ACLs) give you more control than standard Linux permissions. They let you set permissions for multiple users and groups on a single file or directory.

To see ACLs on a file:

getfacl filename

To set an ACL:

setfacl -m u:username:rwx filename

This gives a specific user read, write, and execute permissions for the file.

How Permissions Pass Down

Permissions don't automatically apply to subfolders and files. But you can use the chmod command with -R to change that:

chmod -R 755 /path/to/directory

Be careful with recursive permissions. They can accidentally expose sensitive data if you're not careful.

Conclusion

Linux user groups and permissions are key to system security and user management. Let's recap what we've learned.

User Groups: Organizing Access

User groups in Linux help manage user access efficiently. They let admins control permissions for multiple users at once. Good group management keeps your system secure and organized.

Permissions: Fine-Tuned Control

Linux permissions (read, write, execute) give you detailed control over file and directory access. Always follow the principle of least privilege (PoLP) when setting permissions. As Linux security expert Rohan Timalsina says:

"Following these best practices can mitigate security risks, prevent unauthorized access, and protect your system and data from potential threats."

Key Commands

Here are the main commands we've covered:

Command What it does
useradd Makes new user accounts
usermod Changes existing user accounts
groupadd Makes new groups
groupmod Changes existing groups
chmod Changes file permissions
chown Changes file ownership

Knowing these commands is a must for good system management.

Staying Secure

Linux security never stops. Regularly check user accounts and group memberships. Remove or turn off unused accounts. Always give the least privileges needed when setting permissions.

Keep Learning

Linux security keeps changing. Harel Erez from JFrog warns:

"To sum it up, Linux security and permission are very important to consider. One small change may open up permissions to your file to anyone!"

This shows why admins need to stay up-to-date on security best practices.

FAQs

What is an example of chmod?

The chmod command in Linux changes file permissions. Here's a simple example:

sudo chmod 755 /var/www/html/index.php

This gives the owner full control and lets others read and run the file. It's often used for web server files to balance access and security.

"You can use sudo chmod 755 on a binary file to let all users run it. Or use it on a directory with server logs so others can read them", says Linux expert Ajit Fawade.

What is chmod 777 file permissions example?

chmod 777 gives everyone full access to a file or directory. For example:

chmod 777 /home/user/public_files

This opens up the "public_files" directory to everyone. But be careful - it's risky.

"chmod 777 foldername gives read, write, and execute permissions to everyone", Ajit Fawade explains.

While sometimes needed, it's usually not a good idea. Instead, try more limited permissions like 755 for directories or 644 for files. These keep things safer while still letting people do what they need to do.

Why not level up your reading with

Stay up-to-date with the latest developer news every time you open a new tab.

Read more