Linux··5 min

Users and Permissions

If you came from Windows, you are probably used to being the administrator of your own machine by default. Linux works differently. Understanding how Linux handles users and permissions will save you a lot of confusion early on.

Series: Learning Linux from Scratch

  1. 1. Learning Linux from Scratch — After a Full IT Apprenticeship
  2. 2. What is Linux?
  3. 3. The Filesystem
  4. 4. Users and Permissions
  5. 5. Installing and Managing Software
  6. 6. Text Editors
  7. 7. Shell Scripting Basics
  8. 8. Process Management
  9. 9. Networking Fundamentals
  10. 10. SSH
  11. 11. systemd and Services
  12. 12. Disk Management
  13. 13. Users and Groups — In Depth
  14. 14. Cron and Scheduled Tasks
  15. 15. Firewall — iptables and ufw
  16. 16. Environment Variables and the Shell
  17. 17. Log Management
  18. 18. Kernel Module Management
  19. 19. The /proc Filesystem — In Depth
  20. 20. The /sys Filesystem and udev
  21. 21. Kernel Parameters and sysctl
  22. 22. Compiling and Installing a Custom Kernel

In the last post we looked at the filesystem and saw that /root is the home folder of the root user, and that every other user lives under /home. Now it is time to understand what that actually means — who these users are and what they are allowed to do.

Users

Every person who uses a Linux system has an account. That account has a username, a home folder under /home, and a set of privileges that define what it can and cannot do.

You can check which user you are currently logged in as with:

whoami

It will print your username. Simple.

The root user

There is one special user on every Linux system. The root user. Root can do anything. Read any file, delete any file, change any setting, break the entire system. There are no restrictions.

This is exactly why you do not log in as root for everyday use. One wrong command and there is nothing stopping it from doing serious damage.

Instead, Linux gives regular users a way to borrow root privileges temporarily when they actually need them.

sudo

sudo somecommand

sudo stands for Super User Do. When you prefix a command with sudo, you are running it as root. You will be asked for your password, the command runs with full privileges, and then you are back to being a regular user.

A practical example. Installing software on a Debian-based system requires root privileges because it modifies system folders. So instead of logging in as root, you do:

sudo apt install firefox

You will use sudo constantly. But the key thing to understand is that it is a deliberate step. You are consciously choosing to run something with elevated privileges, not doing it by accident.

Permissions

Every single file and folder on a Linux system has a set of permissions attached to it. Those permissions define who can read it, write to it, or execute it.

Run ls -l in any folder and you will see something like this:

-rwxr-xr-- 1 jan users 4096 May 1 12:00 script.sh

That string at the start looks confusing at first. It is not.

Reading the permission string

Take -rwxr-xr-- and break it into four parts:

-   rwx   r-x   r--
  • The first character is the file type. - means a regular file. d means a directory.
  • The next three characters are the permissions for the owner of the file.
  • The three after that are the permissions for the group.
  • The last three are the permissions for everyone else.

Each set of three characters follows the same pattern:

  • r — read. Can you see the contents?
  • w — write. Can you modify it?
  • x — execute. Can you run it as a program?
  • - — means that permission is not granted.

So rwx means full access. r-x means read and execute but not write. r-- means read only.

Going back to the example:

-rwxr-xr-- 1 jan users 4096 May 1 12:00 script.sh
  • The owner is jan
  • jan has read, write and execute — rwx
  • The group users has read and execute — r-x
  • Everyone else has read only — r--

Changing permissions with chmod

chmod 755 script.sh

chmod changes the permissions of a file. The numbers map to the permission sets.

Each permission has a value:

  • r = 4
  • w = 2
  • x = 1

You add them together for each group. So:

  • 7 = 4+2+1 = rwx
  • 5 = 4+0+1 = r-x
  • 4 = 4+0+0 = r--

755 means the owner gets full access, the group gets read and execute, everyone else gets read only. This is a common permission set for scripts and programs.

Changing ownership with chown

sudo chown jan script.sh

chown changes who owns a file. You need sudo for this because changing ownership is a privileged operation.

You can also change the group at the same time:

sudo chown jan:users script.sh

Putting it together

Create a file and look at its default permissions:

touch testfile.txt
ls -l testfile.txt

You will see something like:

-rw-r--r-- 1 jan users 0 May 1 12:00 testfile.txt

By default a new file gives the owner read and write, and everyone else read only. No execute permission because it is not a program.

Now change the permissions:

chmod 600 testfile.txt
ls -l testfile.txt
-rw------- 1 jan users 0 May 1 12:00 testfile.txt

Now only the owner can read or write it. Everyone else has no access at all.

Permissions feel like a lot to take in at once but you will get used to reading them quickly. The important things to take away from this post are that root can do everything and should be used carefully, sudo is how you temporarily access that power, and every file has a clear set of rules about who can do what with it.

Next up: installing and managing software — how package managers work and why they are one of the best things about Linux.

#linux
1 views