Lesson 1.10: Basics of Users, Groups & Permissions

Users

Type of Users

Type of UsersUID
Root User0
System User1-200
App User201-999
Normal User>=1000

Adding User

 
[root@client ~]# useradd ribik 
[root@client ~]# passwd ribik 
Changing password for user ribik.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

User's Database file : /etc/passwd

  • Format : ribik:x:1001:1001::/home/ribik:/bin/bash
  • < username >:< encrypted password >:< uid >:< gid >:< comment >:< home directory >:< shell >
  • Example: ribik:x:1001:1001::/home/ribik:/bin/bash

Groups

Type of Groups

Type of GroupsGID
Root User's Group0
System User's Group1-200
App User's Group201-999
Normal User's Group>=1000

Permissions

Conversions

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1

chmod 777 filename

Identity & Position

  • User = First or left-most
  • Group = Middle
  • Others = Last or right-most

chmod u=rwx,g=rw,o=x filename

Viewing Permissions on a file/directory

  • ls -l : Show Long Listing
  • Format : < Permissions > < hardlink > < owner name > < group name > < file size > < date & time of modification > < name >
 
[root@client ~]# ls -l 
total 4
-rw-------. 1 root root 1143 Dec  6  2023 anaconda-ks.cfg
drwxr-xr-x. 2 root root    6 Mar  7  2024 Desktop
drwxr-xr-x. 2 root root    6 Mar  7  2024 Documents
drwxr-xr-x. 2 root root    6 Mar  7  2024 Downloads
drwxr-xr-x. 2 root root    6 Mar  7  2024 Music
drwxr-xr-x. 2 root root    6 Mar  7  2024 Pictures
drwxr-xr-x. 2 root root    6 Mar  7  2024 Public
drwxr-xr-x. 2 root root    6 Mar  7  2024 Templates
drwxr-xr-x. 2 root root    6 Mar  7  2024 Videos

Permissions Field

  • The field is of 10 Character
  • < Type >< Owner >< Group >< Others >
  • Type ( - normal fiel ), ( d directory ), (l soft link), (b block device file), (c Character device file)

UMASK

  • umask is a value that determines default permission on a file/directory in the time of creation.
 
[root@client ~]# umask 
0022
  • Default value of permission for file is 644 (-rw-r--r--) and for folder is 755 (drwxr-xr-x).
 
[root@client class]# touch file1 && mkdir folder1 && ls -l
total 0
-rw-r--r--. 1 root root 0 Sep 21 09:37 file1
drwxr-xr-x. 2 root root 6 Sep 21 09:37 folder1

Formula to Calculate default permission of file

  • Maximum allowed permission at the time of file creation (666)
  • Substract : Max allowed Permission (666) - umask value (022) : 644 (Default value)

Formula to Calculate default permission of directory

  • Maximum allowed permission at the time of directory creation (777)
  • Substract : Max allowed Permission (777) - umask value (022) : 755 (Default value)

Chaning the umask Command

Temporary umask change

  • umask <umask value>

Permanently umask change

  • CASE I: User-specific umask change
    • Go to .bashrc and add the line umask <umask value>
  • CASE II: System-wide umask change
    • Go to /etc/.basrc and the line umask <umask value>

How to calculate the required umask value for file ?

  • Suppose we want a file to have only read write permission for the owner. (-rw-------)
  • Using the Substraction method :
  • What is the substractor ( 666 - ??? = 600 )
  • ( 666 - 066 = 600 ), 066 is the umask value.

Example : Temporarily changing Umask value for file

 
# Default umask value
[sanjeeb@client ~]$ mkdir class && cd class && touch file1 && ls -lh 
total 0
-rw-r--r--. 1 sanjeeb sanjeeb 0 Sep 21 09:51 file1
[sanjeeb@client class]$ umask 
0022
 
# Changing the umask value temporarily
[sanjeeb@client class]$ umask 066
[sanjeeb@client class]$ umask 
0066
 
# Creating a file and viewing permission
[sanjeeb@client class]$ touch file2 && ls -lh file2 
-rw-------. 1 sanjeeb sanjeeb 0 Sep 21 09:53 file2

How to calculate the required umask value for directory ?

  • Suppose we want a file to have only read write permission for the owner. (-rwx------)
  • Using the Substraction method :
  • What is the substractor ( 777 - ??? = 700 )
  • ( 777 - 077 = 700 ), 077 is the umask value.

Example : Temporarily changing Umask value for directory

 
# Default permission of folder
[sanjeeb@client class]$ mkdir dir1 | ls -lh 
total 0
drwx--x--x. 2 sanjeeb sanjeeb 6 Sep 21 09:56 dir1
 
# Changing the umask value temporarily
[sanjeeb@client class]$ umask 077
 
# Viewing the permission after change
[sanjeeb@client class]$ mkdir dir2 && ls -lh dir2
total 0
drwx------. 2 sanjeeb sanjeeb 6 Sep 21 09:58 dir2

Manipulating Permissions

There are also operators to manipulate the permissions:

TaskOperator
Grant a level of access+
Remove a level of access-
Set a level of access=
 
[sanjeeb@server Documents]$ ls -l 
total 0
-rw-r--r--. 1 sanjeeb sanjeeb 0 Apr  6 21:25 file1
 
[sanjeeb@server Documents]$ chmod 777 file1 
[sanjeeb@server Documents]$ ls -l 
total 0
-rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr  6 21:25 file1
 
[sanjeeb@server Documents]$ chmod u=rwx,g=rw,o=r file1 
[sanjeeb@server Documents]$ ls -l
total 0
-rwxrw-r--. 1 sanjeeb sanjeeb 0 Apr  6 21:25 file1

Example 1: Change the permission of the /home/sanjeeb/Documents/file1 such that only the owner gets full permission and groups members & others do not get any permission. Use symbolic method to change the permission.

 
[sanjeeb@server Documents]$ ls -lh
total 0
----------. 1 sanjeeb sanjeeb 0 Apr  6 21:25 file1
[sanjeeb@server Documents]$ chmod u=rwx,g=,o= file1 
[sanjeeb@server Documents]$ ls -lh
total 0
-rwx------. 1 sanjeeb sanjeeb 0 Apr  6 21:25 file1

Example 2: Change the permission of the /home/sanjeeb/Documents/file2 such that the owner and the group members get read and execute permission and others get read only permission. Use numeric method to change the permission.

 
[sanjeeb@server Documents]$ chmod 554 file2
[sanjeeb@server Documents]$ ls -lh
total 0
-r-xr-xr--. 1 sanjeeb sanjeeb 0 Apr  7 06:39 file2
[sanjeeb@server Documents]$

Example 3: Grant all privileges to all users to the directory /home/sanjeeb/Documents/folder1. Make sure that full privileges is granted to all users on that directory as well as to the contents and sub-contents of the directory at one shot. Use numeric method to change the permission.

 
[sanjeeb@server Documents]$ chmod -R 777 folder1/
 
[sanjeeb@server Documents]$ ls -lh
total 0
drwxrwxrwx. 2 sanjeeb sanjeeb 45 Apr  7 06:45 folder1
 
[sanjeeb@server Documents]$ cd folder1
[sanjeeb@server folder1]$ ls -lh
total 0
-rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr  7 06:45 file1
-rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr  7 06:45 file2
-rwxrwxrwx. 1 sanjeeb sanjeeb 0 Apr  7 06:45 file3

Example 4: Removing rwx permission from file1 for other users

 
[sanjeeb@server folder1]$ chmod o-rwx file1
[sanjeeb@server folder1]$ ls -lh
total 0
-rwxrwx---. 1 sanjeeb sanjeeb 0 Apr  7 06:45 file1

Example 5: Removing execute permission from owner, write-execute permission from group and everything from other in file2

 
[sanjeeb@server folder1]$ chmod u-x,g-wx,o= file2 
[sanjeeb@server folder1]$ ls -lh | grep file2
-rw-r-----. 1 sanjeeb sanjeeb 0 Apr  7 06:45 file2
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.