Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Give a group write permission to a folder

I need help understanding how giving write permission to a group, works in Ubuntu. I am logged in as root and have a www-data:www-data and ftpuser:ftpuser ( user:group ). I add the ftpuser into the www-data group using:

Now my www-data group has two users.

I then make the group www-data , owner of the folder /var/www using:

Still i have no write ability to the folder by a group member (though the group owns it) unless i give write permissions to the group. Now according to this best answer i also need to set the permissions to the directory using sudo chmod -R 770 /path/to/the/directory and this is what confuses me.

If a user is the owner of a directory why can't he write to it? Can a user of a group give the group write permissions to a folder owned by the group himself? Where is the group defined in the command sudo chmod -R 770 /path/to/the/directory ? Won't this give recursive permissions to all users?

  • permissions
  • file-permissions
  • user-groups

Community's user avatar

2 Answers 2

though the group owns it

No, group does not own a file in a sense that the permissions for owner apply. Owner permissions apply only to owner - the user; and group permissions apply to the assigned group.

If a user is the owner of a directory why can't he write to it?

He can, except that ftpuser in your case is not the owner.

Most likely, because you don't say it explicitly: root or www-data is the owner /var/www of the file, and ftpuser is a member of the group www-data .

Even if the user www-data and the group www-data have the same name, they are different entities for the operating system.

Can a user of a group give the group write permissions to a folder owned by the group himself?

Again: folder is not owned by a group. If the group has write-permission, any member of the group can change the permissions to the object.

Where is the group defined in the command sudo chmod -R 770 /path/to/the/directory

The second 7 refers to the group permissions ( 7 is a combination of read , write , and execute ).

Won't this give recursive permissions to all users?

It will assign (recursively):

  • read , write , and execute for the owner (first 7 )
  • read , write , and execute for the group (second 7 )
  • no permissions for other users (last 0 )

techraf's user avatar

Directory shared by group with write permissions for existing files

All users should be a members of a group www-data. You can add them using

usermod -a -G www-data user1 usermod -a -G www-data user2 ...

Giving a group www-data a write permission to a folder and all containing files could be achieved with the series of commands:

chgrp -R www-data /var/www chmod -R g+ws /var/www

All new files and directories will have assigned group www-data and will be writable by member of the group.

Permissions for new files

Default umask on most Linux systems is 022 meaning if user1 creates a file or directory under /var/www that file becomes "editable" only by user1, but readable by group www-data.

If this is expected behavior you should stop here.

Directory shared by group with write permission

You should verify whether extended ACL are enabled on your system. You may look at /etc/fstab and look for something like this: /dev/sda5 / ext4 acl ,..... Having this checked you need to provide an extended ACL parameters for directories.

You will add ACL to allow new files created under /var/www folder to be also writable ty www-data group using this command:

setfacl -R -b -k -d -m g:www-data:rwx --mask $2

In this senario if a user1 creates a file or folder under /var/www user2 will be able to write/delete.

Every new file or directory will have permissions rw-rw-???. Question marks will be something that you set for the others.

How to verify permissions

Use this command:

getfacl /var/www

The output should be something like this:

# file: /var/www # owner: www-data # group: www-data # flags: -s- user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:group:www-data:rwx default:mask::rwx default:other::---

Default permissions for folder /var/www are: drwxrws---

Alexander Kuznetsov's user avatar

  • 1 Why are you including s in chmod -R g+ws ?  Did you mean chmod -R g+wx ? –  Scott - Слава Україні Oct 21, 2018 at 2:32

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged linux ubuntu permissions file-permissions user-groups ..

  • The Overflow Blog
  • Would you trust an AI bot to find the fix for vulnerabilities in your code?
  • Who owns this tool? You need a software component catalog
  • Featured on Meta
  • Site maintenance - Saturday, February 24th, 2024, 14:00 - 22:00 UTC (9 AM - 5...
  • Upcoming privacy updates: removal of the Activity data section and Google...

Hot Network Questions

  • Op Amp - Convert a negative ramp to positive ramp
  • Applications of High School Geometry
  • Why did it take so long for the U.S. government to give Medicare the power to negotiate prescription drug prices directly with drug companies?
  • compute accurate derivatives using FFT
  • How to deal with failing ideas?
  • Possible Mistake in Skiena's Algorithm Design Manual
  • How to prevent inrush current caused by LED bulbs from tripping a breaker?
  • How can I define a specific colour for the textures from the ExampleData?
  • Combining instant filtering with an 'Apply Filters' button
  • I was part of a research work, but not going to be included in the paper
  • Restoring collapsed buried pex line?
  • What happens if someone requests asylum in Vatican City?
  • Find the n-th Fibonacci number in O(log n) time
  • My PhD supervisor gave up on me
  • What happens if I miss my French night train (intercités de nuit) if my connecting Eurostar is delayed or cancelled?
  • What's wrong with this derivation of the volume of a hemisphere?
  • computer programs agains humans in the competitive multiplayer computer games
  • Is there a flight search engine that can order results based on cost and travel time *together*?
  • How to remove artifacts in Plot3D?
  • Can I walk to the Netherlands from Weeze, Germany (NRN)?
  • Derivation of Coulomb's law from Maxwell's equations
  • Was Alexei Navalny poisoned in 2020 with Novichok nerve agents by Russia's Federal Security Service?
  • Valid reason for not having plate armor in early medieval, low-magic fantasy setting?
  • Based on ranges, for a given number, I want to increment it by another number

assign group permissions linux

How to add Users, Groups and Assign Permissions in Linux

Daniyal Akbar

Daniyal Akbar

  • 8 October, 2023
  • 12 min read
  • Bash Bash Scripting Command Line Linux Terminal
  • How to add Users, Groups and A ...

Users Groups and Assign Permissions

As you should know, security is a major criterion for any Operating System. In Linux, we can create multiple users and thus need to be assigned permissions accordingly. Hence in this article, we will see how to add users, groups and assign permissions in Linux.  

Prerequisite

  • Must have Linux OS or its Virtual Machine ( YouTube Tutorial )  
  • Basic Linux commands hands-on. ( Check here )  

Table of Content

  • View all Users  
  • Creating a new User  
  • Setting User Password
  • Adding User to sudoer list  
  • Switch Users in Linux  
  • Deleting a User  
  • View all Groups  
  • Creating a Group   
  • Adding User to a Group   
  • Removing User from Group  
  • Deleting a Group  
  • Types of Permission in Linux  
  • Understanding Linux Permissions annotation  
  • Changing Permissions in Linux  
  • How to Change the Owner of a File  
  • How to Edit Group Ownership  
  • How to Change Directory Ownership  
  • How to Use Recursive Chown  

Add Users, Groups and Assign Permissions in Linux

A. users in linux  .

You can think of a User as a single personal account. Just like in Windows or Mac. There are 2 types of users:  

  • Root User (One which has administrative rights overall)  
  • Regular User (Limited privileges. We assign them rights manually)  

1. How to view all Users in Linux

To simply view a list of all the created Users in your Linux Operating System, execute the following command:  

2. How to create a User in Linux

To create a new user in Linux, type the following command in the Terminal. Make sure you are using “sudo” command before executing anything. See the command shown below:   

The above command will ask for a ‘New Password’ for the newly created user. It will continue to ask you a few random information about the user. Just keep on pressing enter to skip them.

3. How to set User Password in Linux  

After creating a user, we need to give it a password. For that, execute the following command:  

The above command will ask you to enter a new password. It will then ask you to re-enter the same password, after which you will be done.  

4. How to switch between users in Linux  

Once the user has been created, in order to login into that user, execute the following command:  

This command will be followed by you entering your username and password to log in.

5. How to add Users to Sudoers list  

What is a sudoers list? It’s a list where we can mention any Linux user, such as the one we created.   

Adding a user to the sudoers list would allow us to give that user, admin access while executing certain tasks. In simple words, you can execute commands while adding ‘sudo’ before it and it will run that command as if it’s run by an admin.  

The user we created (testuser) is not listed in the sudoers list by default. Therefore, to add it to the list, execute the following command:  

Note: The below command is only for DEB-based Linux distributions.  

  • -a flag ensures that the user is added to the group without removing them from any other groups.
  • -G flag specifies the group to which you want to add the user.

After a quick restart, your user would then be listed in the sudoers list.

6. How to delete a user in Linux  

To simply delete a user in Linux, execute the following command:  

B. Groups in Linux  

Groups are basically a collection of Users in Linux. It’s convenient because rights and privileges given to a Group would apply to all its users. Basic privileges in Linux are read , write and execute .  

1. How to view all Groups in Linux

To simply view a list of all the created Groups in your Linux Operating System, execute the following command:  

2. How to create a Group in Linux  

To create a group with the name “ testgroup ” enter the following command:  

3. How to add a User to a Group in Linux  

Now that we have a user and a group, it’s time to assign or add that user to that group. For that, execute the following command:  

The above command simply adds or assigns the testuser to the testgroup .  

Create User and Group and then adding User to a Group in Linux

4. How to remove a User from a Group in Linux  

In order to remove a user from a group, enter the following Linux command:  

5. How to delete a Group in Linux  

Let’s delete the previously created group with this command:  

C. Assign Permissions in Linux  

1. types of permissions in linux.

Linux supports multi-user environments. Meaning we can have multiple users with various privileges and permissions to access files and directories.  

The admin can simply assign these permissions to the Groups, and all the users within it would have those same permissions.   

The basic permissions in Linux are:  

  • Read: Where the users are allowed to open and view the content of a directory or a file. Represented by r.  
  • Write: Where the user would have the right to open and change the content of the file. They can add, remove or rename the files and directories. Represented by w.  
  • Execute: This permission is applicable on executable files, such as a bash file (.sh). The user with this permission is allowed to run a file or script. Represented by w.  

To check what rights the current user has for a particular directory or file, execute the following command where the file is located.  

View rights and permissions of a files and directory in Linux

Note: Check this article to get hands-on practice with Basic Linux Commands .   

2. Understanding Linux Permission annotation  

To understand the permissions, look at this quick reference:  

  • ‘r’ = read. 
  • ‘w’ = write. 
  • ‘x’ = execute. 
  • ‘-’ = no permission. 

Linux File Permissions

The above command would show all the rights in this format. The first letter ‘d’ shows the type of item. If it’s ‘ d’, it’s a directory. If it’s a ‘-’ then it’s a file.  

Then it shows the rights for all the 3 categories.   

  • The first part shows that user ‘testuser’ has read and write permission to that directory but not to execute it.   
  • While the 2 nd part shows that the group that the user belongs to has the same rights.  
  • The 3 rd part shows other users have rights to read, write, and execute as well.  

The others are users which have access to the file or directory, but they were not the creator of it. Nor do they belong to a group that has access to that file/directory.  

3. Changing Permissions in Linux  

To change the current permission of a user or group, we would be using chmod command.   

chmod is an acronym for change mode. There are a few annotations involved when using this command. And you can modify permissions in these 2 methods of annotation.   

Alphabetical annotations:  

  • ‘u’ indicates file owner (User).  
  • ‘g’ indicates groups.  
  • ‘o’ indicates others.  
  • ‘a’ indicates all users as owner, group, and others.  

  Numerical annotations:   

  • ‘0’ represents no permission.  
  • ‘1’ represents execute permission.  
  • ‘2’ represents write permission.  
  • ‘3’ represents execute and write.  
  • ‘4’ represents read permission.  
  • ‘5’ represents read and execute.  
  • ‘6’ represents read and write.  
  • ‘7’ represents read, write and execute permissions.  

  Let’s look at a few chmod examples in Linux .  

The current permissions for myFile.txt as shown in the image above is -rw-rw-r– . Let’s change that.    

4. How to add executable rights to a file in Linux  

In the above command, we are giving execution permission to Other Users for the myFile.txt file. The permission would now look like – rw – rw -r-x  

Causes the system to shut down  or reboot cleanly. May require superuser privileges, so just use sudo before the commands  

5. How to remove write permissions from a file in Linux  

The above command will remove write permission from the group. The permission would now look like: -rw-r- -r-x  

6. How to add executable and write permissions to a file in Linux  

The above command will give write and execute permissions to the group. The permission would now look like -rw-rwxr-x  

  The 2 nd way of changing permissions in Linux is through numeric annotations. And is more commonly used in both ways.  

7. How to enable all permissions of a file in Linux  

Changing Linux File Permissions

The above command is going to give all permissions to Users, Groups, and Other users. The permission would now look like -rwxrwxrwx  

chmod 745 myFile.txt  

  • The above command will give all permissions to the user.  
  • It will give only read permission to the group.  
  • It will give read and execute permission to the other users.  

The Permission would now look like this: -rwxr- -r-x  

D. Change Owner in Linux  

For a given file or directory you can change the owner. For that, we use the chown command, which stands for ‘change owner’. To see the current owners of a file or directory we use the following command:  

Linux File Owner Permissions

Let’s see some examples of chown in Linux.  

1. How to Change the Owner of a File  

The above command will change the current User owner ( testuser ) to the new User owner ( daniyal ). Look at the image below for reference.  

Changing Owner of a File in Linux

2. How to Edit Group Ownership  

Just like we changed the User ownership, we can change the group ownership as well. The above command changes the Group of myFile.txt from testuser to root .  

The above command changes the User and the Group ownership of myFile.txt in a single command.   

Separated by a colon (:), the left side is for changing User ownership to daniyal . The right side is for changing the Group ownership to root. Look at the image below for reference.  

Changing Owner and Group of a File in Linux

3. How to Change Directory Ownership  

To change the ownership of a directory, we use the exact same command as before but target that particular directory . The Linux command for that is:   

Note: Changing the ownership of a directory DOES NOT change the ownership of the files inside of that directory. For that, you need to either go and change them individually or use recursive command. The recursive command is shown in the next clause.   

4. How to Use Recursive Chown  

The recursive method is useful when you want to change the owner of a directory, along with all the files and sub-directory within it.   

The command is exactly the same as the previous one, with the addition of the –R flag. Let’s see the example.  

The above command will not only change the owner of myFolder but also all the files and sub-directories inside it.  

And that’s a wrap!  

These commands will only work on a LINUX terminal. And a common way to run Linux with Windows is to start a Virtual Machine using VMware.  

I hope this article helped understand How to add Users, Groups and Assign Permissions in Linux . You may also want to check out Basic Linux commands hands on . Please like this article and leave your reviews in the comment section below.  

Have a great one!  

One reply on “How to add Users, Groups and Assign Permissions in Linux”

' src=

very informative thank you

Comments are closed.

Recent Posts

Understanding linux scheduling algorithm: a comprehensive guide, how to add routing in angular.

  • What is Data at Rest in Cloud Computing

How to Create CRON Job in Linux

How to manage networking configuration in linux ubuntu, recent comments.

  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • Backend Development
  • Frontend Development
  • Google Cloud Platform
  • Installations
  • Python Flask
  • Uncategorized

Recent Post

Linux Scheduling System

  • 13 June, 2023

How to add routing in angular projects

  • 9 May, 2023

What is data at rest

What is Data at Rest in Cloud

  • 13 March, 2023

Stay In Touch

Featured videos, related posts.

How to create cron job in Linux

What are Linux Processes & Scheduling Algorithm

What is Linux Bash Scripting

What is Linux Bash Scripting

  • Privacy Policy

© 2024. All rights reserved by Programatically.

  • Embedded/IoT
  • Open Source
  • System Administration
  • Certification
  • What is Linux?

Linux.com

  • Training and Tutorials

How to Manage Users with Groups in Linux

When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).

We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups.

For the purpose of this piece, I’m going to assume the following:

You need to create two users with usernames:

You need to create two groups:

Olivia needs to be a member of the group editors , while nathan needs to be a member of the group readers . The group readers needs to only have read permission to the directory /DATA , whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.

I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo . If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations.

Creating the users

The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.

The first thing we do is create the users. To do this, issue the commands:

We have now created our users. If you look in the /home directory, you’ll find their respective homes (because we used the -m option, which creates a home directory).

Next each user must have a password. To add passwords into the mix, you’d issue the following commands:

When you run each command, you will be prompted to enter (and verify) a new password for each user.

That’s it, your users are created.

Creating groups and adding users

Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are:

That’s it. If you issue the command less /etc/group , you’ll see our newly created groups listed ( Figure 1 ).

assign group permissions linux

With our groups created, we need to add our users. We’ll add user nathan to group readers with the command:

We’ll add the user olivia to the group editors with the command:

Now we’re ready to start managing the users with groups.

Giving groups permissions to directories

Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:

Next, remove write permission from the group with the command:

Now we remove the others x bit from the /READERS directory (to prevent any user not in the readers group from accessing any file within) with the command:

At this point, only the owner of the directory (root) and the members of the readers group can access any file within /READERS .

Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:

At this point, any member of the editors group can access and modify files within. All others (minus root) have no access to the files and folders within /EDITORS .

The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.

Using access control lists

Now, let’s get tricky. Say you have a single folder— /DATA — and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.

The structure of this command looks like this:

Where OPTION is the available options, X is either u (for user) or g (for group), NAME is the name of the user or group, and DIRECTORY is the directory to be used. We’ll be using the option -m for modify. So our command to add the group reader for read access to the /DATA directory would look like this:

Now any member of the readers group can read the files contained within /DATA , but they cannot modify them.

To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command;

The above command would give any member of the editors group both read and write permission, while retaining the read-only permissions to the readers group.

All the control you need

And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:

man addgroup

man usermod

Learn more about Linux through the free  “Introduction to Linux”  course from The Linux Foundation and edX.

RELATED ARTICLES MORE FROM AUTHOR

assign group permissions linux

Leap into Learning and SAVE up to 50% off!

assign group permissions linux

Learn More in ’24 & Save up to 35%

35% Discount on Training & Certification Ad

Give the Gift of Learning With 35% Discount on all Training & Certification

Last Chance CyberMonday Deals

Cyber Monday Deals Extended Until Dec. 6th!

assign group permissions linux

Hacking the Linux Kernel in Ada – Part 3

Tecmint: Linux Howtos, Tutorials & Guides

Managing Users & Groups, File Permissions & Attributes and Enabling sudo Access on Accounts – Part 8

Last August, the Linux Foundation started the LFCS certification ( Linux Foundation Certified Sysadmin ), a brand new program whose purpose is to allow individuals everywhere and anywhere take an exam in order to get certified in basic to intermediate operational support for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus intelligent decision-making to be able to decide when it’s necessary to escalate issues to higher level support teams.

Linux Users and Groups Management

Please have a quick look at the following video that describes an introduction to the Linux Foundation Certification Program.

This article is Part 8 of a 10-tutorial long series, here in this section, we will guide you on how to manage users and groups permissions in Linux system, that are required for the LFCS certification exam.

Since Linux is a multi-user operating system (in that it allows multiple users on different computers or terminals to access a single system), you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks.

Adding User Accounts

To add a new user account, you can run either of the following two commands as root.

When a new user account is added to the system, the following operations are performed.

1. His/her home directory is created ( /home/username by default).

2. The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for his/her user session.

3. A mail spool is created for the user at /var/spool/mail/ username .

4. A group is created and given the same name as the new user account.

Understanding /etc/passwd

The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).

  • Fields [username] and [Comment] are self explanatory.
  • The x in the second field indicates that the account is protected by a shadowed password (in /etc/shadow ), which is needed to logon as [username] .
  • The [UID] and [GID] fields are integers that represent the User IDentification and the primary Group IDentification to which [username] belongs, respectively.
  • The [Home directory] indicates the absolute path to [username] ’s home directory, and
  • The [Default shell] is the shell that will be made available to this user when he or she logins the system.

Understanding /etc/group

Group information is stored in the /etc/group file. Each record has the following format.

  • [Group name] is the name of group.
  • An x in [Group password] indicates group passwords are not being used.
  • [GID] : same as in /etc/passwd.
  • [Group members] : a comma separated list of users who are members of [Group name] .

Add User Accounts in Linux

After adding an account, you can edit the following information (to name a few fields) using the usermod command, whose basic syntax of usermod is as follows.

Setting the expiry date for an account

Use the –expiredate flag followed by a date in YYYY-MM-DD format.

Adding the user to supplementary groups

Use the combined -aG , or –append –groups options, followed by a comma separated list of groups.

Changing the default location of the user’s home directory

Use the -d , or –home options, followed by the absolute path to the new home directory.

Changing the shell the user will use by default

Use –shell , followed by the path to the new shell.

Displaying the groups an user is a member of

Now let’s execute all the above commands in one go.

usermod Command Examples

In the example above, we will set the expiry date of the tecmint user account to October 30th, 2014 . We will also add the account to the root and users group. Finally, we will set sh as its default shell and change the location of the home directory to /tmp :

Read Also :

  • 15 useradd Command Examples in Linux
  • 15 usermod Command Examples in Linux

For existing accounts, we can also do the following.

Disabling account by locking password

Use the -L (uppercase L) or the –lock option to lock a user’s password.

Unlocking user password

Use the –u or the –unlock option to unlock a user’s password that was previously blocked.

Lock User in Linux

Creating a new group for read and write access to files that need to be accessed by several users

Run the following series of commands to achieve the goal.

Deleting a group

You can delete a group with the following command.

If there are files owned by group_name , they will not be deleted, but the group owner will be set to the GID of the group that was deleted.

Linux File Permissions

Besides the basic read, write, and execute permissions that we discussed in Archiving Tools and Setting File Attributes – Part 3 of this series, there are other less used (but not less important) permission settings, sometimes referred to as “ special permissions ”.

Like the basic permissions discussed earlier, they are set using an octal file or through a letter (symbolic notation) that indicates the type of permission.

Deleting user accounts

You can delete an account (along with its home directory, if it’s owned by the user, and all the files residing therein, and also the mail spool) using the userdel command with the –remove option.

Group Management

Every time a new user account is added to the system, a group with the same name is created with the username as its only member. Other users can be added to the group later. One of the purposes of groups is to implement a simple access control to files and other system resources by setting the right permissions on those resources.

For example, suppose you have the following users.

  • user1 (primary group: user1)
  • user2 (primary group: user2)
  • user3 (primary group: user3)

All of them need read and write access to a file called common.txt located somewhere on your local system, or maybe on a network share that user1 has created. You may be tempted to do something like,

However, this will only provide read and write access to the owner of the file and to those users who are members of the group owner of the file ( user1 in this case). Again, you may be tempted to add user2 and user3 to group user1 , but that will also give them access to the rest of the files owned by user user1 and group user1 .

This is where groups come in handy, and here’s what you should do in a case like this.

Understanding Setuid

When the setuid permission is applied to an executable file, an user running the program inherits the effective privileges of the program’s owner. Since this approach can reasonably raise security concerns, the number of files with setuid permission must be kept to a minimum. You will likely find programs with this permission set when a system user needs to access a file owned by root.

Summing up, it isn’t just that the user can execute the binary file, but also that he can do so with root’s privileges. For example, let’s check the permissions of /bin/passwd . This binary is used to change the password of an account, and modifies the /etc/shadow file. The superuser can change anyone’s password, but all other users should only be able to change their own.

passwd Command Examples

Thus, any user should have permission to run /bin/passwd , but only root will be able to specify an account. Other users can only change their corresponding passwords.

Change User Password in Linux

Understanding Setgid

When the setgid bit is set, the effective GID of the real user becomes that of the group owner. Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the setgid bit of the parent directory. You will most likely use this approach whenever members of a certain group need access to all the files in a directory, regardless of the file owner’s primary group.

To set the setgid in octal form, prepend the number 2 to the current (or desired) basic permissions.

Setting the SETGID in a directory

Add Setgid in Linux

Understanding Sticky Bit

When the “ sticky bit ” is set on files, Linux just ignores it, whereas for directories it has the effect of preventing users from deleting or even renaming the files it contains unless the user owns the directory, the file, or is root.

To set the sticky bit in octal form, prepend the number 1 to the current (or desired) basic permissions.

Without the sticky bit, anyone able to write to the directory can delete or rename files. For that reason, the sticky bit is commonly found on directories, such as /tmp , that are world-writable.

Add Stickybit in Linux

Special Linux File Attributes

There are other attributes that enable further limits on the operations that are allowed on files. For example, prevent the file from being renamed, moved, deleted, or even modified. They are set with the chattr command and can be viewed using the lsattr tool, as follows.

After executing those two commands, file1 will be immutable (which means it cannot be moved, renamed, modified or deleted) whereas file2 will enter append-only mode (can only be open in append mode for writing).

Protect File from Deletion

Accessing the root Account and Using sudo

One of the ways users can gain access to the root account is by typing.

and then entering root’s password.

If authentication succeeds, you will be logged on as root with the current working directory as the same as you were before. If you want to be placed in root’s home directory instead, run.

and then enter root’s password.

Enable sudo Access on Linux

The above procedure requires that a normal user knows root’s password, which poses a serious security risk. For that reason, the sysadmin can configure the sudo command to allow an ordinary user to execute commands as a different user (usually the superuser) in a very controlled and limited way. Thus, restrictions can be set on a user so as to enable him to run one or more specific privileged commands and no others.

Read Also : Difference Between su and sudo User

To authenticate using sudo , the user uses his/her own password. After entering the command, we will be prompted for our password (not the superuser’s) and if the authentication succeeds (and if the user has been granted privileges to run the command), the specified command is carried out.

To grant access to sudo, the system administrator must edit the /etc/sudoers file. It is recommended that this file is edited using the visudo command instead of opening it directly with a text editor.

This opens the /etc/sudoers file using vim (you can follow the instructions given in Install and Use vim as Editor – Part 2 of this series to edit the file).

These are the most relevant lines.

Let’s take a closer look at them.

This line lets you specify the directories that will be used for sudo , and is used to prevent using user-specific directories, which can harm the system.

The next lines are used to specify permissions.

  • The first ALL keyword indicates that this rule applies to all hosts.
  • The second ALL indicates that the user in the first column can run commands with the privileges of any user.
  • The third ALL means any command can be run.

If no user is specified after the = sign, sudo assumes the root user. In this case, user tecmint will be able to run yum update as root.

The NOPASSWD directive allows user gacanepa to run /bin/updatedb without needing to enter his password.

The % sign indicates that this line applies to a group called “ admin ”. The meaning of the rest of the line is identical to that of an regular user. This means that members of the group “ admin ” can run all commands as any user on all hosts.

To see what privileges are granted to you by sudo, use the “ -l ” option to list them.

Sudo Access Rules

PAM (Pluggable Authentication Modules)

Pluggable Authentication Modules (PAM) offer the flexibility of setting a specific authentication scheme on a per-application and / or per-service basis using modules. This tool present on all modern Linux distributions overcame the problem often faced by developers in the early days of Linux, when each program that required authentication had to be compiled specially to know how to get the necessary information.

For example, with PAM, it doesn’t matter whether your password is stored in /etc/shadow or on a separate server inside your network.

For example, when the login program needs to authenticate a user, PAM provides dynamically the library that contains the functions for the right authentication scheme. Thus, changing the authentication scheme for the login application (or any other program using PAM) is easy since it only involves editing a configuration file (most likely, a file named after the application, located inside /etc/pam.d , and less likely in /etc/pam.conf ).

Files inside /etc/pam.d indicate which applications are using PAM natively. In addition, we can tell whether a certain application uses PAM by checking if it the PAM library ( libpam ) has been linked to it:

Check Linux PAM Library

In the above image we can see that the libpam has been linked with the login application. This makes sense since this application is involved in the operation of system user authentication, whereas top does not.

Let’s examine the PAM configuration file for passwd – yes, the well-known utility to change user’s passwords. It is located at /etc/pam.d/passwd :

PAM Configuration File for Linux Password

The first column indicates the type of authentication to be used with the module-path (third column). When a hyphen appears before the type, PAM will not record to the system log if the module cannot be loaded because it could not be found in the system.

The following authentication types are available:

  • account : this module type checks if the user or service has supplied valid credentials to authenticate.
  • auth : this module type verifies that the user is who he / she claims to be and grants any needed privileges.
  • password : this module type allows the user or service to update their password.
  • session : this module type indicates what should be done before and/or after the authentication succeeds.

The second column (called control ) indicates what should happen if the authentication with this module fails:

  • requisite : if the authentication via this module fails, overall authentication will be denied immediately.
  • required is similar to requisite, although all other listed modules for this service will be called before denying authentication.
  • sufficient : if the authentication via this module fails, PAM will still grant authentication even if a previous marked as required failed.
  • optional : if the authentication via this module fails or succeeds, nothing happens unless this is the only module of its type defined for this service.
  • include means that the lines of the given type should be read from another file.
  • substack is similar to includes but authentication failures or successes do not cause the exit of the complete module, but only of the substack.

The fourth column, if it exists, shows the arguments to be passed to the module.

The first three lines in /etc/pam.d/passwd (shown above), load the system-auth module to check that the user has supplied valid credentials (account). If so, it allows him / her to change the authentication token (password) by giving permission to use passwd ( auth ).

For example, if you append

to the following line

in /etc/pam.d/system-auth :

the last two hashed passwords of each user are saved in /etc/security/opasswd so that they cannot be reused:

Linux Password Fields

Effective user and file management skills are essential tools for any system administrator. In this article we have covered the basics and hope you can use it as a good starting to point to build upon. Feel free to leave your comments or questions below, and we’ll respond quickly.

Previous article:

Next article:

Photo of author

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Related Posts

Assemble Partitions as RAID Devices in Linux

LFCS #6: How to Assemble Partitions as RAID Devices and Create System Backups

Mount File Systems in Linux

LFCS #5: How to Mount Local and Network (Samba & NFS) Filesystems in Linux

Partition Storage Devices in Linux

LFCS #4: How to Partition Storage Devices in Linux

Tar Files, Set Permissions and Find Files in Linux

LFCS #3: How to Archive Files, Set File Permissions and Finding Files in Linux

Learn Vim Editor in Linux

LFCS #2: How to Install and Use Vi/Vim as a Full Text Editor in Linux

Sed Command to Manipulate Files in Linux

LFCS #1: How to Use ‘sed’ Command to Create, Edit, and Manipulate Files in Linux

33 thoughts on “Managing Users & Groups, File Permissions & Attributes and Enabling sudo Access on Accounts – Part 8”

Hi Gabriel, nice tutorial, enjoyed it. Can you clarify and state best practices, please. I have 2 directories, ACCOUNTS, and OFFICE, both set to 2770 and ACCOUNTS is owned by group “department1″, and OFFICE is owned by group ” department 2″ both groups users can only use and see their own directories.

This all works fine but a new user “JOHN” wants to be able to access and modify BOTH directories, can you tell me how to make this happen, whats best practice?

How to delete multiple users at a time?

To delete multiple users at a time in Linux, use the following command.

Alternatively, use the following command to delete multiple system users in Linux.

explanation of the above command.

  • user – It is the variable used to store values from del.user file.
  • del.user – It is the file with all user names that you want to delete.
  • userdel – A command used to delete the user.
  • userdel -r – This command used to delete user’s with home directory.

Nice article appreciate your work. But make one correction here for unlocking a user you have to use “ usermod -U username ” instead of using small “ u “, use capital U . Because with small u we can assign new UID for the user. its not for Unlocking a user.

Create a bash script to perform user management tasks like creating a new group. The script must check to ensure that no duplicate group names exist on the system. If a duplicate is found, an error needs to be reported, and the administrator must try another group name.

I Have a Samba Shared Folder and 2 or 3 folders inside that, how can I prevent copying file attributes (Like created /modified time stamps) when I copy for move files between these folders.

For the example you’ve just mentioned, what is the desired modification time stamp (or other file attributes) after you’ve copied the file(s)?

great tutorial

Thanks! Please help us spread the word by sharing this and our other posts through your social network profiles!

hi my name is mahi and i am from India learning red-hat 7 course but looking for red-hat book for more practices but in sequence or chapter-wise so i can learn Linux commands and concept in brief and deeply i often follow your site to learn Linux

i saw your red-hat certification study guide which is in red color and price of 34$ but bit surprise after saw the pages just 164, how you will cover all the topics in 164 pages may be i can be wrong but please suggest me one best book to learn red-hat Linux 7 , i want a book like the same way you write on your website

Great tutorial !! thank you

@BENALIF, Thank you for taking the time to comment on this post. Please help us spread the word by sharing it through your social networks!

Wow this is such a comprehensive tutorial. Thanks for the good work.

Hi Gabriel,

For the past few days, I’ve been reading this tutorial series and making the exercises as a complement to do the LFCS exam. Until now (from part1 to 8) I’ve only had detected minor errors/typos but in this section you have some content from user and group management inside file permissions section :)

Since this exchange can lead to some confusion while reading, I’m here just to make you aware of this so you can correct.

Thank you for all the great info that you posted in these articles.

@Nuno, Thank you for pointing this out. You’re right, there are a couple of paragraphs in the File permissions section that should be moved to User management. On a side note, would you be as kind as to let us know what are the errors / typos you’ve found in the previous guides?

No problem :)

Regarding the other errors/typos I’ve pointed out, as I said, they’re just minor things that I’ve noticed while reading and following your tutorials. As an example, the only one I can remember right now is on part 6 (RAID), in the section “Check the array creation status” where you show the status of a RAID5 after create a RAID0 but as I said, not a big deal :)

Again, big thanks for this tutorial series.

Best regards, Nuno

@Nuno, I just checked the RAID article and you’re right :). I am adding a comment in that article to ask the owner of the site to clarify. Thanks again!

In “Overview of Domains and Competencies” block on a page with LFCS info ( https://training.linuxfoundation.org/certification/lfcs ) we have two interesting competencies: “Managing local users accounts” “Managing user accounts”

Can you describe the difference? As I have found in the web, “Managing user accounts” means something related to network accounts (e.g. LDAP) and I don’t see anything related to it in this article.

@Paul, The way I see it, that is a repeated topic. In the context of the LFCS exam, they mean the same. You will only be asked to perform local user management as described in this article.

ifconfig … output is eth0 error fetching interface information device not found lspci output 05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05) please guide me about this issue…

@Tanveer, Based on the error message, and without knowing what your distribution and environment is, I am assuming you are getting this error in a virtual machine. You have configured a NIC (network interface card) but have not added the virtual resource to the virtual machine. If my assumption is correct, my best guess is that you’re using VMWare. If so, please confirm and we’ll guide you through the steps to solve this issue. Without further information I am afraid we can’t do much.

Draga Gabriel, Am o nelamurire legata de output-ul generat de crearea unui nou user. Centos7 nou user intr-o forma cat mai simpla: useradd dragos. Se creaza automat un UID si GID default si un grup default cu nume identic. Cand verific cu cat /etc/group output-ul este pt. userul nou creat in forma: dragos:x:1001: deci fara a aparea in mod explicit ce user are grupul “dragos”. La alt user apare forma: apolo:x:1000:apolo. Inrebarea mea de ce o inregistrare cuprinde explicit userul default generat si cealalta inregistrare nu. Este vreo diferenta??? PS: cu id user totul apare corect. Multumesc mult!!!!

English Version

Dear Gabriel , I have a misunderstanding related to the output generated by creating a new user . Centos7 new user in a form as simple : useradd nice. It automatically creates a UID and GID default and a default group with the same name . When you check with cat / etc / group is for output . The newly created user in the form : Dragos : x : 1001 : so without appearing explicitly that user group has ” pretty.” At another user appears as: Apollo : x : 1000: Apollo. Asked what my record contains explicit default user generated and no other listing . Is there any difference ??? PS : everything seems right with user id . Thank you very much!!!!

Hey, Thanks Gabriel I would like to know how to manually add users to my Linux system, i mean not using either adduser or useradd.

first thank you for this nice series

there is a little mistake in lock user account part it should be -L (uppercase) not -l (lowercase)

hey just a note – unlock and lock actually user uppercase letters

Perhaps there is a typo here? # usermod –expiredata 2014-10-30 tecmint Is it should be # usermod –expiredate 2014-10-30 tecmint

@Nick, Thanks for pointing out that typo, corrected in the writeup….

Great articles, I just wanted to point out a possible typo. The “man” pages show that “usermod -L” will lock a user account and “-U” will unlock. Thanks again for this valuable documentation.

Thanks very much for the great series covering LFCS.

Perhaps there is a typo here? # chmod :common_group common.txt # Change the group owner of common.txt to common_group

Is it should be chown (to change the user/group ownership of a file)?

@Jason, I can’t find the typo you’re pointing out (maybe it was fixed by the editor already). But yes, you’re right. You change the owner of the file with chown, not chmod.

Do we have an LFCS series from start to end here? Would love to see the content and topics covered being an RHCE.

@Prasad, thank you for sharing that link and for taking the time to comment!. Actually, I thought about saying a word or two about the skel file, but I ended up trying to stick with the intent of the LFCS certification (strictly performance-based).

Great document. Also need to add skel file importance.

http://www.linfo.org/etc_skel.html

Got something to say? Join the discussion. Cancel reply

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.

Save my name, email, and website in this browser for the next time I comment.

How To Change File or Directory Permissions in Linux

Use the Chmod command to change permissions from the command line.

Change Permissions on the Linux Command Line

If you’ve ever tried to run a script from the command line in Linux and gotten an error message saying that it’s not executable or attempted to enter a directory only to be blocked by the system, you probably don’t have permissions to do those things. Fortunately, if you have the proper rights or the ability to act as a super user (accessible by using sudo), you can change the permissions on files and directories.

In this how-to we’ll look at the chmod command, a powerful command that can change file and directory permissions for the owner, user group members and others. In a section below, we’ll also explain how to tell what group your user is in and exactly what Linux means by “others.”

Whilst you become accustomed to these commands it’s good to work with example empty files and directories and you should take extra care to ensure you are carefully following the instructions.

All the commands in this how-to will work on most Linux machines. We’ve used a Ubuntu 20.04 install but you could run this how-to on a Raspberry Pi . All of the how-to is performed via the Terminal. You can open a terminal window on most Linux machines by pressing ctrl, alt and t.

How to Check File Permissions in Linux

To begin, let's create a test file in a test directory and take a look at its default permissions. To see the permissions we will use ls with the -l argument added.

1. Create a new directory called test_directory

2. Move into the newly created directory .

3. Create a new test file called test1.txt .

4. List the contents of the directory using ls -l .

Using ls -l gives us a lot more information about the items returned on the list. We should see that test1.txt has been created. We are interested in the first 10 characters on the listing which for our test file read - rw- rw- r-- . 

The first – indicates that the object on the list is a file. If we ran ls -l and a directory was listed this first character would be a d . The next 9 characters are arranged in 3 sets of 3. 

The first set of 3 refers to the owner, the second set of 3 refer to user groups and the final set of three refer to others. Each set of 3 characters can contain either – or r, w, and x. If you can see an r in the set then that set has read permissions granted. If you can see a w that set can write to a file and if you can see an x in the set then that set can execute the file as a script or program. 

We can see that our test1.txt currently has the owner and group member permissions set to read and write with others only allowed to read. No one has permission to execute the file. 

How to Change Linux File / Directory Permissions Quickly

We can use the chmod command to toggle the read, write and execute permissions on and off for the owner, group and others. Let’s begin with changing single permissions for the owner and group.

1. In the test_directory, list the current permissions for test1.txt .

These should be unchanged from when we created test1.txt and should read -rw-rw-r-- . 2. Change the permission of the owner to read only .

3. List the directory contents to view the new permission settings. We should now see that the permissions for test1.txt read -r--rw-r-- indicating that, for the owner, the file is now read only.

4. Change  permission of groups to read only. Similar to changing permissions for the owner we can change permission settings for the groups. To revoke write permissions we can use the argument g-w .

5. List the directory contents to view the new permission settings .

We should now see that the permissions for test1.txt read -r--r--r-- indicating that, for the groups, the file is now read only.

6. Enable write permissions for the owner. Instead of using u-w to remove write permissions we can intuitively use u+w to grant write permissions for the owner.

7. List the directory contents to view the new permission settings. We should now see that the permissions for test1.txt read -rw-r--r-- indicating that, for the owner, write permissions have been granted.

How to Apply Multiple File / Directory Permission Changes in Linux

We can also combine the arguments we used in the previous section to make multiple changes to Linux file permissions in a single command. In this section it’s important not to add any extra spaces in the chmod arguments as this will cause the command to fail. 

In the first section we used u and g for owner and group and in this section we will additionally use o to target permission changes for others. Likewise, we used r and w for read and write and in this section we will add x to make changes to the executable permissions.

1. List the directory contents to view the new permission settings. We should see that the permissions for test1.txt are -rw-r--r-- .

2. Change the permissions so that additionally the owner can execute and the group can additionally write and execute. Notice that there are no spaces after the comma and also notice that you can combine r,w,x in a single argument.

3. List the directory contents to view the new permission settings. We should see that the permissions for test1.txt are -rwxrwxr-- . This means that the owner and group can read, write and execute the file whilst others can only read.

How to Change File / Directory Permissions Recursively in Linux

The chmod command can be used to create changes recursively to a directory meaning that changes are also applied to the files contained within the directory. Let’s use what we have learnt so far and additionally use the recursive -R argument to see how this works.

1. Move to your home directory and list the contents.

We should see test_directory listed from the previous parts of this how-to. The permissions for test_directory should read drwxrwxr-x.

2. Change the owner and group permissions of both the directory and its contents. Running this command will revoke owner and group write permissions for both test_directory and the file, test1.txt it contains.

3. List the home directory contents to check the permissions for test_directory.

We should see that the owner and group permissions allow for reading and execution but now do not allow writing to the directory.

4. Move into test_directory to check permissions for test1.txt.

We should see that the owner and group permissions for test1.txt have been changed to match the recursive changes to the host directory, removing write permissions. 

How to View Your Linux Group

When we talk of users, groups and others what we mean is that our user typically belongs to a group of users. A user and group can have the same, or very different permissions. For example a team member may need more permissions to perform a certain task. The permissions that we give a user and a group will be different to what we give other users, users who are not in the group.

We can see the groups that our user is part of via the groups command.

1. Open a terminal and type in groups . This will list all of the groups available on our installation.

2. Open a terminal and type in groups followed by the user’s name. For example here we check which groups “Tom” belongs to and find that he belongs to the groups tom and sudo.

The output of this command looks like this.

Others are not a group. Rather “others” refers to anyone who is not the owner, or in a group which has access to a file or directory. Typically others will only have read access to any files of directories, but this can be changed and we shall explore this later.  

How to Change Linux File Permissions With Numeric Codes

Though the use of r,w or x is easier to remember for Linux file permissions, many people use a series of numeric codes with chmod instead. You feed the chmod command a three-digit number and each digit applies to a different group in this order: user, group, others. So, for example, chmod 777 gives all three types full read, write and execute permissions while chmod 740 gives the user full permissions, the group read permissions and others no permissions at all.

The table below shows what each number means.

With these basic usages of the chmod command you get a lot of control over file and directory permissions. There are lots of different arguments to add to chmod that allow you to work with different approaches. 

For example it’s worth researching the use of = instead of + and – as, rather than toggling permissions on and off, you can define permissions directly for some or all users. As you research and learn about chmod it’s worth remembering to practice on test files and directories as it can be frustrating if you accidentally remove all permissions on a file you depend on. 

Stay on the Cutting Edge

Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.

Jo Hinchliffe

Jo Hinchliffe is a UK-based freelance writer for Tom's Hardware US. His writing is focused on tutorials for the Linux command line.  

You can run LUnix on an NES — demo shows a Unix-like OS running completely on the NES

Damn Small Linux returns after a 12-year break – grows from 50MB to 700MB

Softbank founder reportedly aims to raise $100 billion to build AI chip company that would rival Nvidia — Project Izanagi might leverage Arm design

Most Popular

By Sammy Ekaran December 23, 2023

By Les Pounder December 10, 2023

By Les Pounder December 05, 2023

By Sammy Ekaran December 04, 2023

By Sammy Ekaran December 02, 2023

By Sammy Ekaran November 06, 2023

By Sammy Ekaran November 05, 2023

By Les Pounder November 04, 2023

By Sammy Ekaran November 03, 2023

By Sammy Ekaran October 29, 2023

By Sammy Ekaran October 25, 2023

Linux chmod and chown – How to Change File Permissions and Ownership in Linux

Linux is a multi user OS which means that it supports multiple users at a time.

As many people can access the system simultaneously and some resources are shared, Linux controls access through ownership and permissions.

Linux file ownership

In Linux, there are three types of owners: user , group , and others .

A user is the default owner and creator of the file. So this user is called owner as well.

Linux Group

A user-group is a collection of users. Users that belonging to a group will have the same Linux group permissions to access a file/ folder.

You can use groups to assign permissions in a bulk instead of assigning them individually. A user can belong to more than one group as well.

Any users that are not part of the user or group classes belong to this class.

Linux File Permissions

File permissions fall in three categories: read , write , and execute .

Read permission

For regular files, read permissions allow users to open and read the file only. Users can't modify the file.

Similarly for directories, read permissions allow the listing of directory content without any modification in the directory.

Write permission

When files have write permissions, the user can modify (edit, delete) the file and save it.

For folders, write permissions enable a user to modify its contents (create, delete, and rename the files inside it), and modify the contents of files that the user has write permissions to.

Execute permission

For files, execute permissions allows the user to run an executable script. For directories, the user can access them, and access details about files in the directory.

Below is the symbolic representation of permissions to user, group, and others.

image-157

Note that we can find permissions of files and folders using long listing ( ls -l ) on a Linux terminal.

image-158

In the output above, d represents a directory and - represents a regular file.

image-159

How to Change Permissions in Linux Using the chmod Command

Now that we know the basics of ownerships and permissions, let's see how we can modify permissions using the chmod command.

Syntax of chmod :

  • permissions can be read, write, execute or a combination of them.
  • filename is the name of the file for which the permissions need to change. This parameter can also be a list if files to change permissions in bulk.

We can change permissions using two modes:

  • Symbolic mode : this method uses symbols like u , g , o to represent users, groups, and others. Permissions are represented as   r, w, x for read write and execute, respectively. You can modify permissions using +, - and =.
  • Absolute mode : this method represents permissions as 3-digit octal numbers ranging from 0-7.

Now, let's see them in detail.

How to Change Permissions using Symbolic Mode

The table below summarize the user representation:

We can use mathematical operators to add, remove, and assign permissions. The table below shows the summary:

Suppose, I have a script and I want to make it executable for owner of the file zaira .

Current file permissions are as follows:

image-161

Let's split the permissions like this:

image-160

To add execution rights ( x ) to owner ( u ) using symbolic mode, we can use the command below:

Now, we can see that the execution permissions have been added for owner zaira .

image-162

Additional examples for changing permissions via symbolic method:

  • Removing read and write permission for group and others : chmod go-rw .
  • Removing read permissions for others : chmod o-r .
  • Assigning write permission to group and overriding existing permission: chmod g=w .

How to Change Permissions using Absolute Mode

Absolute mode uses numbers to represent permissions and mathematical operators to modify them.

The below table shows how we can assign relevant permissions:

Permissions can be revoked using subtraction. The below table shows how you can remove relevant permissions.

  • Set read (add 4) for user , read (add 4) and execute (add 1) for group, and only execute (add 1) for others.

chmod 451 file-name

This is how we performed the calculation:

image-163

Note that this is the same as r--r-x--x .

  • Remove execution rights from other and group .

To remove execution from other and group , subtract 1 from the execute part of last 2 octets.

image-164

  • Assign read , write and execute to user , read and execute to group and only read to others.

This would be the same as rwxr-xr-- .

image-165

How to Change Ownership using the chown Command

Next, we will learn how to change the ownership of a file. You can change the ownership of a file or folder using the chown command. In some cases, changing ownership requires sudo permissions.

Syntax of chown :

How to change user ownership with chown

Let's transfer the ownership from user zaira to user news .

chown news mymotd.sh

image-167

Command to change ownership: sudo chown news mymotd.sh

image-168

How to change user and group ownership simultaneously

We can also use chown to change user and group simultaneously.

How to change directory ownership

You can change ownership recursively for contents in a directory. The example below changes the ownership of the /opt/script folder to allow user admin .

How to change group ownership

In case we only need to change the group owner, we can use chown by preceding the group name by a colon :

Linux Permissions Guided Exercise

Up until now we have explored permissions, ownerships, and the methods to change them. Now we will reinforce our learning with a guided exercise.

Goal : To create groups and assign relevant permissions to its members. Verify access by accessing it from unauthorized users.

Task : Create a group called dev-team and add two members (John and Bob) to it. Create a folder /home/dev-team and change ownership to group dev-team . Verify that both users in the dev-team group have read and write access to the folder.

Create another group project-manager and add a user Fatima to it. Verify if the folder /home/dev-team is accessible by Fatima .

Visualization of the problem

We can visualize the problem like this:

Notes_220426_040131_1

Step 1: Switch to root user. Switch to root user so that we have the rights to create new users and groups.

Use the sudo command with flag i .

If you have the root password, you can login using that as well.

Enter sudo -i to switch to the root user.

Enter whoami to find out if you are the root user:

step1-1

If you do not have root access, use the commands with appending sudo .

Step 2: Create a group dev-team

Use the groupadd command.

Syntax: groupadd group-name

Enter groupadd dev-team to create the dev-team group

Verify: cat /etc/group | grep dev-team

Step 3: Create two new users John and Bob and add them to the dev-team group

Use command useradd .

useradd creates a new user and adds to the specified group.

Syntax: useradd -G groupname username

Where -G specifies the group.

useradd -G dev-team John

useradd -G dev-team Bob

step3-1

Step 4: Provide passwords for users John and Bob

Use command passwd

passwd creates a password for users.

Syntax: passwd username

passwd John

Step 5: Create a directory in /home and name it dev-team

Use command mkdir

mkdir creates a directory.

Syntax: mkdir directory-name

mkdir /home/dev-team

correction

Step 6: Change the group ownership of the folder dev-team to group dev-team

Use command chown

Syntax: chown :group-name folder

chown :dev-team /home/dev-team/

step6

Step 7: Make sure the permissions of folder dev-team allow group members to create and delete files.

Use command chmod

Write permissions allow users and groups to create and delete files.

Syntax: chmod permissions folder

chmod g+w /home/dev-team/

step7

Step 8: Ensure that 'others' don't have any access to the files of dev-team folder.

Remove read, write, execute permissions from 'others' if they exist.

chmod o-rx dev-team

correction2

Step 9: Exit the root session and switch to John

Use command exit to logout of the root user.

Use su to switch users.

Syntax: su - user

To confirm current user, use command whoami .

Verify with command whoami .

Step 10: Navigate to folder: /home/dev-team

Use command cd to switch folders.

Syntax: cd /path/to/folder

Confirm current path with pwd .

cd /home/dev-team

Step 11: Create an empty file in the folder: /home/dev-team

Use command touch to create an empty file.

Syntax: touch filename

touch john-file.txt

Verify: ls -lrt

john

Step 12: Change the group ownership of the created file to dev-team and verify.

Use command chown to change ownership.

Syntax: chown :group file-name

chown :dev-team john-file.txt

Once group ownership is modified, all members of the group can access this file.

Verify ls -lrt

step10

Step 13: Exit the shell and switch to user Bob

Use command exit to exit the terminal.

Verify the current user with command whoami .

Step 14: Navigate to the path /home/dev-team

Step 15: Find out Bob's privileges to access john-file.txt

Use command ls -l for long listing.

Syntax: ls -l | grep file-name

Does group have rw- permissions?

ls -l | grep john-file.txt

step13

Step 16: Modify the file john-file.txt while logged in as Bob

Use command echo to add some text to the file.

Syntax: echo "Some text" >>file-name

This would redirect the quoted text to end of the file.

echo "This is Bob's comment" > john-file.txt

If all the permissions are correctly set, Bob would be allowed to edit and save this file. Otherwise you would get an error like this: Permission denied .

Verify cat john-file.txt

bob-comment

Step 17: Create another group project-manager and assign a member Fatima to it

Use command groupadd to add a new group.

Create a new user with command useradd .

Use flag -G to assign a user to it.

Step 18: Navigate to folder /home/dev-team and verify if Fatima can access it

Use cd to navigate to /home/dev-team .

cd /home/dev-team .

We get this error:

fatima

This is because, others don't have any access to the folder dev-team .

If we recall, below are the rights of the dev-team folder.

recall

Wrapping up

Permissions and ownerships are useful concepts for enforcing security across multi-user operating systems. I hope you were able to learn about changing permissions and ownerships in depth.

What’s your favorite thing you learned from this tutorial? Let me know on Twitter !

You can also read my other posts here .

Thanks to Tom Mondloch for his help with the guided exercise.

I am a DevOps Consultant and writer at FreeCodeCamp. I aim to provide easy and to-the-point content for Techies!

If you read this far, thank the author to show them you care. Say Thanks

Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started

How-To Geek

Add a user to a group (or second group) on linux.

Changing the group a user is associated to is a fairly easy task, but not everybody knows the commands, especially to add a user to a secondary group.

Quick Links

Add a new group, add an existing user account to a group, change a user's primary group, view the groups a user account is assigned to, create a new user and assign a group in one command, add a user to multiple groups, view all groups on the system, key takeaways.

To add a user to a group, open the Terminal, then type "sudo usermod -a -G examplegroup exampleusername" into the window. Replace "examplegroup" and "exampleusername" with the group and username you want to modify.

Changing the group a user is associated to is a fairly easy task, but not everybody knows the commands, especially to add a user to a secondary group. We'll walk through all the scenarios for you.

User accounts can be assigned to one or more groups on Linux. You can configure file permissions  and other privileges by group. For example, on Ubuntu, only users in the sudo group can use the sudo command to gain elevated permissions.

If you're using a new Linux laptop , you might have some type of GUI interface to configure these settings (depending on the distribution that you're running, at least) but realistically it's almost always easier to just drop down to the terminal and type out a few commands, so that's what we're showing you today.

Related: What's the Difference Between Sudo and Su in Linux?

If you want to create a new group on your system, use the

command following command, replacing new_group with the name of the group you want to create. You'll need to use sudo with this command as well (or, on Linux distributions that don't use sudo , you'll need to run the 

 command on its own to gain elevated permissions before running the command).

sudo groupadd mynewgroup

Adding a new group named "new_group."

To add an existing user account to a group on your system, use the usermod command, replacing examplegroup with the name of the group you want to add the user to and exampleusername  with the name of the user you want to add.

usermod -a -G examplegroup exampleusername

For example, to add the user geek to the group sudo , use the following command:

usermod -a -G sudo geek

Adding the user "Greek" to the sudoers group.

Related: How to Add a User to the sudoers File in Linux

While a user account can be part of multiple groups, one of the groups is always the "primary group" and the others are "secondary groups". The user's login process and files and folders the user creates will be assigned to the primary group.

To change the primary group a user is assigned to, run the usermod command, replacing examplegroup  with the name of the group you want to be the primary and exampleusername with the name of the user account.

usermod -g groupname username

Note the -g here. When you use a lowercase g, you assign a primary group. When you use an uppercase -G , as above, you assign a new secondary group.

Changing the Geek user's primary group to example.

Related: How to Control sudo Access on Linux

To view the groups the current user account is assigned to, run the groups  command. You'll see a list of groups.

To view the numerical IDs associated with each group, run the id  command instead:

Checking what groups there are, and what their numerical IDs are.

To view the groups another user account is assigned to, run the groups  command and specify the name of the user account.

groups exampleusername

You can also view the numerical IDs associated with each group by running the id command and specifying a username.

id exampleusername

The first group in the groups list or the group shown after "gid=" in the id list is the user account's primary group. The other groups are the secondary groups. So, in the screenshot below, the user account's primary group is example .

Checking the groups the geek user belongs to.

You may sometimes want to create a new user account that has access to a particular resource or directory, like a new FTP user. You can specify the groups a user account will be assigned to while creating the user account with the useradd command, like so:

useradd -G examplegroup exampleusername

For example, to create a new user account named jsmith and assign that account to the ftp group, you'd run:

useradd -G ftp jsmith

You'll want to assign a password for that user afterwards, of course:

passwd jsmith

Creating a new user and simultaneously adding it to a group.

Related: How to Use the FTP Command on Linux

While assigning the secondary groups to a user account, you can easily assign multiple groups at once by separating the list with a comma.

usermod -a -G group1,group2,group3 exampleusername

For example, to add the user named geek to the ftp, sudo, and example groups, you'd run:

usermod -a -G ftp,sudo,example geek

You can specify as many groups as you like---just separate them all with a comma.

Adding a user to multiple groups with one command.

Related: The Best Linux Distributions for Beginners

If you want to view a list of all groups on your system, you can use the getent command:

getent group

This output will also show you which user accounts are members of which groups. So, in the screenshot below, we can see that the user accounts syslog and chris are members of the adm group.

List of groups available on the system.

That should cover everything you need to know about adding users to groups on Linux.

Related: The Best Linux Laptops of 2023

RELATED:   Best Linux Laptops for Developers and Enthusiasts

A Complete Guide to Linux File Ownership and Groups

Learning how to deal with file owners, groups, and permissions in Linux is important for system administrators and casual Linux users alike.

When you run into a problem with file permissions on Linux, quite often the source of your frustration will have something to do with settings pertaining to either the file’s owner or group. It’s pretty much inevitable that if you use Linux regularly, at one point or another, you are going to have to change a file or directory’s owner or group setting to fix a problem.

In this article, we’re going to demystify the concepts of Linux file owners and groups and show you how they affect who can access and manipulate the data on your system.

How to Find a File’s Owner and Group in Linux

At the Linux command line, you can view both the owner and group permission settings by using the ls -l (that’s a dash with a lowercase L) command. The -l switch will format the listing in columns that give you more details about your files than the standard ls command output.

linux-ls-permissions-unmodified

The first column shows the type of file and its permission settings. The second column shows the number of links to the file (usually 1). The third and fourth show the owner and group respectively. They are often (but not always) the same.

linux owner permissions highlighted

The settings displayed in the first column represent the bits that determine file permissions in Linux. The first character represents the file type. For example, a "-" indicates a regular file, and a "d" represents a directory. The three following bits (highlighted above) represent the file owner’s permissions— r for read, w for write, and x for execute.

Any permission that is not enabled will show as a dash. Then, in the third column of the directory listing, you see the user that owns the file.

linux group permissions highlighted

The second set of three bits in that first column (highlighted above) represents the permissions for the group that has access to this file. They work the same as above. They will be either a dash or one of r, w, and x.

How to Change the Owner of a File on Linux

With most Linux distributions, you will need to be the root user or a user with administrative privileges (i.e. you can use sudo) to change the owner of a file or directory.

Giving ownership of a file or directory to any user will give that user complete freedom to do whatever they wish with the file. They will be able to read it, modify it, delete it, and change permissions that dictate what other system users can do with it.

Linux chown command line

To change the owner of a file or directory, use the chown command with the following format:

Changing the owner of a file will not affect the group settings or permissions of that file.

How to Change a File’s Group Setting on Linux

If you are the owner of a file, you can change its group settings to any existing group. If you are not the owner, you will need root or sudo privileges.

Linux chgrp example command line

To change group access to a file or directory, use the chgrp command with the following format:

This will give all members of the chosen group access to the file or directory according to the item’s group permission settings.

How to Change a File’s Owner and Group at the Same Time

If you need to modify both the owner and group settings of a file or directory, you can do so with a single command. Since it involves changing the owner, you will need to have superuser privileges.

Linux chown example command line

To accomplish this, use the chown command as above but specify both the new owner and new group separated by a colon, with no spaces.

How to Create a Group Using the Linux Terminal

Groups allow you to assign access privileges to multiple users quickly and easily. Users on a Linux system can be members of more than one group at a time. You will need to be the root user or have sudo privileges to create groups.

To add a new group to the system, use the groupadd command.

To make sure your group has been created, you can use the getent command to list all groups or combine it with grep to look for a specific group.

If the output from the command shows the name of the group you were trying to create, this indicates that it was successfully created and you can add users to it. You can also have a look at our guide to managing groups on Linux for more detailed information about setting up new groups.

How to Add a User to a Group on Linux

Adding a user to a group is accomplished with the usermod command. Again, you will need superuser privileges, and both the user and the group must already exist. The following command will add a user to a group:

The -a switch in the command above stands for append and is important. If you add a user to a group without using the -a flag, the user will be removed from any other groups that they may already be part of. The -G flag signifies that you want to add the user to the group name following the switch.

How to Remove a User From a Group

Removing a user from a group is done with the gpasswd command. Enter the command (using sudo) in the following format.

This will delete the specified user from the specified group, leaving any other group memberships intact.

How to Remove a Group Using the Linux Terminal

Finally, the last thing you’ll need to know to manage groups on your system is to remove a group. First, it’s important to note that a group must be empty. If the group you want to remove is small, you can use the command above to manually remove each member.

If the group has more than just a handful of members and you need to remove them before deleting the group, you can remove them all at once with the groupmems command. Enter the command with the following format to remove all users from a specific group:

Once all members have been removed from the group, you can delete the group from the system with the groupdel command, as follows.

Linux User Groups Give You Greater Control

With the commands above you’ll be able to manage the owner and group access settings for any file or directory on your Linux system.

If you, or a user on your system, are having trouble accessing something, making sure the owner and group permissions are properly set is often a good first step to finding the solution.

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

How can I check the permissions of a specific group?

I've a group on my system and I don't know which permission it has. Where can I find all group permissions?

I want to have an output like this:

  • permissions

Dan's user avatar

5 Answers 5

You can see the rights of group by ls -l in terminal to see the permissions of corresponding files.

Which can be further shown

enter image description here

You can refer to File Permissions for changing permissions. Whereas following commands are used to change it.

EDIT : To view the files owned by the group " test " and user " luser ' use FIND command

to find all the groups available on your system:

eg. for finding the groups that the current user belongs to

then looking for groups luser belongs to

Now to see the files owned by group " test " in particular path or folder. Try

find /home -group test

find /etc -group root

GUI method via Nautilus , select the Group, Permissions , Owner options from the Nautilus Preferences menu.

enter image description here

Then in Nautilus File manager , by selecting Icons views you will get the group name under icon as

enter image description here

And in list view you will get something like

enter image description here

  • 2 Thats not an answer on my question. See my edited post. –  OrangeTux Jul 24, 2012 at 13:04

Groups don't have permissions so to say...

Each file/folder is owned by a user and a group. If your group owns the file/folder then you'll have the permissions in the second group of permissions.

For example, let's say a file has:

Split this into thirds, excluding the first character (this is a special character):

rwx (Owner) - The owner has read/write and execute permissions.

rw- (Group) - The group has read and write permissions.

r-- (Everyone else) - Everyone else has read permissions.

You can change these permissions using chmod and you can change who owns them by using chown. To learn more about these commands, open a terminal and type man chmod or man chown .

Eliah Kagan's user avatar

  • 1 But how can I see which folders/files got owned by a certain group? –  OrangeTux Jul 12, 2012 at 12:23
  • 1 @ OrangeTux cd to directory and enter ls -al That will give a complete readout of permissions. –  user76204 Jul 18, 2012 at 16:53
  • 1 Thats not an answer on my question. See my edited post. –  OrangeTux Jul 24, 2012 at 13:04

Seth's user avatar

You would type in the following command:

Syntax description:

John K. N.'s user avatar

To see the permissions of all files and folders associated with the group test in the mentioned folders you can use

  • -printf %M will output the permissions in the same form ls-l does, not followed by a newline
  • -print adds the filename followed by a newline.

Reference: man find .

To see the permissions of the mentioned folders you can use

mook765's user avatar

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged permissions ..

  • The Overflow Blog
  • Would you trust an AI bot to find the fix for vulnerabilities in your code?
  • Who owns this tool? You need a software component catalog
  • Featured on Meta
  • Site maintenance - Saturday, February 24th, 2024, 14:00 - 22:00 UTC (9 AM - 5...
  • Upcoming privacy updates: removal of the Activity data section and Google...
  • Notifying users about the policy on AU concerning AI-generated content
  • AI-generated content is not permitted on Ask Ubuntu

Hot Network Questions

  • Is there a word for an object orbiting a brown dwarf?
  • When do you use "do be" for emphasis?
  • compute accurate derivatives using FFT
  • Putting "software engineer" on resume if the company is a flat org and told me we were all hired seniors previously?
  • Manager asked for home address without giving a reason. Should I have provided it?
  • Op Amp - Convert a negative ramp to positive ramp
  • British Duke is murdered in elevator. Title is inherited by one of a pair of identical twins, both of whom are suspects
  • Pythagorean pentagons
  • Conveying 'So bad it's good' talking about movies, TV shows
  • Was UNRWA subject to examination or investigation regarding the adequacy of its audits before the terrorist attacks?
  • How does EXT4 handle sudden lack of space in the underlying storage?
  • How to find a "short" walk that visits all vertices of a strongly connected graph
  • Possible Mistake in Skiena's Algorithm Design Manual
  • Valid reason for not having plate armor in early medieval, low-magic fantasy setting?
  • Median of a set with even number of elements
  • The Devil's Shell Game
  • Find the n-th Fibonacci number in O(log n) time
  • Asking for Modifications to Letter of Accommodation for Disabilities
  • Putting a term under the square root
  • Is univalence equivalent to every type function being a functor over equivalence?
  • What are the differences between a synagogue and a temple?
  • How to deal with failing ideas?
  • What happens if I miss my French night train (intercités de nuit) if my connecting Eurostar is delayed or cancelled?
  • How to match a pattern only when it is not used as a head?

assign group permissions linux

  • 90% Refund @Courses
  • Shell Scripting
  • Docker in Linux
  • Kubernetes in Linux
  • Linux interview question

Related Articles

  • Coding for Everyone
  • Environment Variables in Linux/Unix
  • df command in Linux with Examples
  • adduser command in Linux with Examples
  • compgen command in Linux with Examples
  • tracepath command in Linux with Examples
  • Working with zcat, zmore and zless Command in Linux
  • leave Command in Linux with Examples
  • How to copy a file's content from Linux terminal?
  • SED command in Linux | Set 2
  • whereis command in Linux with Examples
  • addgroup command in Linux with Examples
  • Essential Linux/Unix Commands
  • Commands in Unix when things go wrong
  • Why to use exa instead of ls on Linux
  • shc Command in Linux
  • du command in Linux with examples
  • Difference between locate, which and find Command in Linux
  • Chaining Commands in Linux
  • Useful and time saving bash commands in Linux

How to Set File Permissions in Linux

Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. You can get more information by using an “option” with the “ls” command. All options start with a ‘-‘. For example, to execute “ls” with the “long listing” option, you would type ls -l . When you do so, each file will be listed on a separate line in a long format. There is an example in the window below. 

Table of Content

How to Check the Permission of Files in Linux

What are the three permission groups in linux, what are the three kinds of file permissions in linux, reading the security permissions in linux, how to change permissions in linux, the octal notations  in permissions in linux, how to set file permissions in linux – faqs.

ls -l 

There’s a lot of information in those lines. 

  • The first character = ‘-‘ , which means it’s a file  ‘d’ , which means it’s a directory.
  • The next nine characters = (rw-r–r–) show the security
  • The next column shows the owner of the file. (Here it is `root`)
  • The next column shows the group owner of the file. (Here it is `root` which has special access to these files)
  • The next column shows the size of the file in bytes.
  • The next column shows the date and time the file was last modified.
  • Last Column = File_name or Directory_name. (For example, here are: prac, snap, test, example)

First, you must think of those nine characters as three sets of three characters (see the box at the bottom). Each of the three “rwx” characters refers to a different operation you can perform on the file.  

  • Owners: These permissions apply exclusively to the individuals who own the files or directories.
  • Groups: Permissions can be assigned to a specific group of users, impacting only those within that particular group.
  • All Users: These permissions apply universally to all users on the system, presenting the highest security risk. Assigning permissions to all users should be done cautiously to prevent potential security vulnerabilities.

There are three kinds of file permissions in Linux Read, write, and execute.

Symbols:   `+`, `-` and `=` Option in Linux File Permission

User, group, and others option in linux file permission, for example:  “rw-  r-x  r–“.

  • “rw-“ : the first three characters `rw-`. This means that the owner of the file can “read” it (look at its contents) and “write” it (modify its contents). we cannot execute it because it is not a program but a text file. 
  • “r-x” : the second set of three characters “r-x”. This means that the members of the group can only read and execute the files. 
  • “r–“ : The final three characters “r–” show the permissions allowed to other users who have a UserID on this Linux system. This means anyone in our Linux world can read but cannot modify or execute the files’ contents.  

The command you use to change the security permissions on files is called “ chmod “, which stands for “change mode” because the nine security characters are collectively called the security “mode” of the file.  An example will make this clearer.   

For example , if you want to give “execute” permission to the world (“other”) for file “xyz.txt”, you will start by typing. 

Now you would type a ‘+’ to say that you are “adding” permission.   

Then you would type an ‘x’ to say that you are adding “execute” permission.   

Finally, specify which file you are changing.   

You can see the change in the picture below.   

chmod o+x xyz.txt

chmod o+x xyz.txt

You can also change multiple permissions at once. For example, if you want to take all permissions away from everyone, you would type.   

The code above revokes all the read(r), write(w), and execute(x) permission from all user(u), group(g), and others(o) for the file xyz.txt which results in this.   

multiple use

multiple use

Another example can be this:   

The code above adds read(r) and write(w) permission to both user(u) and group(g) and revoke execute(x) permission from others(o) for the file abc.mp4.  Something like this:   

assigns read(r) and execute(x) permission to both user(u) and group(g) and add read permission to others for the file abc.c.  There can be numerous combinations of file permissions you can invoke revoke and assign. You can try some on your Linux system . 

You can also change multiple permissions at once. For example, if you want to take all permissions away from everyone, you would type. 

You can also use octal notations like this. 

 octal notations

octal notations

Using the octal notations table instead of ‘r’, ‘w’, and ‘x’. Each digit octal notation can be used for either of the group ‘u’, ‘g’, or’o’. 

So, the following work is the same.   

Both of them provide full read write and execute permission (code=7) to all the group. 

The same is the case with this.   

Both the codes give read (code=4) user permission, write and execute (code=3) for the group and read and execute (code=5) for others. 

And even this… 

Both the commands give all permissions (code=7) to the user and group, read and execute (code=5) for others. 

How do I change file permissions in Linux using the command line?

To change file permissions in Linux, you can use the ` chmod` command followed by the desired permission settings. For example: If we want to grants read, write, and execute permissions to the owner, and read and execute permissions to the group and others. chmod 755 filename

Can I change file permissions for multiple files at once?

Yes, you can change file permissions for multiple files simultaneously using wildcards with the ` chmod` command. For instance to sets read and write permissions for the owner and read-only permissions for the group and others for all text files in the directory. chmod 644 *.txt

How do I change the owner of a file in Linux?

To change the owner of a file, you can use the ` chown` command. For example : If we want to changes the owner to “newowner” and the group to “newsgroup.” chown newowner:newgroup filename

What are the symbolic and octal representations in file permissions?

File permissions can be expressed in both symbolic (e.g., u=rw, g=r, o=r) and octal (e.g., 644) representations. Symbolic representations offer a more intuitive way to specify permissions, while octal representations provide a concise numerical format.

How can I recursively change permissions for all files and directories in a directory?

To change permissions recursively, use the ` -R` option with the ` chmod` command. For example : If we want to execute permissions for the owner, read and execute permissions for the group, and no permissions for others, applying these changes to all files and subdirectories within the specified directory. chmod -R 750 directory

In this article we discussed how to change file permission in linux which is vital for security. The system’s multi-user nature requires a nuanced understanding of read, write, and execute permissions for owners, groups, and others. The chmod command facilitates precise control, allowing users to modify permissions symbolically or through octal values. Essential commands like chown enable ownership changes. Whether granting or revoking access, users must exercise caution, especially when applying universal permissions. Mastering file permissions is fundamental for maintaining a secure and organized Linux system.

Please Login to comment...

  • linux-command
  • surinderdawra388
  • sumitgumber28
  • kothavvsaakash

Improve your Coding Skills with Practice

 alt=

What kind of Experience do you want to share?

  • Articles Automation Career Cloud Containers Kubernetes Linux Programming Security

Linux file permissions explained

%t min read | by Scott McBrien (Red Hat)

Traffic light showing green for "go"

Photo by Eliobed Suarez on  Unsplash

File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. This article provides an overview of Linux file permissions, how they work, and how to change them.

How do you view Linux file permissions?

The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

In this example, you see two different listings. The first field of the ls -l output is a group of metadata that includes the permissions on each file. Here are the components of the vimrc listing:

  • File type: -
  • Permission settings: rw-r--r--
  • Extended attributes: dot ( . )
  • User owner: root
  • Group owner: root

The fields "File type" and "Extended attributes" are outside the scope of this article, but in the featured output above, the vimrc file is a normal file, which is file type - (that is, no special type).

The tuned listing is for a d , or directory, type file. There are other file types as well, but these two are the most common. Available attributes are dependent on the filesystem format that the files are stored on. For Red Hat Enterprise Linux 7, 8, and 9, the default filesystem format is XFS.

How do you read file permissions?

This article is about the permission settings on a file. The interesting permissions from the vimrc listing are:

This string is actually an expression of three different sets of permissions:

The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group.

When permissions and users are represented by letters, that is called symbolic mode. For users, u stands for user owner, g for group owner, and o for others. For permissions, r stands for read, w for write, and x for execute.

[ Learn how to manage your Linux environment for success . ]

When the system is looking at a file's permissions to determine what information to provide you when you interact with a file, it runs through a series of checks:

  • It first checks to see whether you are the user that owns the file. If so, then you are granted the user owner's permissions, and no further checks will be completed.
  • If you are not the user that owns the file, next your group membership is validated to see whether you belong to the group that matches the group owner of the file. If so, then you're covered under the group owner field of permissions, and no further checks will be made.
  • "Others" permissions are applied when the account interacting with the file is neither the user owner nor in the group that owns the files. Or, to put it another way, the three fields are mutually exclusive: You can not be covered under more than one of the fields of permission settings on a file.

Permissions go beyond the different types of people that can interact with a file. Each user gets an expression that includes the three basic types of permissions. In the example above, the owner of the file is given the following permissions:

Each character in the expression indicates whether a specific permission is granted or not. In the example above, read ( r ) permission and write ( w ) permission have been granted on the file. However, the execute permission ( x ) is not granted, which is why there's a - sign in the expression. The permission in this field is disabled.

Consider the group owner's permissions in this example:

The read ( r ) permission is granted to members of the group, but write and execute have both been disabled.

[ Keep your most commonly used commands handy with the Linux commands cheat sheet . ]

What are octal values?

When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

  • r (read): 4
  • w (write): 2
  • x (execute): 1

In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions.

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

  • Owner: rwx = 4+2+1 = 7
  • Group: r-- = 4+0+0 = 4
  • Others: r-- = 4+0+0 = 4

The results produce the three-digit value 744.

What do Linux file permissions actually do?

I've talked about how to view file permissions, who they apply to, and how to read what permissions are enabled or disabled. But what do these permissions actually do in practice?

Read permission is used to access the file's contents. You can use a tool like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file's contents to make a duplicate of it.

Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell ( > or >> ) to change the contents of a file. Without write permission, changes to the file's contents are not permitted.

Execute (x)

Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts, Python programs, and a variety of interpreted languages.

[ Download now: A sysadmin's guide to Bash scripting . ]

There are other ways to execute the contents of a file without execute permission. For example, you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute. An example would be invoking a Bash shell script:

The executable being run is bash . The script.sh file is read by the Bash interpreter, and its commands are executed. The content in this article is general purpose, but in Linux, there are often additional ways to accomplish tasks .

IT Automation ebook

How do directory permissions work?

Directory file types are indicated with d . Conceptually, permissions operate the same way, but directories interpret these operations differently.

Like regular files, this permission allows you to read the contents of the directory. However, that means that you can view the contents (or files) stored within the directory. This permission is required to have things like the ls command work.

As with regular files, this allows someone to modify the contents of the directory. When you are changing the contents of the directory, you are either adding files to the directory or removing files from the directory. As such, you must have write permission on a directory to move ( mv ) or remove ( rm ) files from it. You also need write permission to create new files (using touch or a file-redirect operator) or copy ( cp ) files into the directory.

This permission is very different on directories compared to files. Essentially, you can think of it as providing access to the directory. Having execute permission on a directory authorizes you to look at extended information on files in the directory (using ls -l , for instance) but also allows you to change your working directory (using cd ) or pass through this directory on your way to a subdirectory underneath.

Lacking execute permission on a directory can limit the other permissions in interesting ways. For example, how can you add a new file to a directory (by leveraging the write permission) if you can't access the directory's metadata to store the information for a new, additional file? You cannot. It is for this reason that directory-type files generally offer execute permission to one or more of the user owner, group owner, or others.

[ Want to test your sysadmin skills? Take a skills assessment today . ]

How do you modify Linux file permissions?

You can modify file and directory permissions with the chmod command, which stands for "change mode." To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file's group, chmod o represents other users not in the file's group. For all users, use chmod a .

Maybe you want to change the user owner itself. You can do that with the chown command. Similarly, the chgrp command can be used to change the group ownership of a file.

What are special file permissions?

Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered.

  • SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command.
  • SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner. This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files.

The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory.

Want to take a deeper dive into special permissions? Read Linux permissions: SUID, SGID, and sticky bit .

Wrapping up

Understanding Linux file permissions (how to find them, read them, and change them) is an important part of maintaining and securing your systems. You can learn more about file permissions for Red Hat Enterprise Linux  by checking out the  documentation or by practicing with a self-paced lab on using file permissions .

[ Cheat sheet: Get a list of Linux utilities and commands for managing servers and networks . ]

spider in a web

Scott McBrien

Scott McBrien has worked as a systems administrator, consultant, instructor, content author, and general geek off and on for Red Hat since July 2001. More about me

Try Red Hat Enterprise Linux

Download it at no charge from the red hat developer program., related content.

Two packages with red ribbon on red background

IMAGES

  1. 🧰 Manage access in a Linux System

    assign group permissions linux

  2. Basics of Linux File and Directory Permission Management

    assign group permissions linux

  3. A beginner's guide to Linux permissions

    assign group permissions linux

  4. A beginner's guide to Linux permissions

    assign group permissions linux

  5. Linux Permissions

    assign group permissions linux

  6. Set group permissions in linux

    assign group permissions linux

VIDEO

  1. How to assign User and Group Permissions AWS IAM

  2. CompTIA A+ 09-01k Operating Systems Linux

  3. Linux Permissions

  4. MTS

  5. 020-Change Permissions with Symbolic Method

  6. Linux Tutorial: 48 Changing files permissions

COMMENTS

  1. How to manage Linux permissions for users, groups, and others

    Change into the ~/playground directory by using the cd command. You are ready to work with the commands and concepts below. When you've completed the article and learned the techniques I've covered, delete the two user accounts, the groups, and the playground directory.

  2. Setting permissions for specific user and groups in Linux

    Setting permissions for specific user and groups in Linux Ask Question Asked 13 years, 9 months ago Modified 10 years, 4 months ago Viewed 94k times 9 How can I grant permission for files to a specific user or a specific group? We have three groups: "g12" ("u1" and "u2), "g34" and "g56". g12 - should only read the file.

  3. How to create, delete, and modify groups in Linux

    To add a group in Linux, use the groupadd command: $ sudo groupadd demo When a group is created, a unique group ID gets assigned to that group. You can verify that the group appears (and see its group ID) by looking in the /etc/group file. If you want to create a group with a specific group ID (GID), use the --gid or -g option:

  4. linux

    1 asked Sep 11, 2016 at 13:19 pbount 105 1 1 5 Add a comment 2 Answers Sorted by: 2 though the group owns it No, group does not own a file in a sense that the permissions for owner apply.

  5. How to add Users, Groups and Assign Permissions in Linux

    1. Users in Linux 2. Groups in Linux 3. Permissions in Linux 4. Change Owner in Linux Add Users, Groups and Assign Permissions in Linux A. Users in Linux You can think of a User as a single personal account. Just like in Windows or Mac. There are 2 types of users: Root User (One which has administrative rights overall)

  6. How to Manage Users with Groups in Linux

    You need to create two groups: readers editors Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory.

  7. The Beginner's Guide to Managing Users and Groups in Linux

    Each file in Linux has a set of user and group permissions, and you can use the ls -l command to show the full set of permissions and attributes from the terminal. ... Let's assign Anki and Kig to the k12 group using the chown command, which uses the following format: sudo chown: [group name] [files list] You can also revoke the read and ...

  8. How to Add User to Group in Linux

    • 4 min read In this tutorial, we will explain how to add a user to a group in Linux systems. We will also show you how to remove a user from a group and how to create, delete, and list groups. Linux Groups Linux groups are organization units that are used to organize and administer user accounts in Linux.

  9. Managing Users & Groups, File Permissions & Attributes and ...

    When a new user account is added to the system, the following operations are performed. 1. His/her home directory is created ( /home/username by default). 2. The following hidden files are copied into the user's home directory, and will be used to provide environment variables for his/her user session.

  10. How to manage users and groups in Linux

    Here are some commands to display group information: usermod: Update group membership. id: Display a list of groups the user is a member of. cat /etc/group: Show a list of existing groups, with membership displayed in the last field. One resource for these commands is their related man pages.

  11. How To Change File or Directory Permissions in Linux

    1. Create a new directory called test_directory $ mkdir test_directory 2. Move into the newly created directory. $ cd test_directory 3. Create a new test file called test1.txt. $ touch test1.txt 4....

  12. permissions

    Adds the group devFirmB with r ead, w rite, e x ecute permissions to directory /srv/svn. If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means "allow execution if executable by the owner (or anyone else)". setfacl -m g:devFirmB:rwx /srv/svn ...

  13. Linux chmod and chown

    A user-group is a collection of users. Users that belonging to a group will have the same Linux group permissions to access a file/ folder. You can use groups to assign permissions in a bulk instead of assigning them individually. A user can belong to more than one group as well. Other. Any users that are not part of the user or group classes ...

  14. Add a User to a Group (or Second Group) on Linux

    User accounts can be assigned to one or more groups on Linux. You can configure file permissions and other privileges by group. For example, on Ubuntu, only users in the sudo group can use the sudo command to gain elevated permissions.

  15. A Complete Guide to Linux File Ownership and Groups

    At the Linux command line, you can view both the owner and group permission settings by using the ls -l (that's a dash with a lowercase L) command. The -l switch will format the listing in columns that give you more details about your files than the standard ls command output. The first column shows the type of file and its permission settings.

  16. How can I check the permissions of a specific group?

    If your group owns the file/folder then you'll have the permissions in the second group of permissions. For example, let's say a file has:-rwxrw-r-- Split this into thirds, excluding the first character (this is a special character): rwx (Owner) - The owner has read/write and execute permissions. rw-(Group) - The group has read and write ...

  17. How to change directory permissions in Linux

    There are three options for permission groups available to you in Linux. These are. owners: these permissions will only apply to owners and will not affect other groups.; groups: you can assign a group of users specific permissions, which will only impact users within the group.; all users: these permissions will apply to all users, and as a result, they present the greatest security risk and ...

  18. How to Set File Permissions in Linux

    Groups: Permissions can be assigned to a specific group of users, impacting only those within that particular group. All Users: These permissions apply universally to all users on the system, presenting the highest security risk. Assigning permissions to all users should be done cautiously to prevent potential security vulnerabilities.

  19. Assigning File Permissions to Specific Users with chmod and setfacl

    13 November 2023 by Korbin Brown The Linux operating system allows users to assign granular permissions to all files and directories. Ordinarily, it is sufficient to hand out read, write, and/or execute permissions to individual user accounts or groups of users by utilizing the chmod command.

  20. Linux File Permissions and Ownership Explained with Examples

    Explain Linux File Permissions and Ownership Explained with Examples Linux file permissions explained in simpler terms. Also learn how to change the file permissions and ownership in Linux in this detailed beginner's guide. Aug 17, 2018 — Abhishek Prakash Linux File Permissions and Ownership Explained with Examples

  21. Linux file permissions explained

    The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group. When permissions and users are represented by letters, that is called symbolic mode. For users, u stands for user owner, g for group owner, and o for

  22. Chmod Command in Linux (File Permissions)

    chmod og= filename. Copy. Give read, write and execute permission to the file's owner, read permissions to the file's group and no permissions to all other users: chmod u=rwx,g=r,o= filename. Copy. Add the file's owner permissions to the permissions that the members of the file's group have: chmod g+u filename. Copy.