Skip to main content

Learn Linux

Chapter #3: How to Manage Users, Groups, and File Permissions in Linux

In this chapter, you’ll explore Linux users, groups, system files like /etc/passwd, and commands like chmod, chown, chgrp, and visudo with exercises.

In the previous chapter, you learned how to manage files and directories - creating, moving, copying, and deleting them using Linux commands.

We’ll build on that foundation by exploring how Linux controls who can access and modify those files and directories.

In this chapter, you will learn:

  • Users and groups - How Linux identifies who is accessing the system.
  • Important system files - /etc/passwd, /etc/group, and /etc/shadow - and what they store.
  • Essential commands - chmod, chown, chgrp, and visudo - to manage permissions and ownership.
  • The role of the /etc/sudoers file and how to edit it safely.
  • Exercises to practice what you've learned.

Linux uses a permission-based model to control access to files and directories. Every file is owned by a user and a group, and permissions determine who can read, write, or execute that file.

Understanding how ownership and permissions work is key to keeping your system secure and organized.

As a system administrator, you will need to know how to add, edit, suspend, or delete user accounts and groups, and grant them the necessary permissions to perform their tasks.

These tasks must be performed as root, the superuser, or by using the sudo command as a regular user.

To switch to the root account, type the following command and enter the root user's password:

su -

Alternatively, you can run administrative commands as a regular user using sudo. For example:

sudo useradd newuser

You’ll be prompted to enter your own password (not root’s), and the command will execute with elevated privileges.

💡
For a user to use sudo, they must be listed in the /etc/sudoers file or be part of a group that has sudo access (usually the sudo or wheel group, depending on the distro).

Editing the /etc/sudoers File Safely

To give users permission to execute commands with sudo, you must configure the /etc/sudoers file properly.

Do not edit /etc/sudoers directly with a normal text editor like nano or vim. If there's a syntax error, you can lock yourself out of admin access.

Instead, use visudo, which opens the sudoers file in a safe editing mode and checks for syntax errors before saving.

sudo visudo

To give a user (e.g. me) sudo access, you can add this line:

me ALL=(ALL) ALL

Or, to allow only specific commands:

me ALL=(ALL) /usr/sbin/useradd, /usr/sbin/userdel

Adding and Modifying User Accounts and Groups

To add a new user called me, do:

useradd me

This will also create a group named me.

Additionally, you can create other groups using groupadd. For example, the following command will add a group called support:

groupadd support

When a new account is added, you can find the information about it in /etc/passwd. This file contains a record for each system user account and has the following format (fields are delimited by a colon):

  • User name
  • User password (or the character x if the password is stored in /etc/shadow in encrypted form)
  • User ID (UID): an integer that identifies the account
  • Group ID (GID): another integer that identifies the group to which the user belongs
  • User info: this field is optional; if it is not empty, it contains extra information about the user account
  • Absolute path to the user’s home directory
  • Absolute path to the default shell for the user

At any time after adding an account, you can edit the following information (and others as well) using usermod, whose basic syntax is as follows: