You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Linux is a multi-user operating system. Every file and process has an owner, and access is controlled through a robust permissions system. Understanding users, groups, and permissions is critical for security and system administration.
Every user account has:
| Attribute | Description | Stored In |
|---|---|---|
| Username | Login name (e.g., alice) | /etc/passwd |
| UID | Numeric user ID (e.g., 1000) | /etc/passwd |
| GID | Primary group ID | /etc/passwd |
| Home directory | Personal directory (e.g., /home/alice) | /etc/passwd |
| Login shell | Default shell (e.g., /bin/bash) | /etc/passwd |
| Password hash | Encrypted password | /etc/shadow |
| User | UID | Purpose |
|---|---|---|
| root | 0 | Superuser with unlimited privileges |
| nobody | 65534 | Least-privileged user for services |
| www-data | 33 | Web server user (Apache/Nginx) |
| sshd | — | SSH daemon service account |
Each line represents a user account:
alice:x:1000:1000:Alice Smith:/home/alice:/bin/bash
│ │ │ │ │ │ │
│ │ │ │ │ │ └── Login shell
│ │ │ │ │ └── Home directory
│ │ │ │ └── GECOS (full name / comment)
│ │ │ └── Primary GID
│ │ └── UID
│ └── Password placeholder (actual hash in /etc/shadow)
└── Username
sudo useradd -m -s /bin/bash bob # create user bob with home dir and bash shell
sudo passwd bob # set password for bob
sudo usermod -aG docker bob # add bob to the docker group
sudo userdel -r bob # delete bob and their home directory
id alice # show UID, GID, and groups for alice
whoami # show current username
Groups allow you to manage permissions for multiple users at once.
developers:x:1001:alice,bob,charlie
│ │ │ │
│ │ │ └── Group members
│ │ └── GID
│ └── Password placeholder
└── Group name
sudo groupadd developers # create a new group
sudo groupdel developers # delete a group
sudo usermod -aG developers alice # add alice to developers group
groups alice # list groups for alice
Tip: Always use
-aG(append to groups) when adding users to groups. Using-Gwithout-areplaces all secondary groups.
Every file and directory has three sets of permissions for three categories of users:
| Category | Symbol | Description |
|---|---|---|
| Owner | u | The user who owns the file |
| Group | g | Members of the file's group |
| Others | o | Everyone else |
| Permission | Symbol | On File | On Directory |
|---|---|---|---|
| Read | r (4) | View file contents | List directory contents |
| Write | w (2) | Modify file contents | Create/delete files in directory |
| Execute | x (1) | Run as a program | Enter (cd into) the directory |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.