Users, groups and file permissions on Debian

At times, you might find yourself in the situation where you might want a certain user to be able to make changes to folders or files belonging to somebody else. This is where knowledge about groups and permissions might come in handy.

The permissions system in Linux is one important pillar of its security model. It provides control over who can access what. There are 3 types of permissions, with self explanatory names:

  • read (r)
  • write (w)
  • execute (x)

These permissions are given to 3 distinct categories of users:

  • owner (u): the person who owns the file or the directory;
  • group (g): the group associated with the file or the directory;
  • others (o): other users in the system who are not within the group, nor own the file or directory.

To view the permissions in detail you might use a command like ls -la:

total 24
drwxr-xr-x 4 www-data www-data 4096 Mar 25 10:00 .
drwxr-xr-x 6 www-data www-data 4096 Mar 25 09:59 ..
-rw-r--r-- 1 www-data www-data  465 Mar 25 10:00 index.html
drwxr-xr-x 2 www-data www-data 4096 Mar 25 10:00 css
drwxr-xr-x 2 www-data www-data 4096 Mar 25 10:00 images
Code language: CSS (css)

The rights column can be interpreted like this:

+----- d is shown if this is a directory
drwx rwx r--
  |   |   |
  |   |   +--- Others' permissions
  |   +------- Group's permissions
  +----------- Owner's permissionsCode language: PHP (php)

To interact with the permissions, chown and chmod are the main commands.

The users and groups are other essential components of the linux security model, where users are individuals who can interact with the system, while groups are collections of users.

Useful commands:

  • sudo adduser testuser – create a new user named testuser;
  • sudo passwd testuser – change the password for testuser;
  • cat /etc/passwd – show the list of users and other information (such as the default shell);
  • sudo addgroup testgroup – create a new group named testgroup;
  • sudo adduser testuser testgroup – add testuser to the testgroup;
  • sudo deluser testuser testgroup – remove testuser from testgroup;
  • sudo delgroup testgroup – delete testgroup;
  • cat /etc/groups – show the list of groups;
  • id or id -nG – see the groups of the current user.

When creating a new user, you might have to generate a new ssh key, which can be done with:

  • ssh-keygen

Read more: