Buy My Book on Amazon Buy My Book Direct (PDF) GitHub Profile LinkedIn Profile

Permissions in Linux

Users and Permissions

By Shahzad Qadir, Posted on: Dec. 8, 2025, 2:53 p.m.

My Linux Notes:

Create Users

Interactive
$ sudo adduser temporary
Adding user `temporary' ...
Adding new group `temporary' (1002) ...
Adding new user `temporary' (1001) with group `temporary' ...
Creating home directory `/home/temporary' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for temporary
Enter the new value, or press ENTER for the default
        Full Name []: Temporary
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [Y/n] y
Non-interactive - good for scripting
$ sudo useradd -m -s /bin/bash temporary 
# -m create directory
# -s login shell for new user
# Set password
$ echo "temporary:cisco123" | sudo chpasswd
Switch User to test
$ su - temporary
Password: 
temporary@devpc:~$
Add User to a Group
$ sudo usermod -aG sudo temporary
# Add user temporary to Group sudo
# -G to change group, -aG make sure user remains in existing group and get added to new group too. -a is for append

Delete User

$ sudo deluser --remove-home temporary                                                                          
Looking for files to backup/remove ...
Removing files ...
Removing user `temporary' ...
Warning: group `devops' has no more members.
Done.
Check if a user exists
$ more /etc/passwd | grep username

File and Directory Permissions

To understand permissions in Linux, let's create a file first and then examine it's permissions

$ touch temporary.txt
$ ls -l
$ -rw-rw-r-- 1 shahzad shahzad   0 Dec  8 14:10 temporary.txt

Display Permissions:

To display permissions of a file or folder we need to use long output of ls using ls -l

it shows the file is owned by user shahzad and group shahzad as user shahzad has created this file so he has read, and write permission on it.

-rw-rw-r--

First character tells the type of file, for a directory it will be d as this is a file so it shows -

characters 2 - 4 rw- show User permissions, here user shahzad has Read, and Write permissions.

characters 5-7 rw- show Group permissions, here group shahzad also has Read and Write permissions.

characters 8-10 r-- show other's permissions, anyone who is not owner of this file will only have read permissions.

Make a file Executable

By default the file will not have execute permissions, if we want to make a file executable, we will need to add +x to it, we can do it for user as well as for group.

Let's create another file, we will later make it executable and run it.

$ touch hello.sh
ls -l
total 4
-rw-rw-r-- 1 shahzad shahzad    0 Dec  8 14:18 hello.sh

We will edit this file and add this line:

echo "Hello World!"

To make it executable for the owner (user)

$ chmod u+x hello.sh 
$ ls -l
-rwxrw-r-- 1 shahzad shahzad   20 Dec  8 14:21 hello.sh

We can also make it executable for the whole group

$ chmod g+x hello.sh
$ ls -l
-rwxrwxr-- 1 shahzad shahzad   20 Dec  8 14:21 hello.sh

Finally, we can make it executable for everyone (user, group, anyone else)

$ chmod +x hello.sh
$ ls -l
-rwxrwxr-x 1 shahzad shahzad   20 Dec  8 14:21 hello.sh

Change Ownership of a file

To change ownership of a file, use chown user:group, its a super user command

$ sudo chown temporary:devops hello.sh
$ ls -l
-rwxrwxr-x 1 temporary devops    20 Dec  8 14:21 hello.sh

Now, owner of this file is user temporary who is part of group devops

User shahzad who used to have read, write, execute permissions on it, now only have read, and execute permissions. If I try to edit, i will get a readonly'message now.

Note: To change ownership of a directory use -R flag...

shell chown -R directory_name

Binary for Permissions

Binary  Number  Meaning
rwx     
000     0       No Permissions (---)
001     1       Execute Only (--x)
010     2       Write Only (-w-)
011     3       Write + Execute (-wx)
100     4       Read Only (r--)
101     5       Read + Execute (r-x)
110     6       Read + Write (rw-)
111     7       Read + Write + Execute (xxx)

These numbers can be used to assign permissions to users, groups, and others.

Common Permissions are:
777     User (7), Group (7), Others (7) User+Group+Others - Full read+write+execute permission
755     User (7) has Read+Write+Execute     Group (5) has Read + Execute    Others (5) have Read + Execute
745     User (7) has Read+Write+Execute     Group (4) has Read only     Others (5) have Read + Execute
644     User (6) has Read+Write         Group (4) has Read Only     Others (4) have Read only
Change Permissions for a file
$ sudo chmod new_permissions file_name

# For Example
$ sudo chmod 755 temporary.txt
$ ls -l | grep temporary
-rwxr-xr-x 1 shahzad shahzad    0 Dec  8 14:10 temporary.txt
# now owner=rwx, group=r-x, others=r-x

Environment Variables

Add Environment Variables for Session
export $VARIABLE_NAME=VALUE

# For example
export DB_NAME="mydb"
export DB_PASSWORD="mydbpass"
Make Environment variables permanent for user

~/.bashrc loads every time user logs in, adding environment variables in this file will make them permanent.

$ vi ~/.bashrc
# at the end of the file
export DB_NAME="mydb"
export DB_PASSWORD="mydbpass"
Make environment variables permanent for Everyone

Add environment variables to /etc/environment to make them permanent for every user.

View Environment Variables

To view all environment variables or print the ones we need:

$ printenv  # prints all environment variables
$ printenv | grep DB
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
DB_NAME=mydb
DB_PASSWORD=mydbpass

To print only the one we need

$ echo $DB_NAME    
mydb
Append PATH Variable
$ vi ~/.bashrc
# At the end of file, add
PATH=$PATH:/home/shahzad/

Now any executable I store in my home folder will be accessible from anywhere as Linux will look in my home folder too.

Setup SSH

On Server

Install Openssh Server

By default most distributions like Ubuntu, Openssh Client is already installed but you will need to install Openssh Server.

$ sudo apt install openssh-server
Setup a user account for remote user
# create user and it's shell
$ sudo useradd -m -s /bin/bash newuser

# setup new user's password
$ sudo passwd newuser

On client machine

Create a pair of public/private keys using

# Generate SSH keys
$ ssh-keygen

It will create two files in ~/.ssh , id_rsa and id_rsa.pub

Copy public key to the server

$ ssh-copy-id newuser@server_ip
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 5 key(s) remain to be installed -- if you are prompted now it is to install the new keys
newuser@server_ip's password: 

Number of key(s) added: 5

Now try logging into the machine, with:   "ssh 'new_user@server_ip'"
and check to make sure that only the key(s) you wanted were added.

All done, SSH Key based entry is all setup, you should be able to connect to server without using password.