Master Linux User, Group, and File Permission Management: Commands and Best Practices

User Management

In Linux, users are classified as superuser (root), regular users, and system users (e.g., nobody, daemon) which usually cannot log in.

Add User

useradd

creates a new user.

Basic syntax:

useradd [options] username

-d

specify home directory (default /home/username) -g specify initial group (default same as username) -G assign supplementary groups -u specify UID (default auto)

Examples:

useradd testuser

useradd -d /usr/zhangsan zhangsan

useradd -d /usr/lisi -g dev -G test lisi

Set User Password

After creating a user, set a password with passwd.

Syntax: passwd username Example:

passwd testuser

Switch User

su

switches to another user, typically root.

Syntax: su [username] Examples: su testuser Enter the password to switch. su - Switch to root with full login environment. su username Switch to the specified user. exit or Ctrl+D to return.

Verify the current user with whoami and id.

Modify User

usermod

changes username, home directory, groups, etc.

Syntax:

usermod [options] username

-l

new username -d new home directory -g new primary group -G supplementary groups

Examples:

usermod -l lis zhangsan

usermod -d /usr/zhangsan2 -m zhangsan

usermod -g dev1 zhangsan

usermod -L zhangsan

Lock user usermod -U zhangsan Unlock user

Delete User

Remove a user and optionally its home directory with userdel.

Example:

userdel -r zhangsan

sudo Command

sudo

allows a regular user to execute commands as root or another user.

Syntax:

sudo [options] [command]

-i

simulate login as target user (default root) with full environment. -u <user> run command as the specified user. -k invalidate cached credentials. -l list allowed sudo privileges. -v validate credentials without running a command. -e edit a file with sudo.

Examples:

sudo apt update   # update package list

sudo -i            # become root with full environment

sudo -u www-data whoami

The sudoers file ( /etc/sudoers) defines fine‑grained permissions. Example entries:

# Allow user1 to run any command as any user
user1 ALL=(ALL:ALL) ALL

# Allow user2 to run any command without a password
user2 ALL=(ALL:ALL) NOPASSWD: ALL

# Allow user3 to run only a specific command
user3 ALL=(ALL:ALL) /usr/bin/systemctl restart apache2

# Allow group admin to run any command
%admin ALL=(ALL:ALL) ALL

User Group Management

Managing groups controls permissions for multiple users. Groups are defined in /etc/group.

Add Group

Use groupadd to create a new group.

Syntax: groupadd [options] groupname Examples:

groupadd developers

groupadd -g 1001 developers

Modify Group

Use groupmod to rename a group or change its GID.

Examples:

groupmod -n devteam developers

groupmod -g 2000 developers

Add user john to the primary group developers and to the supplementary group admins:

usermod -g developers john

usermod -aG admins john

Delete Group

Remove a group with groupdel.

groupdel developers

File Permissions

View File Attributes

Use ls -l or ll to see detailed file information.

$ ls -l
-rw-r--r-- 1 user group 1234 Dec 22 12:00 example.txt

Fields: file type & permissions, link count, owner, group, size (bytes), modification time, and filename.

File Types

The first character indicates the type: '-' regular file, 'd' directory, 'l' symbolic link, 'b' block device, 'c' character device, 's' socket, 'p' FIFO.

Permission Bits

Permissions are expressed as rwx for owner, group, and others.

-rw-r--r--  # owner read/write, group and others read only
 drwxr-xr-x  # directory, owner rwx, group and others r-x
 -rwx------  # file, only owner rwx

Change Permissions

Use chmod to modify permissions.

Numeric mode example: chmod 755 file # rwx r-x r-x Symbolic mode examples:

chmod u+x file          # add execute for owner
chmod g-w,o-w file      # remove write for group and others
chmod o=r file          # set others to read only

Change Owner and Group

Use chown and chgrp to modify ownership.

Examples:

chown user2 file
chgrp developers file
chown user2:developers file