DEV Community

Folarin Martins
Folarin Martins

Posted on

The Ultimate Guide to User & Permissions Management in GNU/Linux

Create new user
sudo adduser newuser

NOTE: Creating a new user also creates a group by the same name known as the primary group

Change user password
sudo passwd newuser

Grant user admin privileges
visudo
with unlimited root access
newuser ALL=(ALL) all

with restricted access
Cmnd_Alias ADMIN1PRIVILEDGES = /usr/bin/adduser, /usr/bin/usermod, /usr/bin/addgroup
newuser ALL=(root) ADMIN1PRIVILEGES

Change user home directory
usermod --home /home/newuser newuser

Change user shell
usermod --shell /bin/sh

Add descriptive comment to user
usermod --comment "Here is a new demo user" newuser

Add an account expiry date
usermod --expiredate 2022-12-31 newuser

Lock account
usermod --lock newuser

Unlock account
usermod --unlock newuser

Add a password change policy of 60 days
change --maxdays 60 newuser

Delete user account
deluser newuser

Delete user with all files
deluser -r newuser

Create a group
addgrop newgroup

Delete a group
delgroup newgroup

Add a user to a group
usermod -aG newgroup newuser

Remove a user from a group
deluser newuser newgroup

Change file owner to a user
chown newuser file1.txt

Change file group to a group
chgrp newgroup file1.txt

Change file permissions
chmod a+rwx file1.txt //give read+write+execute to all
chmod u+rwx file1.txt //give read+write+execute to owner
chmod o-w file1.txt //remove write access from others different from file owner and group

Or, in the octal form:
chmod 755 file1.txt //equivalent to u+rwx, g+rx, o+rx

permission bits | binary | octal
--x 001 1
-wx 011 3
rwx 111 7
r-x 101 5
rw- 110 6
r-- 100 4
-w- 010 2

To prevent a user from deleting files owned by other users, set the sticky bit on the directory
chmod o+t directory1

To enable others to access the file with the same permission as the owner
chmod u+s file1.txt //apply the setuid bit

To enable others to access the file with the same permission as the group
chmod g+s file1.txt //apply the setgid bit

Top comments (0)