Understanding Linux User Rights and Groups
Linux is fundamentally a multi-user system. Everything on the system—files, folders, processes—belongs to a user and a
group. Understanding this helps clarify why chmod, chown, and sudo behave the way they do.
Three Permission Categories
Every file or folder defines three categories of owners:
- User (u): the file owner
- Group (g): the associated group
- Others (o): everyone else
For each category, three permissions are possible:
- r (read): read the file, or list folder contents
- w (write): modify the file, or create/delete files in the folder
- x (execute): run the file if it's a script or program, or access the folder if it's a directory
The "x" on a folder doesn't mean "launch" the folder—that concept doesn't exist. It lets you access it (via cd, for
example). Without this right, the folder stays visible but inaccessible, even with read permission.
Reading an ls -l Output
The ls -l command returns something like this:
-rwxr-xr-- 1 john devs 4096 Jul 2 10:32 script.sh
Breaking it down:
-: file type (-for a regular file,dfor a folder,lfor a symbolic link)rwx: owner rights (john can read, write, execute)r-x: group rights (devs can read and execute, not write)r--: others' rights (read only)john: the ownerdevs: the group
This one line tells you exactly who can do what with the file.
Numeric Notation (chmod 755, 644...)
Each permission has a value:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
These add up based on the desired permissions. rwx equals 4+2+1 = 7, r-x equals 4+1 = 5, r-- equals 4.
So chmod 755 means: owner = 7 (rwx), group = 5 (r-x), others = 5 (r-x). And chmod 644 means: owner = 6 (rw-),
group = 4 (r--), others = 4 (r--). Once you understand this logic, you don't need to memorize combinations.
chmod and chown in Practice
chmod changes permissions, chown changes the owner and/or group.
Common scenario: after uploading files via SFTP, a web folder ends up with wrong permissions and the site doesn't display correctly. The typical fix:
# Restore proper permissions to a web folder
sudo chmod -R 755 /var/www/mysite
# Restore the correct owner (web server user, for example www-data)
sudo chown -R www-data:www-data /var/www/mysite
The -R option applies the change recursively to all folder contents.
What Groups Are For
A group lets you assign the same rights to multiple users without managing each permission individually.
Check a user's groups:
groups john
# or
id john
Add a user to an existing group:
sudo usermod -aG devs john
Create a new group:
sudo groupadd devs
Practical Case: Multiple Users on the Same Folder
Say you have a website folder where several developers need write access. The quick fix—but not recommended—is to apply
chmod 777.
chmod 777 grants full permissions (read, write, execute) to every user on the system, including any compromised
process. This appears to solve the problem but exposes your server to serious security risks. It's a common band-aid fix
that usually masks a deeper permissions configuration issue.
The recommended approach uses a shared group:
# Create a dedicated group
sudo groupadd webdevs
# Add each user to the group
sudo usermod -aG webdevs alice
sudo usermod -aG webdevs bob
# Apply the group and rights to the folder
sudo chown -R :webdevs /var/www/mysite
sudo chmod -R 775 /var/www/mysite
Alice and Bob can now write to the folder, while other users have read-only access. This stays secure while avoiding the need for 777.
The Root Case
Root bypasses all these permissions and can read, write, or execute any file regardless of its configuration. This is exactly why you shouldn't work as root permanently—one mistake can break the entire system. We cover this in our article Create a Non-Root User.
Summary
This permission system is the foundation for many common server tasks: creating users, SFTP transfers, general security. To go deeper, check out Create a Non-Root User and our SFTP Connection guide.
Our team is available on Discord to help you.