Skip to main content

Understanding Linux User Rights and Groups

Linux is fundamentally a multi-user system. Everything on the system—files, folders, processes—belongs to a user and a group. Understanding this helps clarify why chmod, chown, and sudo behave the way they do.

Three Permission Categories

Every file or folder defines three categories of owners:

  • User (u): the file owner
  • Group (g): the associated group
  • Others (o): everyone else

For each category, three permissions are possible:

  • r (read): read the file, or list folder contents
  • w (write): modify the file, or create/delete files in the folder
  • x (execute): run the file if it's a script or program, or access the folder if it's a directory
Important Detail

The "x" on a folder doesn't mean "launch" the folder—that concept doesn't exist. It lets you access it (via cd, for example). Without this right, the folder stays visible but inaccessible, even with read permission.

Reading an ls -l Output

The ls -l command returns something like this:

-rwxr-xr-- 1 john devs 4096 Jul 2 10:32 script.sh

Breaking it down:

  • -: file type (- for a regular file, d for a folder, l for a symbolic link)
  • rwx: owner rights (john can read, write, execute)
  • r-x: group rights (devs can read and execute, not write)
  • r--: others' rights (read only)
  • john: the owner
  • devs: the group

This one line tells you exactly who can do what with the file.

Numeric Notation (chmod 755, 644...)

Each permission has a value:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1

These add up based on the desired permissions. rwx equals 4+2+1 = 7, r-x equals 4+1 = 5, r-- equals 4.

So chmod 755 means: owner = 7 (rwx), group = 5 (r-x), others = 5 (r-x). And chmod 644 means: owner = 6 (rw-), group = 4 (r--), others = 4 (r--). Once you understand this logic, you don't need to memorize combinations.

chmod and chown in Practice

chmod changes permissions, chown changes the owner and/or group.

Common scenario: after uploading files via SFTP, a web folder ends up with wrong permissions and the site doesn't display correctly. The typical fix:

# Restore proper permissions to a web folder
sudo chmod -R 755 /var/www/mysite

# Restore the correct owner (web server user, for example www-data)
sudo chown -R www-data:www-data /var/www/mysite

The -R option applies the change recursively to all folder contents.

What Groups Are For

A group lets you assign the same rights to multiple users without managing each permission individually.

Check a user's groups:

groups john
# or
id john

Add a user to an existing group:

sudo usermod -aG devs john

Create a new group:

sudo groupadd devs

Practical Case: Multiple Users on the Same Folder

Say you have a website folder where several developers need write access. The quick fix—but not recommended—is to apply chmod 777.

Why Avoid 777

chmod 777 grants full permissions (read, write, execute) to every user on the system, including any compromised process. This appears to solve the problem but exposes your server to serious security risks. It's a common band-aid fix that usually masks a deeper permissions configuration issue.

The recommended approach uses a shared group:

# Create a dedicated group
sudo groupadd webdevs

# Add each user to the group
sudo usermod -aG webdevs alice
sudo usermod -aG webdevs bob

# Apply the group and rights to the folder
sudo chown -R :webdevs /var/www/mysite
sudo chmod -R 775 /var/www/mysite

Alice and Bob can now write to the folder, while other users have read-only access. This stays secure while avoiding the need for 777.

The Root Case

Root bypasses all these permissions and can read, write, or execute any file regardless of its configuration. This is exactly why you shouldn't work as root permanently—one mistake can break the entire system. We cover this in our article Create a Non-Root User.


Summary

This permission system is the foundation for many common server tasks: creating users, SFTP transfers, general security. To go deeper, check out Create a Non-Root User and our SFTP Connection guide.

Have a Question?

Our team is available on Discord to help you.