Skip to main content

Understanding Owners, Groups, and Everybody Else in Linux File Permissions

Linux, as a Unix-like operating system, has a robust system for file permissions. Understanding file permissions is crucial for anyone who wants to use Linux effectively. The permissions framework is built around three distinct entities: Owners, Groups, and Everybody Else. In this article, we will explore these categories in detail, providing relevant examples along the way.

Explanation of the Graph Elements:

  • File or Directory in Linux: The central node that represents any file or directory in a Linux system.

  • Owner, Group, Everybody Else: These are the three entities that can have permissions set on the file or directory.

  • Read, Write, Execute: These are the types of permissions that can be granted to each of the three entities.

This graph provides a simplified yet comprehensive view of how permissions are structured in Linux. It shows that each file or directory has separate permissions that can be configured for the Owner, the Group, and Everybody Else, and that each of these entities can have Read, Write, and/or Execute permissions set individually.

Owners

In Linux, every file and directory has an "owner," which is usually the user who created the file. The owner has the ability to read, write, and execute the file by default, and also to change the permissions of the file.

Example:

Let's assume you have a file named example.txt. To see the file's owner, you can use the ls -l command:

$ ls -l example.txt
-rw-r--r-- 1 alice users 0 Sep  1 12:34 example.txt

In this example, alice is the owner of the file.

Groups

Every user in a Linux system belongs to one or more 'groups'. Groups are a way to organize users and grant collective permissions. A file in Linux not only has an owner but also an associated group. Members of this group usually have the same permissions to the file, separate from the owner and everybody else.

Example:

Using the same example.txt file:

$ ls -l example.txt
-rw-r--r-- 1 alice users 0 Sep  1 12:34 example.txt

Here, users is the group associated with the file.

Everybody Else

This category is essentially a catch-all for users who are not the owner of the file or a member of the associated group. Linux allows you to set specific permissions for everybody else, different from those set for the owner and the group.

Displaying Current Permissions

Firstly, let's assume the current permissions on example.txt are displayed as follows when you run the ls -l command:

$ ls -l example.txt
-rw-r----- 1 alice users 0 Sep  1 12:34 example.txt

Here, the permissions string -rw-r----- indicates the following:

  • rw- for the owner alice: Read and Write, no Execute.
  • r-- for the group users: Read, no Write, no Execute.
  • --- for "Everybody Else": No Read, no Write, no Execute.

Where Does Linux Save This Information

In Linux, information about users and their groups is primarily stored in plain text files located in the /etc/ directory. These files are:

  1. /etc/passwd: Contains user account information.
  2. /etc/shadow: Contains encrypted passwords and other information related to user authentication.
  3. /etc/group: Contains group definitions.
  4. /etc/gshadow: Contains encrypted group passwords and other group information.

Here's how they would look in a simplified Bash tree structure:

/etc/
├── passwd
├── shadow
├── group
└── gshadow

Explanation of Each File:

  • /etc/passwd: This file contains one line for each user account, with seven fields delimited by colons. These fields contain information like username, user ID (UID), group ID (GID), home directory, and the shell.

    Example entry:

    alice:x:1001:1001:Alice,,,:/home/alice:/bin/bash

  • /etc/shadow: This file contains encrypted password data and other information such as password expiration policies for user accounts.

    Example entry:

    alice:$6$T7xVb....:18319:0:99999:7:::

  • /etc/group: This file contains one line for each group, with four fields delimited by colons: group name, password, group ID (GID), and users who are members of the group.

    Example entry:

    users:x:1001:alice,bob

  • /etc/gshadow: Like /etc/group, but includes encrypted passwords for groups.

    Example entry:

    users:!::alice,bob

These files can be read and edited manually (usually requiring root privileges), or manipulated programmatically through various command-line utilities like useradd, usermod, groupadd, passwd, etc. Always exercise caution when editing these files, as incorrect changes can result in system instability or compromised security.

What Can You Do Next 🙏😊

If you liked the article, consider subscribing to Cloudaffle, my YouTube Channel, where I keep posting in-depth tutorials and all edutainment stuff for software developers.

YouTube @cloudaffle