Security

Users and Permissions

How to manage Linux users, groups and file permissions on your server

User Management

Create a New User

# Create user with home directory
adduser username

# Non-interactive version
useradd -m -s /bin/bash username
passwd username

Delete a User

# Delete user but keep home
userdel username

# Delete user and their home directory
userdel -r username

List System Users

cat /etc/passwd | grep -v nologin | grep -v false

Sudo Privileges

Add User to Sudo Group

# Debian/Ubuntu
usermod -aG sudo username

# CentOS/AlmaLinux
usermod -aG wheel username

Verify User Can Use Sudo

su - username
sudo whoami
# should respond: root

Sudo Without Password (For Automated Scripts)

nano /etc/sudoers.d/username

Add:

username ALL=(ALL) NOPASSWD:ALL

Passwordless sudo is convenient but increases risk if the account is compromised. Use it only for dedicated system users running automated tasks, not for real users.

File Permissions

Linux uses a permission system based on three subjects: owner (u), group (g), and others (o).

View Permissions

ls -la /path/file

Example output:

-rw-r--r-- 1 www-data www-data 1234 Mar 28 10:00 index.html
drwxr-xr-x 2 root     root     4096 Mar 28 09:00 config/

The first field (e.g., -rw-r--r--) indicates:

  • Position 1: type (- = file, d = directory, l = symlink)
  • Positions 2-4: owner permissions (rw- = read+write)
  • Positions 5-7: group permissions (r-- = read only)
  • Positions 8-10: others permissions (r-- = read only)

Change Permissions

# Numeric (most common)
chmod 755 file       # rwxr-xr-x: public directory
chmod 644 file       # rw-r--r--: text file
chmod 600 file       # rw-------: private file (SSH keys)
chmod 777 file       # rwxrwxrwx: all permissions (avoid!)

# Symbolic
chmod u+x script.sh     # Add execute to owner
chmod g-w file.txt      # Remove write from group
chmod o-r file.txt      # Remove read from others

# Recursive (entire folder)
chmod -R 755 /var/www/html/

Change Owner

# Change owner and group
chown www-data:www-data file.html

# Recursive
chown -R www-data:www-data /var/www/html/
TypePermissionCommand
Site directory755chmod -R 755 /var/www/html/
PHP/HTML files644chmod -R 644 /var/www/html/*.php
Config files600chmod 600 .env
Executable scripts755chmod 755 script.sh
Upload directory775chmod 775 uploads/
# Typical configuration for a website with Nginx/Apache
chown -R www-data:www-data /var/www/mysite/
find /var/www/mysite/ -type d -exec chmod 755 {} \;
find /var/www/mysite/ -type f -exec chmod 644 {} \;

Groups

# Create a group
groupadd groupname

# Add user to a group
usermod -aG groupname user

# See user's groups
groups username

# See all groups
cat /etc/group

Change SSH Port

How to change SSH port to reduce automatic brute force attempts from bots and scanners on the internet

Automatic Security Updates

How to configure automatic security updates on Debian, Ubuntu and CentOS

On this page

User ManagementCreate a New UserDelete a UserList System UsersSudo PrivilegesAdd User to Sudo GroupVerify User Can Use SudoSudo Without Password (For Automated Scripts)File PermissionsView PermissionsChange PermissionsChange OwnerRecommended Permissions for WebsitesGroups