Understanding Linux User Permissions

On dedicated servers running Linux or Unix-like operating systems, the default user account has limited permissions. This is a security measure that prevents an average user from wreaking havoc on an otherwise properly functioning server.

In order to perform administrative tasks, a user needs to login as root. On most servers, it is common practice for the user to login as a normal user and then become root, rather than logging in directly as root. In fact, one good security practice is to disable root logins for SSH completely. That way, even if someone is able to guess the root password (which ideally they won’t if you have taken the proper precautions), they will not be able to login as root and do damage to your server.

In order to determine which files users can manage, Linux uses a system of groups and ownership of files. Any user can belong to any group, and by default, a user may belong to many groups for different services. Naturally, the root group is reserved only for the root user. Any file that is owned by root and is set to the root group can only be read, modified, or deleted by root.

Despite the ownership restrictions, a user who owns a file can also grant permissions using chmod. For example, the root user may grant read permissions to people in a certain group and to any other user. Files that are readable on the web must have global read permissions. Write permissions, on the other hand, should only be used when absolutely necessary. Generally, files should not have global write permissions. For more information about Linux file permissions, see this article at Linux.com.