Unix or Linux commands for changing user rights

Recently I received the question via email — “…How do I change user rights under UNIX? I am using Red Hat Enterprise Linux and my background includes Windows network…”

This is one of the fundamental questions asked by new Linux system administrators. As many of you may already know, both Linux and Windows are multi-user and control access to resources is based upon user id or usernames. Further users grouped into groups for ease of management and security.

However, Linux (and UNIX) stores and process user database in different format.

The root user

The root user is the super user.
The root user can control entire Linux system including files, process, applications etc. The root user has full access to system.
You should not use root for day-to-day tasks as root has full system access.
Never ever, give root password to anyone.

For more information see What defines a user account?

User database

User database is stored in /etc/passwd file
User passwords and password expiry information stored in /etc/shadow file

Group database

User group information is stored in /etc/group file

UNIX/Linux User rights

There are two types of user rights (traditional):

File level user rights or permissions granted using chmod and chown command
Administrative (root) level rights granted using sudo.

If you type the following command:

$ ls -l

YouÃ¢â‚¬â„¢ll see something like the following:

-rw-r--r-- 1 vivek webusers 14814 2006-07-26 13:25 working-nixcraft.txt

Look at 3rd, 4th and last columns.

vivek is username or the owner of the file (userid)
webusers is group name, so all users in webusers can access file working-nixcraft.txt
working-nixcraft.txt is the file name.

As the root user you can change or setup user file related rights/permission using chmod and chown command.

Task: change file owner and group

Consider following example:

$ ls -l foo.txt

Output:

-rw-r--r-- 1 vivek webgroups 8 2006-08-08 17:57 foo.txt

Change files ownership to tony user:

# chown tony foo.txt
# ls -l foo.txt

Output:

-rw-r--r-- 1 tony webgroups 8 2006-08-08 17:57 foo.txt

Change foo.txt group to ftpusers:

# chown tony:ftpusers foo.txt
# ls -l foo.txt

Output:

-rw-r--r-- 1 tony ftpuseers 8 2006-08-08 17:57 foo.txt

You can also operate on files and directories recursively using -R option. For example setup /var/www/html ownership to user lighttpd including subdirectories:

# chown -R lighttpd /var/www/html

Task: change files access rights/permissions

You need to use chmod command. Please refer the old article – how Linux file permissions work.

Task: Grant administrative rights to a normal user

You need to use sudo tool. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers configuration file. Please refer previous article for more information.

A note for Ubuntu Linux users

You can use chmod and chown command to setup user rights. Make sure you prefix all commands with word (command) sudo:

$ sudo chown tony:ftpusers foo.txt

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

12 comment

This stuff is good for noobs. I wish I had read something like earlier

Cheers

I’d like to know if there is a quick way to Decrease a user’s rights.
I have a user called user3 but I dont want him to be able to edit or change files under /etc or other system files.
In other words I would like to change rights on the user instead of files/folders.
Is it possible?

Thank You in advance!

i have a user user1 to which i want to give Full admin right like root

I would still like to know what rights I need (not root) to:

* monitor the syslog (via remote ssh ability)
* monitor the disks (via remote ssh ability)
* monitor the ProcessUtilization (via remote ssh ability)

very clear, tnkx!

I have a problem…I accidentally typed in ‘chown -R root:www-data *’. I now have 403 Forbidden Errors. How can I redo this?

I have created user using useradd command. But the created user is not having the full rights. What is the solution for that?

is there something like ” sudo chown vinny * “, cos everytime i go to edit a file, i have to chmod it first

Ant says:
April 15, 2011 at 2:41 pm
@Vinny
When you do “sudo chown vinny”, you’re giving rights to that user based on your chmod settings for user. So even thought you specify “vinny” as being the owner, you must still specify the “user” permissions.
chmod -R /directory/somefolder u+rwx i believe this is the correct syntax for changing the “user” to allow read write and execution of all files in somefolder, that “user” being “vinny”.

How do I set user rights for a local linux user to rwx on a CIFS mounted windows share.
All I see is root with full rights. but my other user has no rights.
Please advice.

hows the normal user change our password

alex says:
August 16, 2013 at 4:55 am
passwd “username”
*then the system prompts you for the current password and then the new password

chadrick says:
August 9, 2006 at 8:50 pm
This stuff is good for noobs. I wish I had read something like earlier
Cheers
Matey says:
November 28, 2008 at 3:42 pm
I’d like to know if there is a quick way to Decrease a user’s rights.
I have a user called user3 but I dont want him to be able to edit or change files under /etc or other system files.
In other words I would like to change rights on the user instead of files/folders.
Is it possible?
Thank You in advance!
Sandeep hande says:
March 6, 2009 at 9:09 pm
i have a user user1 to which i want to give Full admin right like root
Richard says:
July 6, 2009 at 8:50 pm
I would still like to know what rights I need (not root) to:
* monitor the syslog (via remote ssh ability)
* monitor the disks (via remote ssh ability)
* monitor the ProcessUtilization (via remote ssh ability)
Ron says:
November 30, 2009 at 7:52 am
very clear, tnkx!
Jonathan says:
December 15, 2009 at 5:37 pm
I have a problem…I accidentally typed in ‘chown -R root:www-data *’. I now have 403 Forbidden Errors. How can I redo this?
Vaibhav says:
May 25, 2010 at 8:02 am
I have created user using useradd command. But the created user is not having the full rights. What is the solution for that?
Vinny Benson says:
March 13, 2011 at 4:12 pm
is there something like ” sudo chown vinny * “, cos everytime i go to edit a file, i have to chmod it first
1. Ant says:
  April 15, 2011 at 2:41 pm
  @Vinny
  When you do “sudo chown vinny”, you’re giving rights to that user based on your chmod settings for user. So even thought you specify “vinny” as being the owner, you must still specify the “user” permissions.
  chmod -R /directory/somefolder u+rwx i believe this is the correct syntax for changing the “user” to allow read write and execution of all files in somefolder, that “user” being “vinny”.
Benny says:
February 10, 2012 at 8:37 pm
Hi
How do I set user rights for a local linux user to rwx on a CIFS mounted windows share.
All I see is root with full rights. but my other user has no rights.
Please advice.
amit says:
January 16, 2013 at 2:26 pm
hows the normal user change our password
1. alex says:
  August 16, 2013 at 4:55 am
  passwd “username”
  *then the system prompts you for the current password and then the new password

Have a question? Post it on our forum!