Security·3 min lezen

Users and Permissions

How to manage Linux users, groups and file permissions on your server

User Management

Create a New User

bash

# Create user with home directory
adduser username

# Non-interactive version
useradd -m -s /bin/bash username
passwd username

Delete a User

bash

# Delete user but keep home
userdel username

# Delete user and their home directory
userdel -r username

List System Users

bash

cat /etc/passwd | grep -v nologin | grep -v false

Sudo Privileges

Add User to Sudo Group

bash

# Debian/Ubuntu
usermod -aG sudo username

# CentOS/AlmaLinux
usermod -aG wheel username

Verify User Can Use Sudo

bash

su - username
sudo whoami
# should respond: root

Sudo Without Password (For Automated Scripts)

bash

nano /etc/sudoers.d/username

Add:

username ALL=(ALL) NOPASSWD:ALL

Passwordless sudo is convenient but increases risk if the account is compromised. Use it only for dedicated system users running automated tasks, not for real users.

File Permissions

Linux uses a permission system based on three subjects: owner (u), group (g), and others (o).

View Permissions

bash

ls -la /path/file

Example output:

-rw-r--r-- 1 www-data www-data 1234 Mar 28 10:00 index.html
drwxr-xr-x 2 root     root     4096 Mar 28 09:00 config/

The first field (e.g., -rw-r--r--) indicates:

Change Permissions

bash

# Numeric (most common)
chmod 755 file       # rwxr-xr-x: public directory
chmod 644 file       # rw-r--r--: text file
chmod 600 file       # rw-------: private file (SSH keys)
chmod 777 file       # rwxrwxrwx: all permissions (avoid!)

# Symbolic
chmod u+x script.sh     # Add execute to owner
chmod g-w file.txt      # Remove write from group
chmod o-r file.txt      # Remove read from others

# Recursive (entire folder)
chmod -R 755 /var/www/html/

Change Owner

bash

# Change owner and group
chown www-data:www-data file.html

# Recursive
chown -R www-data:www-data /var/www/html/

Position 1: type (- = file, d = directory, l = symlink)
Positions 2-4: owner permissions (rw- = read+write)
Positions 5-7: group permissions (r-- = read only)
Positions 8-10: others permissions (r-- = read only)

Recommended Permissions for Websites

Type	Permission	Command
Site directory	`755`	`chmod -R 755 /var/www/html/`
PHP/HTML files	`644`	`chmod -R 644 /var/www/html/*.php`
Config files	`600`	`chmod 600 .env`
Executable scripts	`755`	`chmod 755 script.sh`
Upload directory	`775`	`chmod 775 uploads/`

bash

# Typical configuration for a website with Nginx/Apache
chown -R www-data:www-data /var/www/mysite/
find /var/www/mysite/ -type d -exec chmod 755 {} \;
find /var/www/mysite/ -type f -exec chmod 644 {} \;

Groups

bash

# Create a group
groupadd groupname

# Add user to a group
usermod -aG groupname user

# See user's groups
groups username

# See all groups
cat /etc/group

Base Server Hardening

Checklist of fundamental security operations to secure a new VPS before putting it into production

3 min lezen

Security

Fail2ban: Brute Force Protection

How to install and configure Fail2ban to protect your server from SSH and web brute force attacks

2 min lezen

Security

Change SSH Port

How to change SSH port to reduce automatic brute force attempts from bots and scanners on the internet

2 min lezen

Terug naar Documentatie

DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.

Alle systemen operationeel

Animaties inschakelen