How to Modify User Permissions in Debian 12 Bookworm

Learn how to modify user permissions in Debian 12 Bookworm.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Managing user permissions effectively is crucial for securing your Debian 12 Bookworm system. Linux permissions determine what actions users can perform on files, directories, and system resources. In this guide, we will cover various methods for modifying user permissions, including changing ownership, modifying file permissions, and managing group memberships.

Understanding User Permissions in Linux

Linux employs a permission model that consists of three entities:

  1. Owner - The user who owns the file or directory.
  2. Group - A set of users who share access to the file or directory.
  3. Others - All other users who are not the owner or part of the group.

Each file and directory has three types of access permissions:

  • Read (r) - Allows viewing file contents.
  • Write (w) - Allows modifying file contents.
  • Execute (x) - Allows executing files (if they are scripts or binaries) or accessing directories.

These permissions are represented numerically (e.g., 755, 644) or symbolically (e.g., rwxr-xr--).

Checking User Permissions

Before modifying permissions, it is important to check the current user and group ownership of files. Use the following commands:

ls -l filename

This command will output something like:

-rw-r--r-- 1 user group 1024 Mar 28 12:30 example.txt

Here:

  • The first character (-) indicates a regular file.
  • rw- (owner), r-- (group), and r-- (others) specify the permissions.
  • user is the owner, and group is the assigned group.

Changing File and Directory Permissions

Using chmod to Modify Permissions

The chmod command is used to modify file permissions. You can change permissions using numeric or symbolic notation.

Numeric Notation

Each permission is represented by a number:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1

To set specific permissions, sum these values. For example:

  • 755 (Owner: rwx = 7, Group: r-x = 5, Others: r-x = 5)
  • 644 (Owner: rw- = 6, Group: r-- = 4, Others: r-- = 4)

To apply permissions:

chmod 755 script.sh
chmod 644 document.txt

Symbolic Notation

Permissions can also be set using symbolic characters:

chmod u+x script.sh  # Add execute permission for the owner
chmod g-w file.txt   # Remove write permission for the group
chmod o+r document.txt  # Add read permission for others

Changing Ownership with chown

The chown command changes file ownership:

chown newuser filename

To change both the owner and group:

chown newuser:newgroup filename

To recursively change ownership in a directory:

chown -R newuser:newgroup /path/to/directory

Changing Group Ownership with chgrp

To modify only the group ownership:

chgrp newgroup filename

For recursive changes:

chgrp -R newgroup /path/to/directory

Managing User Groups and Permissions

Adding a User to a Group

To grant permissions to a user via group membership, add them to the group using the usermod command:

usermod -aG groupname username

Example:

usermod -aG sudo john

This adds john to the sudo group, allowing administrative privileges.

Removing a User from a Group

To remove a user from a group:

gpasswd -d username groupname

Example:

gpasswd -d john sudo

Listing Group Memberships

To check a user’s group memberships:

groups username

or

id username

Setting Special Permissions

SUID (Set User ID)

The SUID permission allows a script or binary to run with the file owner’s privileges:

chmod u+s filename

Example:

chmod u+s /usr/bin/passwd

SGID (Set Group ID)

The SGID bit ensures that new files in a directory inherit the group of the parent directory:

chmod g+s directoryname

Sticky Bit

The sticky bit prevents users from deleting files owned by others in shared directories:

chmod +t /tmp

Granting and Revoking Sudo Privileges

Granting Sudo Access

To give a user administrative privileges, add them to the sudo group:

usermod -aG sudo username

To verify sudo access:

sudo whoami

If the output is root, the user has sudo access.

Revoking Sudo Access

To remove sudo privileges:

deluser username sudo

Best Practices for Managing Permissions

  1. Use Least Privilege Principle - Only grant the necessary permissions.

  2. Regularly Audit Permissions - Use ls -l and find commands to review file permissions.

  3. Restrict Sudo Access - Avoid adding unnecessary users to the sudo group.

  4. Use Groups Effectively - Instead of assigning permissions to individual users, create groups for different roles.

  5. Protect Critical Files - Set immutable attributes using chattr:

    chattr +i important_file

Conclusion

Understanding and modifying user permissions in Debian 12 Bookworm is essential for maintaining a secure and efficient system. By leveraging commands like chmod, chown, and usermod, you can fine-tune user access and protect sensitive data. Following best practices ensures that your system remains secure while providing necessary access to authorized users.


< How to Delete a User Account in Debian 12 BookwormHow to Add a User to the Sudoers File in Debian 12 Bookworm System >