I used to treat Linux permissions like an annoying warning I had to get around.
“Oh, permission denied? Just slap a
chmod 777on it and move on.”
Yeah… I’ve been that person. 😅
It wasn’t until I accidentally gave full write access to a shared directory (and someone deleted half the files) that I realized: Linux permissions are not optional. They’re essential.
Here’s how I learned to manage users and permissions the right way — and the lessons that stuck.
Lesson 1 — Not Everyone Needs to Be sudo
When I first started managing a team server, I gave everyone sudo access because it was “easier.”
Big mistake.
Now? I follow this rule:
Only give sudo to people who absolutely need it.
Everyone else gets their own user account, with just the permissions they need.
adduser devuser
Want to give sudo?
usermod -aG sudo devuser
Don’t want to? Just leave them as-is. It’s safer.
Lesson 2 — Use Groups Like a Pro
Linux has this beautiful concept called groups — and I ignored it for years.
Now, I structure access like this:
- Group:
webdev→ for people who manage web files - Group:
dbadmin→ for those who handle databases - Group:
media→ for uploading and media content
groupadd webdev
usermod -aG webdev alice
usermod -aG webdev bob
Then I set folder ownership like this:
chown -R root:webdev /var/www/html
chmod -R 770 /var/www/html
Boom — only webdev group members can touch it.
Lesson 3 — Know Your chmod
Here’s the simple mental model I use now:
7 = read + write + execute6 = read + write5 = read + execute4 = read only0 = no access
When setting permissions, think:
chmod 750 filename
That means:
- Owner: full access
- Group: read + execute
- Others: no access
This one habit saved me from so many “oops” moments.
Lesson 4 — Sticky Bit for Shared Folders
Ever needed a shared directory where users can write, but only delete their own files?
Enter the sticky bit:
chmod +t /shared/folder
Now, even if multiple users can write to the same folder, they can’t delete each other’s files. Clean and safe.
Lesson 5 — Audit Regularly
Every month or so, I run a little audit:
getent passwd | grep /home
This shows all users with home directories (i.e., human users). I check if any are no longer in use.
And for permissions, I use:
ls -l /some/folder
If I see anything like -rwxrwxrwx (aka 777) — red flag.
Final Thought
Managing users and permissions isn’t just for big companies or security freaks. It’s part of running a responsible Linux environment.
The good news? You don’t need to be an expert. Just start small:
✅ Create users properly
✅ Use groups intentionally
✅ Set correct permissions
✅ Review regularly
Once I embraced this mindset, my server stopped feeling like a messy junk drawer and started feeling like a system I could trust.
Leave a Comment