Permissions, Users and Processes

Permissions, Users and Processes

The Linux Permission System

Linux is a multi-user system. Each file and directory has permissions that control who can read, write or execute.

Understanding Permissions

$ ls -la
-rw-r--r--  1 sacha  dev   4096 mars  28 10:00 config.json
drwxr-xr-x  3 sacha  dev   4096 mars  28 10:00 src/
-rwxr-x---  1 root   admin 8192 mars  28 10:00 deploy.sh

Breakdown: -rw-r--r--

-    rw-    r--    r--
│    │      │      └── Others (other): read only
│    │      └── Group (group): read only
│    └── Owner (user): read + write
└── Type (- = file, d = directory, l = symbolic link)
Letter Meaning On a file On a directory
r Read Read the content List the content
w Write Modify the content Create/delete files
x Execute Run as a program Enter the directory

Numeric (Octal) Notation

Each permission has a value: r=4, w=2, x=1

rwx = 4+2+1 = 7
rw- = 4+2+0 = 6
r-x = 4+0+1 = 5
r-- = 4+0+0 = 4

Common examples:

  • 755rwxr-xr-x — executable scripts, directories
  • 644rw-r--r-- — configuration files
  • 600rw------- — SSH keys, sensitive files
  • 700rwx------.ssh directory

Modifying Permissions

# With symbolic notation
chmod u+x script.sh             # Add execute for owner
chmod g-w fichier.txt           # Remove write for group
chmod o-rwx secret.key          # Remove all for others
chmod a+r document.pdf          # Add read for everyone

# With numeric notation
chmod 755 script.sh
chmod 644 config.json
chmod 600 ~/.ssh/id_rsa

# Recursively
chmod -R 755 /var/www/html/

Changing Ownership

# Change owner
chown sacha fichier.txt
chown sacha:dev fichier.txt     # Owner AND group

# Recursively
chown -R www-data:www-data /var/www/

# Change only the group
chgrp dev projet/

User and Group Management

Users

# View the current user
whoami
id                              # Full details (uid, gid, groups)

# Create a user
sudo useradd -m -s /bin/bash jean    # -m creates home, -s sets the shell
sudo passwd jean                      # Set the password

# Modify a user
sudo usermod -aG docker jean         # Add to the docker group
sudo usermod -s /bin/zsh jean        # Change the shell

# Delete a user
sudo userdel -r jean                 # -r also deletes the home directory

# List users
cat /etc/passwd

Groups

# Create a group
sudo groupadd developpeurs

# Add a user to a group
sudo usermod -aG developpeurs jean

# View a user's groups
groups jean

# List all groups
cat /etc/group

sudo — Run as Administrator

# Run a command as root
sudo apt update
sudo systemctl restart nginx

# Open a root shell (⚠️ use with caution)
sudo -i

# Run as another user
sudo -u postgres psql

Process Management

A process is a running program. Each process has a unique identifier: the PID.

Viewing Processes

# List the user's processes
ps

# All system processes
ps aux
ps aux | grep nginx

# Process tree
pstree

# Real-time monitor
top
htop                            # Enhanced version (needs to be installed)

Understanding ps aux Output

USER     PID  %CPU %MEM    VSZ   RSS TTY  STAT START   TIME COMMAND
root       1   0.0  0.1 169436 13296 ?    Ss   mars27  0:02 /sbin/init
sacha   1234   2.5  1.2 456780 98456 ?    Sl   10:00   0:45 node server.js
www-data 567   0.1  0.3 123456 24680 ?    S    09:30   0:12 nginx: worker
Column Description
USER Process owner
PID Unique identifier
%CPU / %MEM Resource usage
STAT State (S=sleeping, R=running, Z=zombie)
COMMAND Command that started the process

Managing Processes

# Start a process in the background
node server.js &

# View background jobs
jobs

# Bring a job to the foreground
fg %1

# Send to the background
bg %1

# Stop a process
kill 1234                       # TERM signal (graceful stop)
kill -9 1234                    # KILL signal (forced stop)
killall nginx                   # Stop all nginx processes

# Find the PID of a process
pgrep nginx
pidof nginx

Services with systemd

On modern distributions, systemd manages services:

# Manage a service
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl reload nginx      # Reload config without stopping

# Enable/disable at boot
sudo systemctl enable nginx
sudo systemctl disable nginx

# Check the status
sudo systemctl status nginx

# View a service's logs
sudo journalctl -u nginx
sudo journalctl -u nginx -f     # Follow in real time
sudo journalctl -u nginx --since "1 hour ago"

Package Management

On Debian/Ubuntu (apt)

# Update the package list
sudo apt update

# Upgrade installed packages
sudo apt upgrade

# Install a package
sudo apt install nginx curl git

# Remove a package
sudo apt remove nginx
sudo apt purge nginx             # Also remove configuration

# Search for a package
apt search nodejs

On CentOS/Rocky (dnf)

sudo dnf update
sudo dnf install nginx
sudo dnf remove nginx
dnf search nodejs

Best Practices

  1. Principle of least privilege: only grant the permissions that are necessary
  2. Do not use root day-to-day — prefer sudo command by command
  3. Protect SSH keys with chmod 600
  4. Check processes regularly with htop
  5. Use systemd to manage your services in production
  6. Keep the system up to date with regular updates