Managing users and permissions Linux VPS requires all the help you can get. This assistance would help you secure your server from unauthorized access.
This guide provides everything you need to use commands and manage group memberships. It also teaches you how to secure your digital environment.
Managing users and permissions is essential for maintaining security and control on a Linux VPS. The comparison table below highlights VPS hosting providers that support secure configurations and stable multi user environments. These providers make it easier to implement proper access control without affecting performance. Explore our recommended VPS hosting options.
Linux VPS Hosting Providers Built for Secure Access and User Management
| Provider | User Rating | Recommended For | |
|---|---|---|---|
 | 4.8 | Scalability | Visit Kamatera |
 | 4.6 | Affordability | Visit Hostinger |
 | 4.7 | Developers | Visit IONOS |
Why Managing Users and Permissions Linux VPS is Crucial
Your Linux VPS needs strict user account management to ensure adequate security. Controlling access prevents unauthorized users from checking sensitive data. It also stops them from adjusting critical system files.
In addition, proper permission management enables collaboration. Your development team can access application files without touching database configurations.
Beyond this, you can avoid system-wide damage by limiting root access. You reduce accidental security risks and exhausting system resources.
Most importantly, you can monitor actions with individual user logins and sudo tracking. This audit trail is crucial to troubleshooting or investigating security threats.
Understanding the Types of User Accounts
The first step to managing users and permissions on Linux VPS hosting is identifying the various accounts.
Regular Users vs. System Users
The Linux server maintains regular user accounts for human interaction. These accounts have a unique user ID between 1000 and 59999.
Any account you create for yourself or a team member is a regular user. It receives a home directory and a login shell. You also gain the ability to verify with a user password.
Meanwhile, system users are responsible for background services and applications. These accounts cover web servers, databases, and other daemons. Their UIDs are between 0-99 or 100-999, depending on the distribution.
It is vital to also mention the “nobody” account with UID 65534. This account represents a user with few privileges. It comes in handy for dropping privileges for security. The passwd manual covers in-depth technical details of the entire user structure.
Understanding the Role of the Root User
The root user is the highest authority in a Linux environment. This account has UID 0. It can bypass all permission checks. It can adjust any file and modify the whole system.
By default, Ubuntu and modern distributions disable direct root login. Instead, use the sudo command to run administrative tasks. This approach provides necessary access and maintains security.
The sudo system allows you to see who performed an administrative action. It enables you to maintain system security across multiple servers.
Run this command to lock the root password:
sudo passwd -l root
This action forces every administration through sudo-enabled user accounts.
Navigating the Linux Environment for Administration
Let’s show you how to gain control of your server environment.
Setting Up a Playground Directory
First, create a safe testing environment to protect important files while you learn.
Start with your playground:
mkdir ~/playground
cd ~/playground
Keep building nested structures to understand directory permissions:
mkdir -p Resources/data/2020data
The -p flag automatically creates directories. You need this to organize complex file hierarchies quickly.
Create test files:
touch file1 file2 file3
These empty files let you practice changing permissions. Cleanup after testing:
rm -fR ~/playground
Identifying Users and Group ID via /etc/passwd
The /etc/passwd file saves vital information about all user accounts. However, it doesn’t contain encrypted passwords.
List every local user:
cat /etc/passwd | cut -d : -f 1
This takes only the usernames from the colon-delimited file. Both regular users and system users will mix.
Check UIDs for only regular users:
cat /etc/passwd | cut -d : -f 1,3 | grep -E ‘:[0-9]{4,}’
This shows users with UIDs that contain 4 or more digits.
The getent passwd command provides a single view for environments that use Lightweight Directory Access Protocol or Active Directory. It queries all configured sources.
The nsswitch.conf manual explains how your system finds user information.
Effective Managing Users Workflows
The next step is to manage users’ workflows.
Adding New Users with useradd and adduser
Creating new user accounts is critical. Linux provides two different commands to achieve this.
Your friendly option is the adduser command:
sudo adduser username
This script prompts the user for their password, full name, and other details. It automatically copies files from /etc/skel to create a home directory. It then sets up a primary group and configures needed defaults.
The useradd command requires explicit flags for most options. This makes it perfect for automation but less simple for manual use.
Use adduser for routine user account management. Plus, the adduser.conf manual provides configuration options, such as UID ranges.
Ultahost
Securely Deleting User Accounts
You must carefully remove user accounts to prevent potential security risks.
The basic deletion command is:
sudo deluser username
This deletes the user and their primary group. But the home directory remains. This design helps prevent data loss but may lead to potential security issues.
Files owned by deleted user accounts show only numeric UIDs. Prevent this by reassigning new owners:
sudo chown -R root:root /home/username/
Also, check for active sessions before deleting user accounts to avoid problems:
w | grep username
Ask the user to log out or end their sessions if needed. You should also move home directories to a backup location before deletion, unless you’re using automated backups.
Group Management and Group Memberships
Groups let you easily control access to shared resources.
Creating and Deleting User Groups
Assign permissions for user groups within your team at once. This enables every member to gain automatic permissions.
Create groups with:
sudo addgroup groupname
Each group has a specific role or access level in Linux systems. Remove unnecessary groups with:
sudo delgroup groupname
Managing Your Primary Group and Secondary Memberships
Every account belongs to a primary group with the same name as the username. By default, files created by that user belong to this group.
Secondary groups give more access. A user can belong to their personal group, the developers group, the sudo group, and the www-data group at the same time.
To add a user to a secondary group:
sudo adduser username groupname
This command adjusts user accounts while keeping the primary group unchanged. The user gains access to that group’s shared resources.
Group memberships define each user’s access to shared resources. Adding users to the sudo group means granting root access on Ubuntu systems:
sudo adduser username sudo
The user must log out and back in for group changes to take effect.
Strengthening User Authentication and Security
Security is a crucial part of Linux user management.
Enforcing a Strict User Password Policy
Your Linux server has tools to enforce stronger password policies. You will find the default minimum password length in /etc/pam.d/common-password. Naturally, it is six characters. This format is too weak for modern security standards.
Increase the minimum by editing this file:
minlen=8
You can set it to 12 or more characters for stronger passwords.
Beyond this, password ageing requires regular password changes. Check current user settings:
sudo chage -l username
Adjust maximum password age to 90 days:
sudo chage -M 90 username
This duration reduces the window for hacked credentials to cause damage.
Include complexity rules, expiration policies, and account lockouts after failed attempts. All of these create a solid user authentication system.
Managing Sudo Privileges and sudo-rs
Authorized users gain temporary elevated privileges with sudo commands. Modern Linux systems rely on it to secure system administration.
Ubuntu 25.10 introduced a Rust-based reimplementation of sudo called sudo-rs. This new version aims to improve security by using memory safety.
Switch between implementations with:
update-alternatives –config sudo
You will better understand the technical improvements in the sudo-rs documentation.
In addition, never use a text editor to edit /etc/sudoers. Always use:
visudo
This command reviews syntax before saving. A malformed sudoers file can completely revoke your administrative access.
Add users to the sudo group to grant sudo access. Keep sudoers changes for cases requiring specific command limitations.
How to Set Permissions for Files and Folders
A crucial part of managing users and permissions Linux VPS is file access.
Viewing Current Permissions with ls -l
Understanding existing permissions to manage them effectively. Use the ls -l command in your playground directory to see everything:
ls -l
The output reveals each file’s permissions, ownership, size, and modification time. The permission string is in the first column.
The first character means file type. This means – for regular files, d for directories, and l for symbolic links. The following nine characters show permissions in three groups of three.
For example:
-rw-r—–
The file owner can read and write, and the group can only read. Other users don’t have any access.
Using chown to Change File Ownership
Controlling a file’s permissions depends on file ownership. Users gain this control with the chown command.
Change the owner:
chown user02 file1
User02 now owns the file and can adjust its permissions. Update the owner and group at once to save time:
chown user: group filename
Changes are recursive with the -R flag:
chown -R www-data:www-data /var/www/html
This command is crucial for moving web files between users. It also helps to fix file permission issues after transfers.
Utilizing chgrp for Group Management
The chgrp command changes group ownership without touching the user owner. Change a file’s group:
chgrp groupB file1
This change affects which users can access the file using group permissions.
You can also use chown with colon syntax:
chown :groupA file1
Both commands are crucial for rearranging team access.
Mastering the chmod Command Modes
Efficient user management depends on expert use of the chmod command.
Using Absolute (Octal) Mode for Quick Changes
The chmod command sets read, write, and execute permissions. Octal mode sets the appropriate permissions with three-digit numbers.
Each digit represents the user (owner), group, and others. Add permission values to calculate each digit:
- Read = 4
- Write = 2
- Execute = 1
The table below explains how the math works:
| Identity | Position | Octal Calculation | Final Permission |
| User (Owner) | First Digit | 4+2+1 | 7 (rwx) |
| Group | Middle Digit | 4+0+0 | 4 (r–) |
| Others | Last Digit | 0+0+0 | 0 (—) |
Set permissions with:
chmod 740 filename
Common permission sets for regular files include 644 (owner writes, everyone reads). There is also 755 for executable files and directories.
Using Symbolic Mode for Targeted Updates
Symbolic mode accurately modifies specific permissions without affecting others.
It uses letters and operators:
- Identities: u (user), g (group), o (others), a (all)
- Operators: + (add), – (remove), = (set exactly)
- Permissions: r (read), w (write), x (execute)
Include group read and write:
chmod g+rw file2
This modifies only the group permissions.
Remove all access for others:
chmod o-rwx Resources
Set the right permissions for everyone:
chmod a=r file3
The equals operator replaces existing permissions. Now everyone can read, but can’t write or execute.
Understanding Read, Write, and Execute (rwx)
You must understand permission letters to grant proper access control to Linux administrators.
Permissions for Files vs. Directories
The same permission letters have different meanings for files and directories.
- Read (r): This allows you to view the contents of files. But it allows listing directory contents with ls. Read directory permission opens files contents.
- Write (w): It enables modifications to files. Meanwhile, it controls the creation, deletion, and renaming of files within directories. However, you need write permission on the directory to delete a file.
- Execute (x): It enables running scripts or binaries on files. It permits “entering” with cd in directories. You need execute permission to access files inside a directory.
The Permission Check Order
Linux checks permissions in a specific order.
First, apply user permissions and stop checking if the user is the owner. Second, apply group permissions and stop if the user is in the group. Third, apply other permissions to capture everyone who isn’t the owner or a member of the group.
This check order is crucial for troubleshooting user access issues.
Advanced Concepts: Special Permissions and ACLs
Understanding advanced permissions concepts is crucial to simplifying user management.
SUID, SGID, and the Sticky Bit
Linux offers three special permissions that impact behaviour.
- SUID (Set User ID): This makes executable files run with the owner’s privileges. Regular users can change their passwords because the passwd command runs with SUID.
- SGID (Set Group ID): SGID on directories forces new files to gain the directory’s group. This automatically organizes all files in the project group.
- Sticky Bit: This limits deletion on directories. Only the file owner can delete files. The /tmp directory stops users from deleting each other’s files with this.
Understand the special permissions documentation to use them for advanced cases.
Implementing Role-Based Access Control with ACLs
Standard Linux permissions limit each file to a single owner and a single group. But Access Control Lists allow granting different permissions to many users and groups on the same file.
Give UserA read-write access and UserB read-only access. Do this without changing the base permissions.
See ACLs with:
getfacl filename
Adjust them with:
setfacl -m u:username:rw filename
This ease makes role-based access control possible on Linux systems. You can create different permission structures for team members. This gives them different access levels to shared resources.
Building Your Online Presence with a High-Performance VPS
You need to create a website to move from configuration to creation. Top website builders like Hostinger and IONOS provide simple tools.
You can also hire experts on Fiverr and Upwork for more complex needs. Combine this with the best web hosting to expand your project.
After this, you need to choose the right support between managed and unmanaged VPS. A proper VPS comparison should help you choose the right providers.
Conclusion
Managing users and permissions Linux VPS improves collaboration and minimizes security risks. By understanding and following commands, you can modify user accounts and manage access. This knowledge ensures that only authorized users access sensitive data for every VPS use case.
Next Steps: What Now?
Follow these steps to manage users and permissions:
- Create a test environment.
- Identify users and group ID.
- Add new users and create new groups.
- Manage primary and secondary groups.
- Implement password policy and sudo privileges.
- Set file permissions and change ownership.
- Review the permission order.
- Grant special permissions.
