Linux User and Permission Commands

Linux separates identity (users, groups) from authorization (sudo, file modes, ACLs). useradd and usermod create and adjust accounts; passwd and chage manage passwords and expiry. groups shows supplementary groups; id prints uid/gid context. sudo elevates commands with rules in /etc/sudoers—always edit with visudo. POSIX ACLs via setfacl grant fine-grained rights beyond owner/group/other.

Task	Command	Caution
Add user	useradd -m -s /bin/bash name	Home defaults vary by distro
Sudo rule	visudo	Syntax errors lock admins out
ACL grant	setfacl -m u:user:rwx path	Backup tools must preserve ACLs

chmod, chmod 777, sudo, security commands

Every user has one primary gid; supplementary groups grant additional file access without changing the primary gid.

Use a sudoers drop-in with command paths—avoid blanket NOPASSWDALL unless required.

When multiple users or groups need different rights on the same path without awkward ownership churn.

Appends supplementary groups—without -a you may replace the entire group list.

Inspect /etc/sudoers and /etc/sudoers.d with visudo -c and review group memberships in LDAP if used.

It prevents password login while preserving data—pair with SSH key-only policies thoughtfully.

Password aging and account expiry—useful for contractor accounts and rotation policies.

nsswitch.conf can source users from files, LDAP, or SSS—local commands still query the same APIs.

Task	Command	Caution
Add user	useradd -m -s /bin/bash name	Home defaults vary by distro
Sudo rule	visudo	Syntax errors lock admins out
ACL grant	setfacl -m u:user:rwx path	Backup tools must preserve ACLs