Skip to main content

UD05 - Users, Groups, and Permissions

One of the most important mechanisms for proper operating system management is the use of users, groups, and their associated permissions.

Unit Objectives

User Management

Create, modify, and delete user accounts in Windows and Linux systems

Group Organization

Organize users into groups for efficient permission management

Permission Control

Grant and restrict access to files, folders, and system resources

Security Implementation

Implement security policies through proper access control

Why This Matters

The ability to grant permissions for reading, writing, modifying, executing, etc., to specific users and groups is one of the most important security features in an operating system.
Proper user and permission management is fundamental to system security and organization.

Key Concepts

Users

Users are entities allowed to perform actions on processes and files. When you log in to an operating system, the system grants you resources and allows you to:
  • Launch programs
  • Access files
  • Modify data
  • Execute applications
  • Use hardware resources
All within the bounds of your assigned permissions.

Groups

Groups are collections of users that share common permissions. Instead of assigning permissions to individual users, you can:
  1. Create a group
  2. Assign permissions to the group
  3. Add users to the group
  4. All group members inherit the permissions

Permissions

Permissions control what operations users can perform:

Read

View file contents or list directory contents

Write

Modify files or create/delete files in directories

Execute

Run programs or access directories

Topics Covered

1

User Accounts

Local users, built-in accounts, user properties, and profiles
2

Group Management

Creating groups, adding members, built-in groups, and group policies
3

Windows Permissions

NTFS permissions, ACLs (Access Control Lists), inheritance, and security policies
4

Linux Permissions

File permissions (rwx), ownership, chmod, chown, and special bits (SUID, SGID)
5

Practical Application

Real-world scenarios combining users, groups, and permissions

Built-in Users and Groups

Windows

Built-in Users:
  • Administrator: Full system access
  • Guest: Limited access for temporary users
  • DefaultUser0: Template for new users
Common Groups:
  • Administrators
  • Users
  • Power Users
  • Remote Desktop Users
  • Backup Operators

Linux

Built-in Users:
  • root (UID 0): Superuser with full system access
  • nobody: Unprivileged user for services
  • System users for daemons and services
Common Groups:
  • sudo/wheel: Administrative privileges
  • users: Regular users
  • www-data: Web server processes
  • adm: System monitoring

Access Control

Operating systems protect resources through access control mechanisms:
1

Authentication

User logs in and receives an authentication token
2

Authorization Request

User attempts to access a resource (file, printer, etc.)
3

ACL Check

System checks the Access Control List (ACL) of the resource
4

Permission Decision

Access granted or denied based on ACL entries (ACEs)

Learning Outcomes

By the end of this unit, you will be able to:
  • Create and manage user accounts in Windows and Linux
  • Organize users into groups effectively
  • Configure file and folder permissions
  • Implement security policies
  • Troubleshoot permission issues
  • Understand permission inheritance
  • Use command-line tools for user management
Improper permission configuration can lead to security vulnerabilities or prevent legitimate access. Always test permission changes carefully.

Best Practices Preview

Grant users only the minimum permissions necessary to perform their tasks.
Assign permissions to groups rather than individual users for easier management.
Maintain documentation of who has access to what and why.
Periodically review user accounts and permissions to remove unnecessary access.
Administrators should use regular accounts for daily work and admin accounts only when needed.

Build docs developers (and LLMs) love

Get started for freeTalk to us