User accounts have properties that define some characteristics of the user, such as their home directory or preferred shell. The UID is a numerical user property that uniquely identifies a user in the system. The first user that you create in the system usually has the UID of 1000. The UID increments by one for every new user.

Users with a UID of less than 1000 are known as system users. Linux uses system users to run special services. The operating system creates several system users during installation, and some software might require a system user to operate.

A user group or group is a collection of users that share characteristics such as file permissions. When Linux creates a user, it also creates a group with the same name as the username. This group is known as the primary group of the user.

A user can be a member of many groups. Any group other than the primary group is known as a secondary or supplementary group. The GID of the primary group is usually the same as the UID. Similar to a UID, a GID for a regular user starts at 1000.

In the following example, the developer1 user has a UID of 1020. The developer1 user is a member of the developer1 and the java-devs groups. The developer1 group is the default group that is created by the system, and it is the primary group for this user.

[user@host ~]# id developer1
uid=1020(developer1) gid=1020(developer1) groups=1020(developer1),1030(java-devs)

You use the id command with -g option to print the GID of a user's primary group. Additionally, you can also use the --name option to print the group's name instead of the ID number.

[user@host ~]$ id -g developer1
1020
[user@host ~]$ id -g --name developer1
developer1

You can also view group information by using the groups command. By default, the groups command shows the group membership of the current user. In the following example, you view the group membership of the developer1 user.

[user@host ~]$ groups developer1
developer1 : developer1 java-devs

You can view and update file ownership information in the Files application. Navigate to the file or directory, right-click the item and click Properties from the context menu.

In the following example, the mynotes.txt file is owned by the logged-in operator1 user, so the Owner label displays Me. The drop-down list for the Group field displays operator1 as the group owner.

Figure 5.1: File ownership example

On the command line, you use the ls command with -l option to view file ownership information.

In the following example, the operator1 user is a member of the finance group. The listed files are owned by the operator1 user, but the Artifacts directory is owned by the finance group. This configuration allows the operator1 user to create files in the Artifacts directory, even if the /Projects/Artifacts/ directory is not the home directory for the operator1 user.

[user@host ~]$ ls -l /projects/
total 46824
drwxr-xr-x. 2 operator1 finance          6 Oct 31 02:17 Artifacts
-rw-r--r--. 1 operator1 operator1  5371104 Oct 31 02:06 FirstQuarter.xlsx
-rw-r--r--. 1 operator1 operator1 42188800 Oct 31 02:11 LinuxCommands.pdf
-rw-r--r--. 1 operator1 operator1   383800 Oct 31 02:04 standup-notes.txt

You update file ownership by using the chown command. The chown command requires two arguments: the new owner (either a user or a group) and the target file or directory. You provide the user or group in the user:group format. You must use a colon (:) to separate the user from the group, or to define only the group.

In the following example, two users interact with a directory. Note the username in the command prompt to identify which user is running which command.

The developer1 and developer2 users are members of the java-devs group. The developer1 user and the dev1 group own the /Projects/Java-code directory. The directory has the required permissions for group members to create files.

[developer1@host ~]$ ls -ld /Projects/Java-code/
drwxrwxr-x. 2 developer1 dev1 6 Oct 31 12:37 /Projects/Java-code/

The following command fails because the developer2 user is not a member of the dev1 group.

[developer2@host ~]$ touch /Projects/Java-code/README.md
touch: cannot touch '/Projects/Java-code/README.md': Permission denied

In the following command, the developer1 user changes the group owner of the Java-code directory to the java-devs group. The developer1:java-devs argument sets the user owner as developer1 (no changes) and the group owner as java-devs. This action grants access to the developer2 user through the java-devs group. The developer1 user is still the user owner of the directory.

[developer1@host ~]$ chown developer1:java-devs /Projects/Java-code/
[developer1@host ~]$ ls -ld /Projects/Java-code/
drwxrwxr-x. 2 developer1 java-devs 6 Oct 31 12:37 /Projects/Java-code/

Because the developer2 user is a member of the java-devs group, the developer2 user can create a file in the Java-code directory.

[developer2@host ~]$ touch /Projects/Java-code/README.md
[developer2@host ~]$ ls -l /Projects/Java-code/
total 0
-rw-r--r--. 1 developer2 dev2 0 Oct 31 15:46 README.md

Instead of providing the regular user with administrative credentials, you can grant the regular user granular privileges to perform the required tasks. These privileges are granted by impersonating a privileged user, usually the root user. When you impersonate a user, you use a command as if you were the impersonated user. This privilege is commonly known as sudo privilege or sudo access. The term sudo means "superuser do" or "substitute user do".

To use a sudo privilege, you use the sudo command. You must define the sudo command before the command that requires escalated privileges. The sudo command prompts for a password, which is usually the regular user's password.

In this example, you use the sudo command to change only the group owner of the /Finance/Sales directory to the sales-team group. Because your user account has sudo privilege, you use you use the sudo command to impersonate the root user. Otherwise, you would not be able to change the permissions on the directory because you are not the owner.

[user@host ~]$ ls -ld /Finance/Sales/
drwxrwxr-x. 2 manager030 manager030 23 Oct 31 15:46 /Finance/Sales/
[user@host ~]$ sudo chown :sales-team /Finance/Sales
[sudo] password for user: password
drwxrwxr-x. 2 manager030 sales-team 23 Oct 31 15:46 /Finance/Sales/

You can use the sudo -l command to list your sudo privileges.

[user@host ~]$ sudo -l
[sudo] password for user:
...output omitted...

User user may run the following commands on host:
    (root) /bin/chown * /Finance/*

Changing the ownership of files and directories is especially useful when you use sudo privileges to manipulate files. For example, if you use sudo privileges to copy a directory, then the owner of the directory is the root user. You might want to change the owner of the directory to your regular user account. In these scenarios, you might use the chown command with the -R option to recursively update the owner of all the directory contents.