1. Users and groups — Every user has a UID (user ID) and belongs to a primary group (GID) plus optional supplementary groups. User info lives in /etc/passwd, passwords in /etc/shadow, groups in /etc/group.

• useradd -m -s /bin/bash username — create user with home directory
• usermod -aG docker username — add user to supplementary group
• userdel -r username — delete user and home directory
• groupadd devops — create a group
• id username — show UID, GID, and group memberships

1. File ownership — Every file has an owner (user) and a group. chown changes ownership:

• chown user:group file — change both owner and group
• chown -R user:group directory/ — recursive ownership change
• chgrp group file — change group only

New files inherit the creating user's UID and primary GID.

1. Permission model (rwx) — Three permissions applied to three scopes:

Displayed as: -rwxr-xr-- = owner rwx, group r-x, others r--

1. chmod — changing permissions — Two notations:

• Symbolic: chmod u+x script.sh, chmod go-w file.txt, chmod a+r public.html
• Octal: chmod 755 script.sh (rwxr-xr-x), chmod 644 config.txt (rw-r--r--), chmod 600 secret.key (rw-------)

Common patterns: 755 for executables/directories, 644 for regular files, 600 for sensitive files, 700 for private directories.

1. Sudo and privilege escalation — Root (UID 0) bypasses all permission checks. sudo allows specific users to execute commands as root (or another user) based on rules in /etc/sudoers. Best practice: never log in as root; always use sudo for administrative commands. sudo -l shows what the current user is allowed to run.