Computing Foundations from Zero
by Sergey Okinchuk
Files, Folders, and the FilesystemDifferent Operating Systems
Topic 08

Users and Permissions

Concept

When you turn on a shared family laptop, it shows your desktop, your files, your wallpaper — not your roommate's. The computer knows which person is sitting in front of it, and that knowledge quietly decides what that person is allowed to do.

That idea — that a computer tracks who you are, and grants permission based on it — is called accounts and permissions. It looks like a small convenience feature, but it is the seed from which all computer security grows.

Two kinds of user
Regular user
Can open, change, and delete their own files. Can use installed apps. Cannot touch other people's files or system-wide settings.
Admin / root
Can change anything — anyone's files, system settings, installed software. All-powerful, and for that reason used sparingly.

What is a user account?

A user account is the computer's record of one person. It has a name you log in with, a password that proves you are that person, and a home — your own folder where your files and settings live, separate from everyone else's.

Logging in is how you tell the computer which account is yours. From that moment on, the operating system — the master program from the last chapter that runs everything else — attaches your identity to everything you do. Open an app, save a file, change a setting: the system records that this user did it, and checks whether this user is allowed to.

Even a computer with one person using it still has accounts under the hood. Servers — the always-on computers that run websites — often have dozens of accounts that are not people at all, but identities the system gives to its own programs. The principle is the same: every action belongs to some account.

What do permissions control?

A permission is a rule that says what a given account may do to a given thing. The three that matter most are simple: may this account read a file (look at it), change it (edit or overwrite it), and delete it. Each file and folder carries its own set of these rules.

This is why, on a shared computer, you can see and edit your own documents but get a "permission denied" message if you reach into someone else's home folder. The file's rules say your account may not read it, so the system stops you — not out of secrecy, but because that is exactly what permissions are for.

A building full of apartments makes the shape of it clear. Your key opens your own apartment and the shared front door, but not your neighbour's apartment. Permissions are that ring of keys: each account holds a set, and a locked door it has no key for simply will not open. We can drop the keys now and keep the real word — permissions.

The admin (or root) user

One account is different from all the rest. On Windows it is called the administrator, and on Linux and macOS it is called root, but it is the same idea: the account that is allowed to do anything. It can read and change every file, alter system-wide settings, and install or remove software for the whole machine.

In the building analogy, the admin holds the master key — the one key that opens every door. That power is genuinely useful: installing a program or changing a setting that affects everyone needs it. But it is exactly why the master key is handled with care.

The careful habit, on every operating system, is to do everyday work as a regular user and only step up to admin power for the rare task that truly needs it. A regular account can make a mistake; an admin account can make a mistake that breaks the whole computer. Working as admin all day means a single slip — or a single bad program you ran — has nothing standing in its way.

Why does this exist at all?

Permissions solve three problems at once. They keep your files private from other people sharing the machine. They keep one person's mistakes contained, so a wrong delete touches only that account's files, not everyone's. And they limit the damage a harmful program can do, because that program can only act with the permissions of whoever ran it.

That last point is the quiet reason this is the foundation of security. A program you run is not all-powerful — it inherits your account's permissions and no more. So a regular user who accidentally runs something harmful gives it only regular-user reach, while the same program run as admin could touch everything. Who you are, and what that identity is allowed to do, is the wall that contains the damage.

Common Confusions
  • "Everyone on a computer can see everything." No — each account can reach its own files, but the system blocks it from others' files unless the permissions explicitly allow it.
  • "Admin just means the first account you made." Not quite — admin is a level of permission, not a position in line. An account has admin power because it was granted it, and that power can be added to or removed from any account.
  • "Permissions only matter at work or on shared computers." They run constantly, even on your personal laptop — it is permissions that stop a random app from rewriting your system files.
  • "Running as admin makes the computer faster or better." It changes nothing about speed — it only removes the safety wall, so a mistake or a bad program can reach further.
Why It Matters
  • Every login screen, every "permission denied," and every "are you sure? enter your password" prompt is this idea in action.
  • The whole Security track builds on accounts and permissions — they are the first thing, not an advanced topic.
  • In the cloud, this same idea returns as IAM (identity and access management): deciding which accounts may do what to which resources, at huge scale.
  • Linux file permissions — read, change, delete, per account — are exactly the rules introduced here, just made precise.

Knowledge Check

On a shared laptop, what mainly decides whether you can open a particular file?

  • Whether your account's permissions allow it to read that file
  • How quickly the storage hardware can load a file of that particular size
  • The order in which you opened your apps after logging in
  • Whether the file was created more recently than your account

Why is it a careful habit to do everyday work as a regular user rather than as admin?

  • A mistake or bad program then has only regular-user reach, not the whole machine
  • Regular accounts make the computer run noticeably faster than admin accounts ever do
  • Regular accounts are the only ones that are allowed to install any apps at all
  • Admin accounts cannot be protected with a password, which is what makes them unsafe

A program you run accidentally turns out to be harmful. Why does your account level matter?

  • The program can only do what your account is permitted to do, and no more
  • A program always has full power over the computer regardless of the account
  • The operating system deletes the program before it can touch any files
  • Your password blocks every program from changing files once you log in

You got correct