Master Linux File Permissions: Basics, SetUID, SetGID & Sticky Bits

Linux Permission Management

1. Permission Overview

Permission: In a computer system, a permission is the right of a user to use software resources.

Think: What are the two parts of computer resources?

Hardware resources – disks, CPU, memory, network cards, etc.

Software resources – the operating system (special software) and applications, which are essentially files on disk.

Summary: The permissions discussed here refer to file permissions on file resources.

2. Purpose of Permission Settings

File permissions are set so that a specific user can operate on a file.

3. Classification of File Permissions

Normal permissions – permissions a user normally has when operating a file.

Advanced permissions – special permissions needed when normal rights are insufficient.

Default permissions – the permissions a file receives automatically when created.

4. Normal Permissions (Focus)

4.1 Understanding rwx

Read (r) – value 4. For directories, allows listing contents; for files, allows viewing content (cat, less, etc.).

Write (w) – value 2. For directories, allows creating, deleting, renaming entries; for files, allows modifying content (vi, vim).

Execute (x) – value 1. For directories, allows entering (cd); for files, allows executing the file.

No permission – represented by ‘-’ and value 0.

4.2 Understanding UGO

UGO represents three user categories:

U (user/owner) – the file's owner.

G (group) – users belonging to the file's group.

O (others) – users not in the owner or group.

Additionally, a stands for all users (U+G+O).

4.3 Determining Permissions

# ls -l
-rw-r--r-- 1 root root 9 Mar 2 20:38 script.sh
-rw------- 1 root root 1651 Feb 28 11:00 anaconda-ks.cfg
drwxr-xr-x 2 root root 4096 Mar 6 18:34 Desktop

5. Modifying Normal Permissions (chmod)

5.1 Symbolic Form

# chmod u+x file1
# chmod g+w file1
# chmod o-r file1
# chmod u+x,g+w,o-r file3
# chmod u=rw,g=rx,o+r file3

5.2 Numeric Form

# chmod 644 file1
# chmod 700 file2
# chmod -R 755 dir1

5.3 Recursive Modification

# chmod -R o+w dir1/

6. Advanced Permissions (Overview)

6.1 SetUID (Adventure Bit)

Allows a program to run with the file owner's privileges.

Symbol: s or S, numeric: 4.

Set with chmod u+s filename or chmod 4xxx filename.

6.2 SetGID (Mandatory Bit)

For directories, newly created files inherit the directory's group.

Symbol: s or S, numeric: 2.

Set with chmod g+s filename or chmod 2xxx filename.

6.3 Sticky Bit

Used on public directories; only the file owner or root can delete files.

Symbol: t or T, numeric: 1.

Set with chmod o+t filename or chmod 1xxx filename.

7. Default Permissions (umask)

7.1 What is umask?

umask defines the default permission mask applied when a file or directory is created.

# umask
0022
# su - user01
$ umask
0002

7.2 Temporary vs Permanent Settings

Temporary: umask 0007 affects only the current shell.

Permanent: add umask 0007 to /etc/bashrc (global) or ~/.bashrc (per‑user) and source the file.

8. Ownership (chown & chgrp)

# chown user file
# chown user:group file
# chown .group file   # change only group
# chgrp group file
# chown -R user:group directory   # recursive

9. ACL Access Control (Extended)

9.1 What ACL Can Do

Provide fine‑grained permissions beyond traditional rwx.

Assign specific rights to individual users or groups.

9.2 Setting ACLs (setfacl)

# setfacl -m u:user01:rwx /home/redhat/file1   # grant user
# setfacl -m g:sysadmin:rwx /home/redhat/file1 # grant group
# setfacl -x u:user01 /home/redhat/file1       # remove user
# setfacl -b /home/redhat/file1               # delete all ACLs
# setfacl -R -m u:user01:rwX /var/www          # recursive

9.3 Viewing ACLs (getfacl)

# getfacl /path/to/file