BestHub
Sign in
Information Security 22 min read

Master Linux File Permissions: From Basics to Advanced ACLs

This guide explains Linux file permissions, covering the concepts of read, write, and execute bits, the UGO model, symbolic and numeric chmod usage, advanced bits like setuid, setgid, sticky, default permissions via umask, ownership changes, and an introduction to ACLs.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Master Linux File Permissions: From Basics to Advanced ACLs

1. Overview of Permissions

1.1 What is Permission

Permission: In a computer system, permission refers to the right of a user to use software resources.

Think: What are the two parts of computer resources?

Hardware resources: hard disk, CPU, memory, NIC, etc.

Software resources: OS (special software), applications. In Linux, everything is a file.

Summary:

In this lecture, permission refers to the file resource permissions, i.e., file permissions.

1.2 Purpose of Permission Settings

The purpose of setting file permissions is to allow a user the right to operate a file.

1.3 Classification of File Permissions

Normal permissions : Permissions a user normally has to operate a file.

Advanced permissions : Special needs that cannot be satisfied by normal permissions, requiring advanced permissions.

Default permissions : Permissions automatically assigned when a file is created.

Note: Permissions are set on the file, not on the user.

2. Normal Permissions (Key)

2.1 Understanding rwx meaning

1. Read permission — r (read)

For directories: r allows listing contents (ls).

For regular files: r allows viewing the content (cat, less, etc.).

Read permission r is represented by the number 4 .

2. Write permission — w (write)

For directories: w allows creating, deleting, renaming files (mkdir, touch, mv, rm).

For regular files: w allows modifying the file content (vi, vim).

Write permission w is represented by the number 2 .

3. Execute permission — x (execute)

For directories: x allows entering the directory (cd).

For regular files: x allows executing the file (scripts, binaries).

Execute permission x is represented by the number 1 .

4. No permission — dash (-)

No permission is shown as a dash and is represented by 0 .

2.2 Understanding UGO

1. What does UGO represent?

UGO denotes user identity; each letter stands for a different identity.

U (owner): file owner or creator.

G (group): users belonging to the file’s group (default is creator’s primary group).

O (others): users not in the file’s group and not the owner.

Note: In addition to UGO, there is a (all users) which includes U, G, and O.

2. How to determine permissions for each identity?

# ls -l
-rw-r--r--. 1 root root 9 Mar 2 20:38 1.sh
-rw-------. 1 root root 1651 Feb 28 11:00 anaconda-ks.cfg
drwxr-xr-x. 2 root root 4096 Mar 6 18:34 Desktop
drwxr-xr-x. 2 root root 4096 Feb 28 14:12 dir1

2.3 Modifying Normal Permissions (chmod)

1. chmod command usage

chmod [options] filename
Common options:
-R, --recursive   Change permissions recursively

2. Examples

2.1 Change permissions using symbolic mode

u: file owner
g: file group
o: others
a: all users

# mkdir /tmp/dir1
# touch /tmp/dir1/file{1..5}
# touch /tmp/test{1..3}
# ll /tmp/ -R

Add execute for owner

# chmod u+x test1
# ll test1
-rwxr--r--. 1 root root 0 Mar 6 20:45 test1

Add write for group

# chmod g+w test1
# ll test1
-rwxrw-r--. 1 root root 0 Mar 6 20:45 test1

Remove read for others

# chmod o-r test1
# ll test1
-rwxrw----. 1 root root 0 Mar 6 20:45 test1

... (additional examples omitted for brevity) ...

2.2 Change permissions using numeric mode

Learn numeric representation:

r — 4
w — 2
x — 1
- — 0

rw- = 6 4 4
rwx rw- --- = 7 6 0
755 = rwx r-x r-x
644 = rw- r-- r--

Apply numeric mode:

# chmod 644 file1
# chmod 700 file2
# chmod -R 755 dir1

2.3 Classroom Exercises

Create users user01~user05 and an admin group.

Add user01~user03 to the admin group.

User01 creates files file1~file3 in its home directory.

User02 edits /home/user01/file1 with content "good good study, day day up!".

User05 appends "I known" to /home/user01/file1.

User04 deletes all files in /home/user01.

3. Advanced Permissions (Overview)

3.1 Types of Advanced Permissions

1. Setuid (adventure bit)

Temporarily grants the file’s owner permissions to the executor.

Usually applied to executable files or scripts.

Symbol: s or S; numeric: 4.

Set with chmod u+s filename or chmod 4xxx filename.

2. Setgid (mandatory bit)

Applied to directories; new files inherit the directory’s group.

Symbol: s or S; numeric: 2.

Set with chmod g+s filename or chmod 2xxx filename.

3. Sticky bit

Used for public directories; only root or the file’s owner can delete files.

Symbol: t or T; numeric: 1.

Set with chmod o+t filename or chmod 1xxx filename.

3.2 Setting Advanced Permissions

1. Setuid example

# which vim
/usr/bin/vim
# chmod u+s /usr/bin/vim
# chmod 4755 /usr/bin/vim
# ll /usr/bin/vim
-rwsr-xr-x. 1 root root 2324712 Dec 22 2016 /usr/bin/vim
# su - user01
$ vim /etc/passwd   # test if user01 can modify the file

2. Setgid example

# ll -d dir2
drwxr-xr-x. 2 root root 4096 Mar 6 13:42 dir2
# chmod g+s dir2
# chmod o+w dir2
# ll -d dir2
drwxr-srwx. 2 root root 4096 Mar 6 13:42 dir2
# su - user01
$ touch /tmp/dir2/file1
# ll /tmp/dir2/file1
-rw-rw-r--. 1 user01 root 0 Mar 6 13:44 /tmp/dir2/file1

3. Sticky bit example

# mkdir /tmp/dir3
# chmod 777 /tmp/dir3
# chmod o+t /tmp/dir3   # or chmod 1777 /tmp/dir3
# ll -d /tmp/dir3
drwxrwxrwt. 2 root root 4096 Mar 6 13:52 /tmp/dir3

4. Default Permissions (Overview)

4.1 What are default permissions?

Default permissions (mask) are the permissions a file receives automatically upon creation, without explicit setting.

4.2 Who controls default permissions?

The umask determines default permissions.

4.3 How umask controls defaults

1. Temporary control

Use umask command; effective only in the current shell.

# umask
0022
# su - user01
$ umask
0002

Explanation of calculation…

2. Permanent control

Modify global config files (/etc/profile, /etc/bashrc) or user‑specific files (~/.bashrc, ~/.bash_profile) to set umask.

# vim /etc/bashrc
umask 0007
# source /etc/bashrc

5. Changing File Owner and Group

5.1 Using chown

chown

can change owner and/or group.

# chown user file
# chown user:group file
# chown :group file
# chown -R user:group directory

5.2 Using chgrp

chgrp

changes only the group.

# chgrp group file

6. ACL Access Control (Extended)

6.1 What can ACL do?

Supplement traditional permissions for finer‑grained control.

Set permissions for specific users.

Set permissions for groups.

6.2 Setting ACL (setfacl)

# setfacl -m u:user:rwx file1   # grant user permissions
# setfacl -m g:group:rwx file1  # grant group permissions
# setfacl -x u:user file1       # remove user permissions
# setfacl -b file1              # delete all ACLs

6.3 Viewing ACL (getfacl)

# getfacl filename
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxSystem AdministrationACLchmodFile Permissionsumask
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment