Master Linux File Permissions: From Basics to Advanced ACLs

Permission Overview

In Linux, a permission defines what actions a user or group can perform on a file or directory. Resources are divided into hardware (disk, CPU, memory, NIC) and software, and in Linux everything is treated as a file, so permissions are essentially file permissions.

Purpose of Permission Settings

Permissions are set to grant specific users the right to operate on files or directories.

Types of File Permissions

Normal permissions : Regular rights for typical file operations.

Advanced permissions : Special rights (setuid, setgid, sticky) when normal permissions are insufficient.

Default permissions : Permissions automatically assigned when a file or directory is created.

Understanding Normal Permissions (rwx)

Read (r)

Directory: Allows listing its contents (e.g., ls).

File: Allows viewing the file content (e.g., cat, less).

Numeric value: 4.

Write (w)

Directory: Allows creating, deleting, renaming entries (e.g., mkdir, rm).

File: Allows modifying its content (e.g., using vi).

Numeric value: 2.

Execute (x)

Directory: Allows entering the directory ( cd).

File: Allows executing the file (scripts, binaries).

Numeric value: 1.

No Permission (-)

Represented by a dash; numeric value 0.

Understanding UGO

UGO stands for User, Group, Other – the three categories of users that permissions apply to.

U (owner): The file’s owner.

G (group): Users belonging to the file’s group.

O (others): All other users.

Additionally, a represents all users (U+G+O).

Checking Permissions

# ls -l

Sample output shows permission strings such as -rw-r--r-- for a regular file.

Modifying Normal Permissions with chmod

Symbolic mode

# chmod u+x file1          # add execute for owner
# chmod g+w file1          # add write for group
# chmod o-r file1          # remove read for others

Numeric mode

# chmod 644 file1          # rw-r--r--
# chmod 700 file2          # rwx------
# chmod -R 755 dir1       # rwxr-xr-x for directory and its contents

Recursive changes

# chmod -R o+w dir1        # give write permission to others for all files in dir1

Advanced Permissions

Setuid (S)

When set on an executable, the process runs with the file owner’s privileges. Set with chmod u+s file or chmod 4755 file.

Setgid (S)

When set on a directory, new files inherit the directory’s group. Set with chmod g+s dir or chmod 2755 dir.

Sticky bit (T)

Used on public directories; only the file owner or root can delete files. Set with chmod o+t dir or chmod 1777 dir.

Default Permissions (umask)

Temporary control

# umask 0007   # sets temporary mask for the current shell

File default permission = max (0666) – umask; directory default = max (0777) – umask.

Permanent control

Modify configuration files such as /etc/bashrc or ~/.bashrc and add umask 0007 to apply system‑wide or per‑user.

Ownership Management

Viewing owner and group

# ls -l filename

Changing owner/group

# chown user file          # change owner only
# chown user:group file    # change both
# chown :group file       # change group only
# chgrp group file        # alternative for group change
# chown -R user:group dir # recursive change

ACL (Access Control List) Extensions

Setting ACLs

# setfacl -m u:user1:rwx file      # grant specific user
# setfacl -m g:group1:rwx file     # grant specific group
# setfacl -x u:user1 file          # remove user entry
# setfacl -b file                 # delete all ACLs
# setfacl -R -m u:user1:rw dir    # recursive grant

Viewing ACLs

# getfacl file

ACLs provide fine‑grained permission control beyond the traditional UGO model.