Master Linux Permissions: From Basics to Advanced Control

Master Linux Permissions: From Basics to Advanced Control

Introduction

In the vast world of Linux, permission management is like an eagle soaring over the system, controlling security and order. Understanding Linux permissions helps you manage the system efficiently and prevent unauthorized access and data leaks.

1. Linux Permission Basics

1.1 Concept and Importance

Linux is a multi‑user OS; permissions protect system resources from unauthorized users. Permissions determine whether an action is allowed.

1.2 Different User Categories

1.2.1 User Classification

Root (superuser) : unrestricted access, prompt "#". Normal user : limited actions, prompt "$".

1.2.2 Switching Users

Normal users may need to switch to the superuser to perform privileged operations.

Normal user → Superuser

Syntax : su or su - Explanation : Prompts for the root password; no echo during password entry.

Superuser → Normal user

Syntax : su [username] Explanation : Superuser can switch without a password; normal users must provide the target user's password.

To exit a switched session, use exit or Ctrl+D.

1.2.3 sudo Command

Syntax : sudo <command> Function : Allows a normal user to execute a command with superuser privileges after being added to the sudoers list. Example: user hjz is not in sudoers, so cannot use sudo until root adds the user.

1.3 Permission Representation

Permissions are expressed as a combination of role (owner, group, others) and attributes (read, write, execute).

Use ls -l to view file permissions.

1.3.1 Linux Roles

Owner (u) : file owner. Group (g) : users belonging to the file's group. Others (o) : all other users.

Only one role is matched at a time; the system checks owner first, then group, then others.

1.3.2 File Types

Common file type symbols:

- : regular file d : directory l : symbolic link b : block device p : pipe c : character device s : socket

1.3.3 Basic Permissions

Permissions are shown by nine characters (r, w, x or -) grouped as owner, group, others.

r (read/4): read file or list directory. w (write/2): modify file or delete/move within a directory. x (execute/1): execute file or enter directory. - : no permission.

2. Modifying Permissions

Only the file owner or the superuser can change permissions.

2.1 chmod Command

Syntax : chmod [options] mode file Function : Set file access permissions. Common option : -R for recursive changes. Roles are represented by u , g , o and modified with + or - .

Permissions can also be expressed in octal notation.

2.1.1 Octal Representation

Read = 4 Write = 2 Execute = 1 None = 0 Example: rwxr-xr-- → 754 (7 = 4+2+1, 5 = 4+0+1, 4 = 4+0+0).

Thus: chmod 754 file sets those permissions.

2.2 chown Command

Syntax : chown [options] user file Function : Change file owner. Example: chown hjz hello.txt makes hjz the owner.

2.2 chgrp Command

Syntax : chgrp [options] group file Function : Change file's group. Example: chgrp hjz hello.txt sets the group to hjz .

2.3 umask Command

When creating new files or directories, default permissions are filtered by the umask.

Default file mode: 666 Default directory mode: 777 Actual permissions = default mode & ~umask. Typical umask is 022 , resulting in files with 644 and directories with 755 .

3. Directory Permissions and Sticky Bit

3.1 Directory Permissions

Execute (x) : required to cd into a directory. Read (r) : required to list contents with ls . Write (w) : required to create or delete files inside.

Deletion of a file is governed by the directory's permissions, not the file itself.

3.2 Sticky Bit

Set with chmod +t. It ensures that only the superuser, the directory owner, or the file owner can delete or rename files within that directory (e.g., /tmp).

Syntax : chmod +t directory Function : Restricts deletion to privileged users.