Master Linux Permissions: From Basics to Advanced Control

Linux Permission Basics

Linux uses a permission model to control which users can read, write, or execute files and directories. Permissions are evaluated per file system object and consist of three role groups: owner (u), group (g), and others (o).

User categories

Root (superuser) : unlimited access, prompt #.

Normal user : limited privileges, prompt $.

Switching users

Use su or su - to become the superuser (password required). Use exit or press Ctrl+D to return to the previous user.

sudo command

Syntax: sudo command. Allows a normal user to execute a command with root privileges if the user is listed in /etc/sudoers.

Permission representation

Each role has three bits: read ( r, value 4), write ( w, value 2), execute ( x, value 1). Absence of a permission is shown as -. Example: rwxr-xr-- corresponds to octal 754 ( 7 =rwx, 5 =r‑x, 4 =r‑‑).

The first character of ls -l output indicates the file type: -: regular file d: directory l: symbolic link b: block device c: character device p: pipe s: socket

Modifying Permissions

chmod command

Syntax: chmod [options] mode file. Common option -R applies changes recursively.

Mode can be expressed symbolically, e.g., u+rwx,g+rx,o-r, or numerically in octal, e.g., 754. To set permissions directly: chmod 754 filename.

chown command

Syntax: chown [options] user[:group] file. Example: chown hjz hello.txt changes the owner of hello.txt to hjz.

chgrp command

Syntax: chgrp [options] group file. Example: chgrp hjz hello.txt changes the group ownership of hello.txt to hjz.

umask command

umask

displays or sets the default permission mask. New files start with mode 666 and directories with 777; the final mode is calculated as final = initial & (~umask). For example, umask 022 yields files with mode 644 and directories with 755.

Directory Permissions and Sticky Bit

Directory permission bits

Execute (x) : required to cd into the directory.

Read (r) : allows listing the directory’s contents.

Write (w) : permits creating, renaming, or deleting entries; deletion is governed by the directory’s write and execute bits, not the file’s own permissions.

Sticky bit

Set with chmod +t directory. When the sticky bit is set, only the file’s owner, the directory’s owner, or root may delete or rename files within that directory. This is commonly used on /tmp to prevent users from removing each other’s temporary files.