BestHub
search
Sign in
Operations 23 min read

Master Linux Permissions: From chmod to SUID, ACLs and sudo

This guide explains Linux file permission fundamentals, covering owner/group/other rights, chmod and chown usage, umask defaults, special bits like SUID/SGID/Sticky, ACL management, sudo configuration, and essential system commands for effective operations.

Raymond Ops
Raymond Ops
Raymond Ops
Master Linux Permissions: From chmod to SUID, ACLs and sudo

1. Permission Overview

Linux file permissions are defined for three classes of users: owner (u), group (g), and others (o). Each class can have read (r), write (w), and execute (x) permissions. Directories also have r (list), w (create/delete), and x (enter) bits.

Permission bits can be represented in binary or octal; the umask masks default permissions.

2. Permission Management Commands

2.1 chmod

Use

chmod MODE file...

to change permissions. Options include -R for recursive, specifying user classes (u,g,o,a) and adding or removing bits with + or -.

# chmod u-w 111
# chmod o+w 111
# chmod a=rwx 111

2.2 chown

Only root can use

chown

to change file owner and group.

# chown user:group file
# chown -R user:group directory

3. Umask and Default Permissions

The default file mode (e.g., 644) and directory mode (755) are controlled by the umask. Example:

umask 022

results in files created with 644 and directories with 755.

4. Linux Security Context and Special Permissions

4.1 Security Context

Execution permission determines whether a program can be started; the resulting process inherits the initiator’s UID and GID.

4.2 Special Permissions

SUID (4), SGID (2), and Sticky (1) modify the usual ownership rules. Use

chmod u+s file

for SUID,

chmod g+s dir

for SGID, and

chmod o+t dir

for Sticky.

5. Filesystem Access Control Lists (facl)

ACLs provide fine‑grained permissions beyond the traditional model. Commands:

setfacl -m u:UID:perm file

,

setfacl -x u:UID file

,

getfacl file

, and

setfacl -b file

to remove all ACL entries.

6. sudo

sudo allows a user to run commands as another user. Configuration is in

/etc/sudoers

edited with

visudo

. Syntax:

who which_hosts=(runas) command

. Various options control behavior, such as

-l

to list privileges,

-V

for version, etc.

7. Management Commands

Common utilities:

w

shows logged‑in users,

last

displays login history,

sleep

pauses execution,

basename

extracts the filename, and others for system monitoring.

LinuxACLPermissionschmodchownsudoumask
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment