Master Linux Permissions: From chmod to SUID, ACLs and sudo

1. Permission Overview

Linux file permissions are defined for three classes of users: owner (u), group (g), and others (o). Each class can have read (r), write (w), and execute (x) permissions. Directories also have r (list), w (create/delete), and x (enter) bits.

Permission bits can be represented in binary or octal; the umask masks default permissions.

2. Permission Management Commands

2.1 chmod

Use chmod MODE file... to change permissions. Options include -R for recursive, specifying user classes (u,g,o,a) and adding or removing bits with + or -.

# chmod u-w 111
# chmod o+w 111
# chmod a=rwx 111

2.2 chown

Only root can use chown to change file owner and group.

# chown user:group file
# chown -R user:group directory

3. Umask and Default Permissions

The default file mode (e.g., 644) and directory mode (755) are controlled by the umask. Example: umask 022 results in files created with 644 and directories with 755.

4. Linux Security Context and Special Permissions

4.1 Security Context

Execution permission determines whether a program can be started; the resulting process inherits the initiator’s UID and GID.

4.2 Special Permissions

SUID (4), SGID (2), and Sticky (1) modify the usual ownership rules. Use chmod u+s file for SUID, chmod g+s dir for SGID, and chmod o+t dir for Sticky.

5. Filesystem Access Control Lists (facl)

ACLs provide fine‑grained permissions beyond the traditional model. Commands: setfacl -m u:UID:perm file, setfacl -x u:UID file, getfacl file, and setfacl -b file to remove all ACL entries.

6. sudo

sudo allows a user to run commands as another user. Configuration is in /etc/sudoers edited with visudo. Syntax: who which_hosts=(runas) command. Various options control behavior, such as -l to list privileges, -V for version, etc.

7. Management Commands

Common utilities: w shows logged‑in users, last displays login history, sleep pauses execution, basename extracts the filename, and others for system monitoring.