Master Linux Permissions: From Shell to chmod, su, sudo and Sticky Bit

Linux Permissions Commands

Preface

This article introduces several Linux permission‑related commands.

Shell Commands

Linux is an operating system with a kernel at its core. Users cannot interact directly with the kernel, so a "shell" acts as an intermediary, translating user commands into kernel‑understandable symbols and returning the results. The shell is essentially a command interpreter.

The shell’s main functions are:

Translate commands and pass them to the kernel for execution.

Translate the kernel’s results back to the user.

Illustrating the Shell

Imagine a matchmaker who conveys messages between two parties; the matchmaker is the shell.

Why a Shell?

It makes the system easier for users.

It protects the kernel by acting as a protective layer.

Permission Concepts

Linux permissions are divided into two account types: the root account (superuser) and regular accounts.

root account: has unrestricted permissions. Regular account: limited permissions, can only perform certain actions.

su Command

Command: su username Function: Switch to another user.

hyc@hcss-ecs-4ce7:/$ whoami
hyc
# Switch to root
hyc@hcss-ecs-4ce7:/$ su
Password: 
root@hcss-ecs-4ce7:/# whoami
root
# Switch to a regular user without password
root@hcss-ecs-4ce7:/# su hyc
hyc@hcss-ecs-4ce7:/$ whoami
hyc

Using su - changes the working directory to the target user's home, while plain su retains the current directory.

hyc@hcss-ecs-4ce7:/$ pwd
/
hyc@hcss-ecs-4ce7:/$ su
Password: 
root@hcss-ecs-4ce7:/# pwd
/
hyc@hcss-ecs-4ce7:/$ su -
Password: 
root@hcss-ecs-4ce7:~# pwd
/root

sudo: Temporary Privilege Elevation

If you need root privileges without knowing the root password, prepend sudo to the command.

hyc@hcss-ecs-4ce7:~$ sudo ls
[sudo] password for hyc:

Only users granted sudo rights by the root can use it; otherwise an error is shown.

hyc@hcss-ecs-4ce7:~$ sudo ls
hyc is not in the sudoers file. This incident will be reported.

Permission Management

Permissions define what actions a user can perform.

Permissions restrict users.

Each permission is a combination of role and attribute (read, write, execute).

Attributes

Linux file attributes are read (r), write (w), and execute (x).

Read (r): files – can read content; directories – can list contents.

Write (w): files – can modify content; directories – can delete/rename entries.

Execute (x): files – can run as a program; directories – can enter.

Roles

Permissions are evaluated in the order: owner → group → other.

The current user can be identified with whoami or id.

File Permission Representation

Example:

`-rw-r--r-- 1 root root 22902 May 18 11:51 new.txt`

Owner: rw, Group: r, Other: r.

chmod Command

Syntax: chmod [options] mode file

Options: -R: apply recursively.

Modes can be symbolic (u+w, g-w) or octal (644, 755).

Symbolic Mode

Examples:

# Remove write permission for owner
chmod u-w new.txt
# Add write permission for group
chmod g+w new.txt

Octal Mode

Octal digits represent owner, group, other permissions.

# Remove all permissions
chmod 000 new.txt
# Set permissions to rw-rw--wx
chmod 663 new.txt

Permission Modification Tips

Only root or the file owner can change permissions.

If you lack permission, the system rejects the command.

Deletion of a file depends on the write permission of its containing directory, not the file itself.

chown and chgrp Commands

chown syntax: chown user file

Changes file owner; requires root.

chgrp syntax: chgrp group file

Changes file group; also requires root.

# As root, change owner and group
chown hyc new.txt
chgrp hyc new.txt

Directory Permission Issues

For directories, the three bits have specific meanings:

r : list contents.

w : create or delete entries.

x : enter the directory.

Removing any of these bits restricts the corresponding operation.

Sticky Bit

When multiple users share a directory, the sticky bit prevents users from deleting others' files.

Enable it with: chmod +t /path/to/directory Effects:

Only root can delete files.

Only the file owner can delete their own files.

Only the directory owner can delete files within it.

The system’s /tmp directory is a common example; its permission string ends with a t indicating the sticky bit.

Umask

Umask defines default permission masks applied when new files or directories are created.

Root umask: 022 Regular user umask: 002

Final permissions = initial permissions & (~umask).

Umask allows customizing default permissions for flexibility.

Summary

• Switch users: su (keeps directory) or su - (changes to home). • Elevate commands temporarily: sudo . • Modify permissions: chmod (symbolic or octal). • Change ownership: chown , chgrp (root required). • Directory permissions control listing, creation, and traversal. • Sticky bit secures shared directories. • Umask sets default permission masks.