Master Linux Permissions: From su and sudo to chmod and Sticky Bit

Linux Permissions Commands

Preface

This article introduces several Linux permission-related commands.

Shell Commands

Linux is an operating system with a kernel; users interact through a shell, which translates commands for the kernel and returns results. The shell is essentially a command interpreter whose main functions are to translate commands to the kernel and return the execution results.

Understanding the Shell : It acts as an intermediary, similar to a matchmaker translating messages between two parties.

Why a Shell?

Convenient for users.

Protects the kernel.

Permission Concepts

Linux permissions are divided into two account types: the root account (superuser) and regular accounts.

Root account: unlimited privileges. Regular account: limited privileges.

su Command

Command: su username Function: Switch user.

hyc@host:/$ whoami
hyc
# Switch to root
hyc@host:/$ su
Password: 
root@host:/# whoami
root
# Switch to regular user (no password needed)
root@host:/# su hyc
hyc@host:/$ whoami
hyc

Difference between su and su -

hyc@host:/$ pwd
/
hyc@host:/$ su
Password: 
root@host:/# pwd
/
hyc@host:/$ pwd
/
hyc@host:/$ su -
Password: 
root@host:~# pwd
/root

sudo: Short‑term privilege escalation

When a user needs root privileges without knowing the root password, prefix the command with sudo.

hyc@host:~$ sudo ls
[sudo] password for hyc:

If a user lacks sudo rights, the system reports:

hyc@host:~$ sudo ls
[sudo] password for hyc:
hyc is not in the sudoers file. This incident will be reported.

Permission Management

Permissions define what actions a user can perform.

Permissions apply to people.

Permission = role + target attributes.

Attributes

Linux attributes are read (r), write (w), and execute (x).

Read: files can be read; directories can be listed.

Write: files can be modified; directories can have contents removed.

Execute: files can be run; directories can be entered.

Roles

Roles are determined by the file owner, the owning group, and others.

The whoami command shows the current role.

File Permission Representation

1. Symbolic notation

Three characters per set (r, w, x) represent owner, group, and others.

2. Octal notation

chmod Command

Syntax: chmod [options] mode file

Function: Change file permissions (only root or the file owner can modify).

Option:

-R: Recursively change permissions of all files in a directory.

Parameters:

u: owner g: group o: others a: all

Examples :

root@host:~# ls -l
- rw- r-- r-- 1 root root 22902 May 18 11:51 new.txt
# Remove write permission from owner
root@host:~# chmod u-w new.txt
- r-- r-- r-- 1 root root 22902 May 18 11:51 new.txt
# Add write permission back
root@host:~# chmod u+w new.txt
- rw- r-- r-- 1 root root 22902 May 18 11:51 new.txt
# Remove both read and write from owner
root@host:~# chmod u-rw new.txt
- --- r-- r-- 1 root root 22902 May 18 11:51 new.txt
# Add read and write back
root@host:~# chmod u+rw new.txt
- rw- r-- r-- 1 root root 22902 May 18 11:51 new.txt

Octal mode can also be used:

root@host:~# chmod 000 new.txt
---------- 1 root root 22902 May 18 11:51 new.txt
root@host:~# chmod 663 new.txt
- rw- rw- --wx 1 root root 22902 May 18 11:51 new.txt

Permission Modification Tips

Only root and the file owner can change permissions.

If you lack permission, the system rejects the command.

The system checks owner permissions first, then group, then others.

Root has unrestricted privileges.

Executable permission (x) applies to executable files; ordinary files usually lack x.

chown and chgrp Commands

Syntax: chown user file

Function: Change file or directory owner.

Syntax: chgrp group file

Function: Change file or directory group.

Both support the -R option for recursive changes.

Example of permission error when a non‑root user tries to change ownership:

hyc@host:~$ chown root new.txt
chown: changing ownership of 'new.txt': Operation not permitted
hyc@host:~$ chgrp root new.txt
chgrp: changing group of 'new.txt': Operation not permitted

Root can perform the change:

root@host:~# chown hyc new.txt
root@host:~# chgrp hyc new.txt

Directory Permission Issues

1. Meaning of rwx on a directory

Without read (r) you cannot list contents; without write (w) you cannot create files; without execute (x) you cannot enter the directory.

hyc@host:~$ chmod u-r new
d-wxrwxr-x 2 hyc hyc 4096 May 26 15:41 new
ls new
ls: cannot open directory 'new': Permission denied

hyc@host:~$ chmod u-w new
dr-xrwxr-x 2 hyc hyc 4096 May 26 15:41 new
touch ./new/my.txt
touch: Permission denied

hyc@host:~$ chmod u-x new
drw-rwxr-x 2 hyc hyc 4096 May 26 15:41 new
cd new
bash: cd: new: Permission denied

2. How Linux isolates multiple users

Each user's "other" permissions are typically disabled, preventing cross‑user access.

3. Default permissions and umask

Files start with 666, directories with 777. umask masks bits; final permission = start permission & (~umask).

Typical umask values: root 022, regular user 002.

root@host:~# umask
0022

umask removes bits from the default permission, allowing administrators to define safer defaults.

4. Sticky Bit

The sticky bit prevents users from deleting or renaming files they do not own in a shared directory. chmod +t /shared/directory Effects:

Only root can delete files. Only the file owner can delete their file. Only the directory owner can delete files within it.