Master Linux Permissions: Soar Like an Eagle with Essential Commands

Master Linux Permissions: Soar Like an Eagle

In Linux, permission management controls system security and order. This guide explains the concepts, user categories, switching users, sudo, permission representation, basic permissions, file types, octal notation, and how to modify permissions with chmod, chown, chgrp, umask, and the sticky bit.

Introduction

Linux is a multi‑user operating system; permissions protect resources from unauthorized access or modification. Understanding permissions lets you manage the system confidently and prevent data leaks.

1. Linux Permissions Basics

1.1 Concept and Importance

Permissions determine whether an action is allowed for a user. They are essential for system stability and security.

1.2 Different User Categories

1.2.1 User Classification

Root (superuser) : can do anything; prompt "#". Regular user : limited actions; prompt "$".

1.2.2 Switching Users

Ordinary users may need to switch to gain additional privileges.

Regular user → Superuser

Syntax : su or su - Explanation : Prompts for the root password; password input is hidden.

Superuser → Regular user

Syntax : su [username] Explanation : Superuser can switch without a password; regular users must provide the target user's password.

To exit a switched session, use exit or Ctrl+D.

1.2.3 sudo Command

Syntax : sudo commandX Function : Executes commandX with superuser privileges. Only users listed in /etc/sudoers can use sudo . If a user is not in the whitelist, sudo will be denied.

1.3 Permission Representation

Permissions are shown as a combination of role and attributes.

Use ls -l to view file permissions.

1.3.1 Linux Roles

Owner (u) : file or directory owner. Group (g) : users belonging to the owning group. Others (o) : all other users.

Only one role is matched at a time; the first matching role determines the effective permission.

1.3.2 File Types

- : regular file d : directory l : symbolic link b : block device p : pipe c : character device s : socket

1.3.3 Basic Permissions

Permissions are expressed by nine characters: three for owner, three for group, three for others. Each set uses r (read, 4), w (write, 2), x (execute, 1) or - (no permission).

r : read (4) – files: read contents; directories: list entries. w : write (2) – files: modify contents; directories: create/delete/move files. x : execute (1) – files: run as program; directories: enter. - : no permission.

2. Modifying Permissions

Only the file owner or the superuser can change permissions.

2.1 chmod Command

Syntax : chmod [options] mode file Function : Set access permissions for a file or directory. Common Options : -R for recursive changes. Symbols u , g , o refer to owner, group, others; + and - add or remove permissions.

Permissions can also be expressed in octal notation.

2.1.1 Octal Notation

Read (r) = 4 Write (w) = 2 Execute (x) = 1 None (-) = 0 Example: rwxr-xr-- → 754 (owner 7, group 5, others 4).

Apply with chmod 754 filename.

2.2 chown Command

Syntax : chown [options] user file Function : Change the owner of a file. Example : chown hjz hello.txt makes hjz the owner.

2.3 chgrp Command

Syntax : chgrp [options] group file Function : Change the group ownership of a file or directory. Example : chgrp hjz hello.txt sets the group to hjz .

2.4 umask Command

When creating new files or directories, the system applies a default permission mask.

Default for regular files: 666 Default for directories: 777

The actual permissions are calculated as initial & (~umask). For example, a umask of 022 turns the default 666 into 644 for files.

3. Directory Permissions and Sticky Bit

3.1 Directory Permissions

Execute (x) : required to cd into a directory. Read (r) : required to list directory contents. Write (w) : required to create or delete files inside the directory.

Deletion of a file is governed by the permissions of its containing directory, not the file itself.

3.2 Sticky Bit

The sticky bit ensures that only the file owner, the directory owner, or the superuser can delete or rename files within a directory.

Syntax : chmod +t directory Function : Sets the sticky bit on the directory. Commonly used on /tmp to allow shared temporary files while preventing users from deleting each other's files.