Master Linux Permissions: Users, Groups, chmod, chown, and Sticky Bit Explained

1. Linux Users: Root and Regular Users

Linux defines two main user types: the superuser root, who can perform any operation without restriction, and regular users, whose actions are limited by permissions. Use whoami to identify the current user. The command prompt shows # for root and $ for regular users.

su Command

Switch users with su. To become a regular user from root, run su username. To become root from a regular account, run su and enter the root password.

sudo Command

sudo

grants temporary elevated privileges for specific commands. If a user is not listed in /etc/sudoers, sudo will fail; an administrator must add the user to the sudo or wheel group.

2. Linux Permission Model

2.1 File Access Roles

Permissions are expressed as role + target attribute . Roles include:

Owner (User, u)

Group (g)

Others (o)

Each role can have read ( r), write ( w), and execute ( x) bits.

Example: drwxr-xr-x 2 root root 4096 Dec 1 17:53 code/ – owner has rwx, group has r-x, others have r-x.

2.2 File Types and Permission Representation

File type is indicated by the first character: d for directories, - for regular files. Permission bits are shown as rwx triples. Numeric (octal) notation combines the three bits: rw- rw- r-- → binary 110 110 100 → octal 664.

drwxr-xr-x  2 root root 4096 Dec 1 17:53 code/

2.3 chmod – Changing Access Rights

Use chmod to modify permissions: chmod u-r file – remove read from owner. chmod u+r file – add read to owner. chmod g-r file – remove read from group. chmod g+r file – add read to group.

Symbolic changes can also be expressed in octal, e.g., chmod 666 file sets rw‑rw‑rw‑.

2.4 Changing Ownership – chown and chgrp

chown

changes the file owner, while chgrp changes the owning group. Examples:

# Change owner from root to a regular user
chown user file

# Change group from root to a regular group
chgrp group file

Ordinary users cannot change ownership of files they do not own without elevated privileges.

2.5 Directory Permissions

Directory access follows the same rwx model, but the meaning differs:

If a directory lacks r, its contents cannot be listed.

If it lacks w, new files cannot be created inside.

2.6 Default Permissions and umask

New files start with a base mode (666 for regular files, 777 for directories). The system’s umask masks out bits: final = base & ~umask. Adjusting umask controls default permissions for newly created files and directories.

2.7 Sticky Bit

The sticky bit (set with chmod +t directory) restricts deletion/renaming of files within a shared directory to the file’s owner or root, even if other users have write permission on the directory. This is commonly used on /tmp to prevent users from removing each other’s files.

# Enable sticky bit on a directory
chmod +t /shared
# Disable sticky bit
chmod -t /shared

Key Takeaways

Only the file owner can change its permissions; others are limited by role hierarchy (owner → group → others).

Root bypasses all permission checks.

Understanding symbolic vs. numeric chmod, chown/chgrp, umask, and the sticky bit is essential for secure Linux administration.