Master Linux Shell Commands and Permission Management: A Complete Guide

1. Shell command execution principle

1. Shell

Linux as an operating system consists of a kernel; users interact with the kernel through a shell program that provides a user interface. A Linux distribution broadly includes the kernel plus a shell, while narrowly it may refer only to the kernel.

The shell wraps the kernel, allowing users to issue commands efficiently, safely, and at low cost; bash is one type of shell.

Shell command execution process:

Shell has two main roles:

Pass request instructions to the operating system for execution.

Protect the kernel.

2. Why Linux does not let users use the kernel directly

Unlike the Windows GUI where users interact with a graphical interface, Linux users operate through a shell that parses commands and forwards them to the kernel, then returns results.

2. Linux permission concepts

Permission defines whether a specific action is allowed for a particular user. Linux permissions specify who can read, write, or execute files and directories. There are two user types: the superuser (root) whose prompt is "#", and normal users whose prompt is "$".

Superuser : unrestricted access to the system.

Normal user : limited actions.

Users can switch between superuser and normal user (e.g., using ctrl + d to become root).

3. Linux permission management

1. User categories for file access

Three classes of users:

Owner (User) – u

Group (Group) – g

Others – o

2. File types and access permissions

(1) File types

Linux identifies file type by the first character in the long listing (e.g., ls -l).

d: directory<br/>-: regular file (text, libraries, executables, source)<br/>l: symbolic link<br/>b: block device<br/>p: pipe<br/>c: character device<br/>s: socket

(2) Access permissions

Three permissions apply to both files and directories:

r – read (files) or list contents (directories)

w – write (files) or create/delete entries (directories)

x – execute (files) or enter (directories)

3. Permission representation

Permissions can be expressed symbolically or in octal.

(1) Symbolic representation

r-- : read only

-w- : write only

--x : execute only

rw- : read and write

-wx : write and execute

r-x : read and execute

rwx : read, write, and execute

--- : no permission

(2) Octal representation

r-- = 4 (100)

-w- = 2 (010)

--x = 1 (001)

rw- = 6 (110)

-wx = 5 (101)

r-x = 3 (011)

rwx = 7 (111)

--- = 0 (000)

4. Setting permissions

Root is unrestricted; permissions only limit normal users.

(1) chmod – modify file access permissions

Only the file owner or root can change permissions. chmod [options] mode filename Option R applies changes recursively.

Symbolic mode uses user symbols (u, g, o, a) with +, -, or = to add, remove, or set permissions.

+: add permission<br/>-: remove permission<br/>=: set exact permission<br/>u: owner<br/>g: group<br/>o: others<br/>a: all

Example: give the owner execute permission on IP.log:

(2) Octal mode

Example: set IP.log to owner execute only (1), group execute only (1), others no permission (0) → 110:

Root can always read a file regardless of its permission bits.

Directory traversal requires the execute ( x) permission; without it, cd fails even if the directory can be listed.

(3) chown – change file owner

chown [options] user filename

Option -R changes ownership recursively.

Example: change the owner of IP2.log to user Gino (requires root):

(4) chgrp – change file group

chgrp [options] group filename

Option -R changes the group recursively.

Example: change the group of IP2.log to Gino (requires root):

(5) umask – view or modify file creation mask

New files are created with default permissions (usually 777 for files, 777 for directories) but the mask reduces them.

View current mask: umask Typical output shows 0022:

Modify mask (e.g., to 333) changes the default permissions of newly created files and directories:

umask 333

The change only lasts for the current login session; logging out restores the original mask.

(6) Directory permissions

Read permission allows listing contents; write permission allows creating or deleting entries; execute permission allows entering the directory.

(7) Sticky bit

In /tmp, the sticky bit (displayed as t) prevents users from deleting files they do not own, even if the directory is writable.

Example: root creates a directory test with files test1 and test2. After switching to a normal user, the user can delete those files because the directory has write and execute permissions for others. Setting the sticky bit ( chmod +t) stops this behavior.

Only the superuser, the directory owner, or the file owner can delete files in a sticky directory.