Unlock Linux Permissions: Master Users, Groups, and Access Controls

Linux Permissions: A Hidden Poem of Power and Elegance

Shell

Linux

is an open‑source, Unix‑based operating system known for its flexibility, stability, and performance across servers, embedded systems, supercomputers, and desktops.

The Linux Kernel is the core that interacts directly with hardware and provides system services to user space.

Linux Kernel responsibilities:

Hardware abstraction : abstracts CPU, memory, disks, etc., into usable interfaces.

Resource management : allocates CPU time, memory, file systems, and other resources.

System call interface : offers APIs for user programs to request kernel services.

Device drivers : manage hardware devices such as keyboards, monitors, and network cards.

Users interact with the kernel indirectly through a Shell , a command interpreter that translates user commands into system calls.

Main functions of a shell:

Command parsing : interprets and executes commands like file operations and program runs.

Script support : runs shell scripts for automation.

User environment : allows execution of programs, file management, and system configuration.

User Permissions

In Linux, root users have unrestricted access, while regular users have limited privileges.

root user: super‑administrator with full system rights.

Regular user : limited permissions for everyday tasks.

Prompt symbols differ: # for root, $ for regular users.

Switching Users

Switch from a regular user to root using su and entering the root password. su Switch from root to a regular user using exit or su username.

exit

su username

Use su - to start a new login session, resetting the working directory. su - Root's default directory is /root; regular users default to /home/username.

sudo

Regular users can execute privileged commands with sudo, which temporarily elevates privileges without logging in as root.

To grant sudo rights, add the user to the /etc/sudoers file (e.g., via vim /etc/sudoers). vim /etc/sudoers Example: sudo apt update The system prompts for the current user's password, then runs the command with root privileges.

File and Directory Permissions

Accessors

Each file or directory has three types of accessors:

Owner (User) : the file's owner.

Group : a set of users sharing permissions.

Others : all other users.

Permission Representation

Permissions are expressed with rwx symbols:

r (read): view file contents or list directory entries.

w (write): modify file contents or create/delete entries in a directory.

x (execute): run a file as a program or enter a directory.

Example permission string: -rwxr-xr-- (file type, owner rwx, group r‑x, others r‑‑).

Permissions can also be shown in octal form, where r=4, w=2, x=1. For example, 754 corresponds to rwxr‑xr‑‑.

chmod 754 file.txt  # sets rwxr-xr--

Modifying Permissions

Using chmod:

chmod u+x file.txt   # add execute for owner

chmod g-w file.txt   # remove write for group

chmod o+r file.txt   # add read for others

chmod 754 file.txt   # set rwxr-xr-- using octal

Recursive change: chmod -R 755 /path/to/directory Changing ownership with chown and chgrp:

chown user file.txt

chgrp group file.txt

chown user:group file.txt

Recursive ownership change:

chown -R user:group /path/to/directory

umask

umask

(User File Creation Mode Mask) defines default permission masks for newly created files and directories.

Default permissions: files 666, directories 777, then masked by umask.

Typical umask value is three octal digits, each representing bits to mask for owner, group, and others (e.g., 0002 masks write for others).

umask

umask 022

Directory Permissions

Directory permissions differ slightly:

Read (r) : list contents (requires execute to access).

Write (w) : create, delete, rename entries (requires execute).

Execute (x) : enter the directory.

Sticky Bit

The sticky bit ( t) ensures that within a directory, only the file owner, directory owner, or root can delete or rename files, even if others have write permission.

Commonly used on shared directories like /tmp: drwxrwxrwt # t indicates sticky bit is set Set or remove sticky bit with chmod:

chmod +t directory   # add sticky bit

chmod -t directory   # remove sticky bit