linux-permissions-guide

This repository provides a comprehensive guide to managing file and directory permissions in Linux. Includes examples, explanations, and use cases.

Commands Covered

File Permissions

• Grant permissions: chmod
• Recursive changes: chmod -R
• Default permissions: umask
• Special permissions: SUID, SGID, and sticky bit

Ownership Management

• Change owner: chown
• Change group: chgrp

Special Permissions

1. SUID: Execute files with owner's privileges.
2. SGID: Execute files with group privileges or maintain group ownership in directories.
3. Sticky Bit: Restricts file deletion to the owner.

Details of Permissions

The rest of the string (e.g., rw-r--r-- or rwxr-xr-x) represents the permissions for the file or directory. These are broken into three groups:

1.User (owner)

The first three characters (rw- or rwx) specify the permissions for the file's owner.

r: Read permission.

w: Write permission.

x: Execute permission (or access for directories).

2.Group

The middle three characters (r-- or r-x) specify the permissions for the group associated with the file.

3.Others

The last three characters (r-- or r-x) specify permissions for everyone else (other users).

Example Usage

Granting Permissions

1. Granting Permissions to Others

• Explanation:
  • Grants read (r), write (w), and execute (x) permissions to others for file f1.
  • In the output of ls -l, the first character of each line indicates the type of the file:
    • Regular file: -
    • Directory: d

2. Granting Permissions to Group

• Explanation: Grants rwx permissions to the group for f1.

3. Granting Permissions to User

• Explanation: Grants rwx permissions to the file owner (user).

4. Removing All Permissions for User

• Explanation: Removes all permissions (rwx) for the owner.

5. Granting Write Permission to All

• Explanation: Grants write (w) permission to all users, removing any other permissions.

Numeric Permissions

6. Setting Specific Permissions Using Octal Notation

for folder : Read(4) Write(2) Execute(1)

for file : Read(4) Write(2)

• Explanation: Sets permissions for xyz as follows:
  • Owner: Read (4) + Write (2) = 6
  • Group: Write (2) + Execute (1) = 3
  • Others: Execute (1) = 5

7. Change Permissions Recursively

• inside file permission not change but we use -R then

• Explanation: Recursively sets 222 (write-only) permissions for all files and directories within xyz.

Default Permissions and umask

8. Check default permissions for directories and files

• Explanation: The default umask is 022, resulting in
  • Directories: 777 - 022 = 755 (drwxr-xr-x).
  • Files: 666 - 022 = 644 (-rw-r--r--).

9. Change umask and verify its effect

• Explanation: umask 444: New permissions for directories will be 333 (d-wx-wx-wx).

Ownership Management

10. Change file owner (user)

• Explanation: chown jack xyz: Transfers ownership of xyz to the user jack.

11. Change file owner (group)

• Explanation: chgrp A1 xyz: Sets the group owner of xyz to A1.

12. Change both user and group ownership

• Explanation: chown tom:B1 xyz: Assigns ownership of xyz to user tom and group B1.

Special Permissions

🔐 1. SetUID on a Script or Binary (File)

📘 Use Case: Let’s say you have a script that updates system logs, but you want normal users to be able to run it with root privileges.

⚠️ Note: SetUID only works on binaries, not on scripts like .sh (on most systems, for security reasons).

✅ Example: SetUID on a binary Create a simple C program:

// hello.c
#include <stdio.h>
int main() {
    printf("Hello from SetUID binary!\n");
    return 0;
}

Compile it:

gcc hello.c -o hello

Change owner to root:

sudo chown root:root hello

Set SetUID:

sudo chmod u+s hello

Check permissions:

ls -l hello

Output:

-rwsr-xr-x 1 root root 12345 hello

✅ Now if a normal user runs ./hello, it executes with root’s permissions.

📁 2. SetGID on a Folder

📘 Use Case: You have a shared folder /data for team members in group devops. You want all new files inside it to inherit the group devops.

✅ Example:

# Create group and folder
sudo groupadd devops
sudo mkdir /data
sudo chgrp devops /data

SetGID on folder sudo chmod 2775 /data Check:

ls -ld /data

Output:

drwxr-sr-x 2 root devops 4096 /data

All files created inside /data will automatically belong to group devops, even if created by another user.

🧪 Test:

touch /data/testfile
ls -l /data

You’ll see:

-rw-r--r-- 1 user devops 0 testfile

📂 3. Sticky Bit on a Folder

📘 Use Case: You have a public folder where all users can create files, but only the file owner can delete their own files.

Common on /tmp

✅ Example:

sudo mkdir /public
sudo chmod 1777 /public

Check:

ls -ld /public

Output:

drwxrwxrwt 2 root root 4096 /public

The t means Sticky Bit is set.

🧪 Test:

User A creates a file

User B can see it but cannot delete it

🔢 Summary Table

Type	    Symbol	  Numeric	   Example Command
SetUID	  s (user)	    4	       chmod u+s binary_file or chmod 4755 file
SetGID	  s (group)	    2          chmod g+s folder/ or chmod 2755 folder/
Sticky	  t (others)	    1	       chmod +t folder/ or chmod 1777 folder/