File and Dir Permission

🔹 Linux File & Folder Permissions (Real-World Scenarios)

This guide covers: ✅ Understanding permissions (rwx, 777, 644, etc.) ✅ Setting & modifying permissions with chmod, chown, chgrp ✅ Real-world enterprise scenarios ✅ Advanced Access Control (ACLs, sticky bit, setuid, setgid) ✅ Common issues & solutions

🔹 Step 1: Understanding File Permissions

🔹 View file permissions using ls -l

ls -l /opt/project/file.txt

👀 Example Output:

-rw-r--r-- 1 alice developers 2048 Feb 24 10:30 file.txt

Section

Meaning

-rw-r--r--

Permissions (Owner, Group, Others)

1

Number of hard links

alice

File owner

developers

File group

2048

File size (bytes)

Feb 24 10:30

Last modified date

🔹 Step 2: Understanding Permission Codes (777, 644, etc.)

Permission

Octal Code

Meaning

rwxrwxrwx

777

Everyone has full access (BAD PRACTICE)

rw-r--r--

644

Owner can read/write, others can only read (DEFAULT)

rwxr-xr-x

755

Owner can edit, others can only execute & read

rwx------

700

Only owner has full control (private files)

r--r--r--

444

Read-only for everyone

🔹 Step 3: Changing Permissions with `chmod`

3.1 Using Numeric Codes (Octal Method)

🔹 Give full access to everyone (777)

chmod 777 file.txt

🚨 Real-World Warning: Never use 777 on important files – it gives full access to anyone!

🔹 Set read/write for owner, read for others (644)

chmod 644 file.txt

🔹 Make a script executable (755)

chmod 755 script.sh

3.2 Using Symbolic Method (r, w, x)

🔹 Give only the owner write access

chmod u+w file.txt

🔹 Remove execute permission for the group

chmod g-x script.sh

🔹 Give everyone execute permission

chmod a+x script.sh

✅ Common Issue: Permission Denied 🔹 Check if the file has execute permission

ls -l script.sh

🔹 Fix it:

chmod +x script.sh

🔹 Step 4: Changing Ownership with `chown`

🔹 Change file owner to alice

sudo chown alice file.txt

🔹 Change both owner (alice) and group (developers)

sudo chown alice:developers file.txt

✅ Common Issue: "Operation not permitted" error 🔹 Fix: Use sudo

sudo chown alice:developers file.txt

🔹 Step 5: Managing Group Access with `chgrp`

🔹 Change group ownership to developers

sudo chgrp developers file.txt

🔹 Step 6: Advanced File Permissions

6.1 Setting Default Permissions with `umask`

🔹 Check current default permissions

umask

👀 Output Example:

This means new files will have 644 permissions by default.

🔹 Change default permissions for new files

umask 0027

This will make new files 640 (owner read/write, group read, others no access).

6.2 Special Permissions (SetUID, SetGID, Sticky Bit)

🔹 SetUID (Run as file owner, not user running it)

chmod u+s script.sh

📌 Example: /bin/passwd uses SetUID to allow normal users to change their passwords.

🔹 SetGID (Inherit group ownership in a folder)

chmod g+s /opt/project

📌 Use case: Ensures new files in /opt/project belong to developers group.

🔹 Sticky Bit (Prevent deletion by non-owners)

chmod +t /var/tmp

📌 Use case: /tmp directory has a sticky bit so users can’t delete each other’s files.

✅ Common Issue: Users can delete each other’s files in shared folders 🔹 Fix: Apply the sticky bit

chmod +t /shared-folder

🔹 Step 7: Real-World Enterprise Scenarios

7.1 Scenario: Dev Team Needs Access to `/opt/project`

👩‍💻 Requirement:

Developers can read/write files
Admins have full access
Others have no access

✅ Solution:

sudo groupadd developers
sudo chown -R root:developers /opt/project
sudo chmod 2770 /opt/project

👀 Breakdown:

chown -R root:developers /opt/project → Sets group ownership
chmod 2770 /opt/project → Enables SetGID so new files inherit developers group

7.2 Scenario: Secure Log Files from Unauthorized Access

👨‍💻 Requirement:

Only admins can read logs
Developers should not access them

✅ Solution:

sudo chmod 640 /var/log/syslog
sudo chown root:admins /var/log/syslog

👀 Now only admins can view logs!

🚀 Summary: What We've Covered

✔ Understanding rwx and permission codes (777, 644, etc.) ✔ Modifying permissions with chmod (numeric & symbolic) ✔ Changing ownership with chown & chgrp ✔ Advanced file access (SetUID, SetGID, Sticky Bit) ✔ Real-world scenarios (Dev team access, securing logs, etc.)

Next: Do you want to cover SELinux & AppArmor for enhanced security? 🔥

PreviousUser & Group Management NextCPU/Disk/Memory related task

Last updated 11 months ago

hashtag🔹 Linux File & Folder Permissions (Real-World Scenarios)

hashtag🔹 Step 1: Understanding File Permissions

hashtag🔹 Step 2: Understanding Permission Codes (777, 644, etc.)

hashtag🔹 Step 3: Changing Permissions with chmod

hashtag3.1 Using Numeric Codes (Octal Method)

hashtag3.2 Using Symbolic Method (r, w, x)

hashtag🔹 Step 4: Changing Ownership with chown

hashtag🔹 Step 5: Managing Group Access with chgrp

hashtag🔹 Step 6: Advanced File Permissions

hashtag6.1 Setting Default Permissions with umask

hashtag6.2 Special Permissions (SetUID, SetGID, Sticky Bit)

hashtag🔹 Step 7: Real-World Enterprise Scenarios

hashtag7.1 Scenario: Dev Team Needs Access to /opt/project

hashtag7.2 Scenario: Secure Log Files from Unauthorized Access

hashtag🚀 Summary: What We've Covered

hashtagNext: Do you want to cover SELinux & AppArmor for enhanced security? 🔥