Linux Tutorial — Part 3: File Permissions & Ownership
Linux is a multi-user system. Permissions control who can read, modify, or execute each file. Understanding permissions is not optional — it is one of the most important concepts in Linux security, system administration, and DevOps.
The Permission Model
Every file and directory in Linux has three permission sets and three types of permissions:
-rwxr-xr-- 1 suraj developers 4096 Mar 10 script.sh
||||||||||| | |
|||------ Owner Group
||| r-x = Group can read and execute
|||
rwx = Owner can read, write, execute
- = regular file
d = directory
l = symbolic linkUnderstanding r, w, x
- r (read) — Can read the file's content. For directories: can list contents.
- w (write) — Can modify the file. For directories: can create/delete files inside.
- x (execute) — Can run the file as a program. For directories: can enter (cd into) the directory.
Numeric Permissions
Each permission has a number value: r=4, w=2, x=1. Add them together:
7 = rwx (4+2+1) — Full permissions
6 = rw- (4+2) — Read and write
5 = r-x (4+1) — Read and execute
4 = r-- (4) — Read only
0 = --- — No permissions
# Common patterns:
755 = rwxr-xr-x (Owner: full, Group/Others: read+execute)
644 = rw-r--r-- (Owner: read+write, Group/Others: read only)
600 = rw------- (Owner only: read+write)
777 = rwxrwxrwx (Everyone: full — use carefully!)chmod — Changing Permissions
chmod 755 script.sh # Make script executable
chmod 644 config.txt # Standard file permissions
chmod 600 private.key # Private key — owner only
chmod +x deploy.sh # Add execute for all
chmod -w file.txt # Remove write for all
chmod u+x script.sh # Add execute for user only
chmod -R 755 directory/ # Apply recursivelychown — Changing Ownership
chown suraj file.txt # Change owner
chown suraj:developers file.txt # Change owner and group
chown -R suraj:suraj /var/www/ # Recursive ownership changesudo — Running as Root
Some system operations require root (administrator) privileges. sudo lets authorized users run commands as root:
sudo apt update # Update package list
sudo apt install nginx # Install software
sudo systemctl start nginx # Start a service
sudo chmod 755 /etc/myapp.conf # Change protected file permissions
sudo -i # Open root shell (use carefully)Users and Groups
whoami # Current user
id # Current user's UID, GID, groups
groups # Groups current user belongs to
sudo adduser newuser # Create a new user
sudo passwd newuser # Set password
sudo usermod -aG sudo newuser # Add user to sudo group
cat /etc/passwd # List all usersThe .ssh Directory Permissions
SSH key security depends on correct permissions — this is critical for cloud server access:
chmod 700 ~/.ssh # .ssh directory
chmod 600 ~/.ssh/id_rsa # Private key — MUST be 600
chmod 644 ~/.ssh/id_rsa.pub # Public keyIf private key permissions are too open, SSH will refuse to use it and give a "WARNING: UNPROTECTED PRIVATE KEY FILE!" error.
In Part 4, we will cover text processing commands — grep, sed, awk, find — the tools that make Linux incredibly powerful for data processing.
The setuid, setgid, and Sticky Bit
Beyond the standard read-write-execute permissions, Linux has three special permission bits. The setuid bit (numeric 4000) on an executable file means the program runs with the permissions of the file's owner, not the user who launched it. This is how passwd (the password-changing command) allows regular users to write to the system password file — it runs as root regardless of who invokes it. The setgid bit (numeric 2000) on a directory causes new files created in that directory to inherit the directory's group ownership rather than the creating user's group — useful for shared project directories. The sticky bit (numeric 1000) on a directory (common on /tmp) means only the file's owner, the directory's owner, or root can delete files — preventing users from deleting each other's temporary files.
Access Control Lists (ACLs)
Standard Unix permissions allow only one owner, one group, and a set of "other" permissions. Access Control Lists (ACLs) extend this model to allow specific permissions for multiple users and groups on a single file. Use getfacl filename to view ACLs and setfacl -m u:username:rwx filename to grant specific permissions to a named user. ACLs are essential in enterprise environments where complex permission requirements cannot be satisfied by the standard three-user model. Most modern Linux filesystems (ext4, XFS) support ACLs natively.
Practice Exercise
Create a shared directory scenario: make a directory called /tmp/team_project, set it to group ownership of a specific group (create the group with groupadd), apply the setgid bit so new files inherit the group, and set permissions so that only the group can write to it. Then add another user using useradd (or check your existing user), add them to the group with usermod -aG, and verify that files created by both users inherit the group ownership.
Linux in Your Daily Engineering Practice
Linux command-line proficiency is not something you learn once and then stop improving. It is a skill that deepens continuously as you encounter new tools, new use cases, and new problems to solve. The engineers who are most effective at the command line did not become that way by reading comprehensive guides — they became that way by spending years solving real problems at the terminal, gradually accumulating a toolkit of commands, aliases, scripts, and muscle memory. The best approach is to use Linux for real work as much as possible, to look up better ways to do things you already do, and to make note of efficient patterns you observe in others' work. Over time, the terminal becomes faster than any GUI for the tasks you do repeatedly.