Set Standard Permissions & Interpret Security Effects
CIS126RH | RHEL System Administration 1 Mesa Community College
Learning Objectives
1
Interpret permission strings
Read and understand rwx notation in ls -l output
2
Set permissions with chmod
Use symbolic and octal methods to modify access
3
Understand owner, group, and other
Know how Linux determines which permissions apply
4
Analyze security implications
Evaluate the effects of different permission settings
The Linux Permission Model
Every file and directory has three sets of permissions for three categories of users:
Owner (u)
The user who owns the file
Group (g)
Members of the file's group
Other (o)
Everyone else on the system
Key Concept: Linux checks permissions in order: owner first, then group, then other. Once a match is found, those permissions apply — and no further checks are made.
Permission Types: r w x
Permission
Symbol
On Files
On Directories
Read
r
View file contents
List directory contents (ls)
Write
w
Modify file contents
Create/delete files in directory
Execute
x
Run as program/script
Enter directory (cd)
Important: Without x on a directory, you cannot cd into it even if you have r permission. Execute is required to access directory contents.
Reading Permission Strings
# Example ls -l output-rwxr-xr-- 1 alice developers 4096 Dec 5 10:30 script.sh
-
r
w
x
r
-
x
r
-
-
Position 1: File type (- = file, d = directory, l = link)
Positions 2–4: Owner permissions (rwx)
Positions 5–7: Group permissions (r-x)
Positions 8–10: Other permissions (r--)
Octal Notation
Each permission has a numeric value:
r
4
w
2
x
1
Add values for each category, then combine three digits:
rwx = 4+2+1 = 7
r-x = 4+0+1 = 5
r-- = 4+0+0 = 4
Combined: 754
chmod Symbolic Mode
# Syntax: chmod [who][operator][permission] file
Who
u — owner (user)
g — group
o — other
a — all (u+g+o)
Operators
+ — add permission
- — remove permission
= — set exactly
# Examples
chmod u+x script.sh # Add execute for owner
chmod g-w file.txt # Remove write from group
chmod o=r document.pdf # Set other to read only
chmod a+r public.html # Add read for everyone
chmod ug+rw,o-rwx secret # Multiple changes at once
# Change owner only
chown alice file.txt
# Change owner and group
chown alice:developers file.txt
# Change group only
chown :developers file.txt
# Recursive — entire directory tree
chown -R alice:team /project
Syntax:chown owner:group file — either part can be omitted to change just one.
Security: Only root can change file ownership. This prevents users from escaping quota limits or hiding malicious files.
Changing Ownership — chgrp
# chgrp — change group only
chgrp developers file.txt
chgrp -R webteam /var/www
# Verify ownership
stat -c "%U:%G" file.txt
alice:developers# Check your own group membership
groups
alice developers wheel
Regular users can use chgrp but only to groups they already belong to. Group membership changes require logout/login to take effect.
Security Implications
Common Security Mistakes
chmod 777 — Never use! Anyone can modify or execute
World-writable directories — Allow file deletion by anyone
Executable config files — Config files rarely need x
Overly permissive /home — Others should not read your files
Best Practices
Start restrictive (600/700), add permissions as needed
SSH keys must be 600 or SSH refuses to use them
Web files: 644 for files, 755 for directories
Use groups for team collaboration instead of world permissions
Viewing & Troubleshooting
# View permissions
ls -l file.txt
-rw-r--r-- 1 alice developers 1024 Dec 5 script.sh# View octal permissions
stat -c "%a %n" file.txt
644 file.txt# Find files with exactly 777 permissions
find /path -perm 777 -type f
# Find world-writable files (security audit)
find /path -perm -002 -type f
Troubleshooting "Permission denied"? Check:
1) The file's permissions 2) Directory permissions on every element of the path 3) Your user/group membership
Real-World Scenarios
Scenario 1: Web server reads but cannot modify files