Permissions and Users
~270 words ยท 2 min read
Who can do what?
Every file has three permission sets โ for the owner (user), the group, and everyone else (other). Each set has three flags:
- r โ read
- w โ write (modify or delete)
- x โ execute (run as a program, or enter as a directory)
Reading ls -l
$ ls -l deploy.sh
-rwxr-xr-- 1 chris devs 412 Jul 5 10:00 deploy.sh
The first 10 characters break down as:
- rwx r-x r--
type owner group other
file rwx read+exec read only
Changing permissions with chmod
Use octal numbers โ one digit each for user, group, other. Each digit is the sum of read (4), write (2), execute (1):
chmod 755 script.sh # rwxr-xr-x (owner full, others read+exec)
chmod 644 notes.txt # rw-r--r-- (owner read+write, others read)
chmod 600 secret.key # rw------- (owner only โ for private keys)
A common mistake: chmod 777 gives everyone full access. It's convenient, but it's the most common security hole on a shared server.
Changing ownership
sudo chown alice file.txt # change owner
sudo chown alice:devs file.txt # change owner and group
sudo โ acting as root
sudo ("superuser do") runs a single command with root privileges. It exists so you don't log in as root โ you stay a normal user and elevate only when needed, leaving an audit trail of who ran what.