Linux in Action: Understanding Basic File and Directory Permissions

Introduction

In the world of Linux, permissions serve as a foundational security layer. They determine who can read, write, or execute a directory or file, providing crucial access control in multi-user environments.

In this article, we’ll focus on Basic Permissions — the first of three key types (Basic, ACLs, and Special Permissions). We'll explore how Linux handles ownership, how to view and modify permissions, and real-world tips for using chmod, chown, and chgrp securely.

📌 Advanced topics like Access Control Lists (ACLs) and Special Permissions (SetUID, SetGID, Sticky Bit) will be covered in separate articles.

Table of Contents

• What Are Directory Permissions?
• Understanding the Permission String
• Viewing Permissions
• Ownership in Linux
• Modifying Permissions with chmod
• Numeric (Octal) Permissions
• Bonus: The Link Count
• Real-World Use Case: DevOps and RHCSA Practice
• Conclusion

What Are Directory Permissions?

Permissions in Linux define how users can interact with directories. They are set by the superuser or the owner and are essential for securing shared systems.

There are three permission classes:

• User (u): The directory owner
• Group (g): Users in the group assigned to the directory
• Others (o): Everyone else

And three permission types:

• Read (r): List directory contents
• Write (w): Create, delete, or rename files in the directory
• Execute (x): Access the directory and traverse into it

Understanding the Permission String

When you list directories with ls -ld, the output looks like this:

drwxr-xr-- 3 alice devs 4096 May 25 08:00 /opt/project/

Breakdown:

• d indicates it's a directory
• rwx – user (owner) permissions
• r-x – group permissions
• r-- – others' permissions

Viewing Permissions

• Directory permissions:

ls -ld /opt/project/

This allows you to audit directory permissions accurately.

Ownership in Linux

Change Directory Owner:

chown john /opt/project/

Change Group Ownership:

chgrp developers /opt/project/

Change Both Owner and Group:

chown john:developers /opt/project/

Verify with:

ls -ld /opt/project/

Modifying Permissions with chmod

Remove all permissions from others:

chmod o-rwx /opt/project/

Remove write permission from group:

chmod g-w /opt/project/

Remove execute from user:

chmod u-x /opt/project/

Add full permissions to user:

chmod u+rwx /opt/project/

Remove all permissions:

chmod u-rwx,g-rwx,o-rwx /opt/project/

Add all permissions:

chmod ugo+rwx /opt/project/

Set exact permissions:

chmod ugo=r-x /opt/project/

Numeric (Octal) Permissions

Each permission maps to a number:

• Read = 4
• Write = 2
• Execute = 1

You sum these for each class:

chmod 750 /opt/project/

• User: 7 (rwx)
• Group: 5 (r-x)
• Others: 0 (no permissions)

Bonus: The Link Count

When you run ls -ld, the second column is the link count:

drwxr-xr-x 2 john devs 4096 May 25 09:00 /opt/project/

Here, the 2 means this directory has two links: one for itself, and one for . or .. in a subdirectory. This number increases with additional subdirectories, including hidden ones.

📌 For files, the link count remains 1 unless hard links are created.

Real-World Use Case: DevOps and RHCSA Practice

In enterprise DevOps pipelines, directory permissions are often managed as part of automation workflows:

• CI/CD pipelines: Temporary directories created for builds must be secured using chmod 700 to restrict access to build agents only.
• Infrastructure-as-Code (IaC): Tools like Ansible use file modules to set owner, group, and mode for deployment directories.
• Multi-tenant servers: RHCSA best practices recommend separating each application’s working directory and locking them down to only authorized groups.
• Security audits: Enterprises rely on regular scans of /opt, /var/log, /srv, and /home directories to detect misconfigured permissions that can expose sensitive data.

These practices ensure:

• Minimal attack surface
• Reduced risk of privilege escalation
• Compliance with internal ITGC and external regulations (PCI-DSS, ISO27001)

Conclusion

Basic directory permissions are an essential part of system hardening and operational efficiency. With a solid grasp of chmod, chown, and permission strings, you can confidently secure your Linux environment.

🔐 Next up: We’ll explore Access Control Lists (ACLs) and Special Permissions like SetUID, SetGID, and Sticky Bit.

Stay tuned and stay secure. 🛡️

Connect with me on LinkedIn for further discussions and networking opportunities.