101 Linux Permissions

 Here’s a comprehensive guide to Linux Permissions tailored for FAANG-level interviews—starting from beginner to advanced, along with 10 interview-style questions and answers for practice.

1. Linux Permissions: Beginner to Advanced

1.1 Basics of Linux Permissions

Each file/directory has:

[File Type][Owner][Group][Others]

Example:

-rwxr-xr-- 1 prakash devs 2345 Jun 6 12:00 script.sh

Breakdown:

• - = File (can be d for directory)

• rwx = Owner: read, write, execute

• r-x = Group: read, execute

• r-- = Others: read only

1.2 Types of Permissions

To get octal value:

chmod 754 filename
# => Owner: 7 (rwx), Group: 5 (r-x), Others: 4 (r--)

1.3 Managing Permissions

• View:

  ls -l
  

• Change using symbolic mode:

  chmod u+x file.sh     # Add execute for owner
  chmod g-w file.sh     # Remove write for group
  chmod o=r file.sh     # Set read-only for others
  

• Change using numeric mode:

  chmod 755 file.sh
  

1.4 Ownership

• Change owner:

  chown prakash file.txt
  

• Change group:

  chgrp devs file.txt
  

• Change both:

  chown prakash:devs file.txt
  

1.5 Special Permissions (Advanced)

1.5.1 SetUID (s) — Run as file owner

chmod u+s my_script
ls -l => -rwsr-xr-x

Used in programs like passwd.

1.5.2 SetGID (s) — Run with group permissions

chmod g+s my_script
ls -l => -rwxr-sr-x

1.5.3 Sticky Bit (t) — Protect deletion in shared dirs

chmod +t /tmp
ls -ld /tmp => drwxrwxrwt

1.6 Default Permissions – umask

Check umask:

umask        # e.g., 0022

Meaning:

• File default: 666 – 0022 = 644 (rw-r--r--)

• Dir default: 777 – 0022 = 755 (rwxr-xr-x)

1.7 Recursive Permission Change

chmod -R 755 /var/www
chown -R prakash:www-data /var/www

2. 10 Linux Permission Questions & Answers

Q1. What does chmod 755 file.sh do?

Answer:
Sets permissions to:

• Owner: rwx (7)

• Group: r-x (5)

• Others: r-x (5)

Q2. What is the use of chmod +x script.sh?

Answer:
Adds execute permission for the owner, allowing the script to be run directly.

Q3. What is the difference between chmod 777 and chmod 755?

Answer:

• 777: Everyone has full access (read/write/execute).

• 755: Only owner has write access, others can read/execute but not modify.

Q4. How do you give read & write to owner, read-only to others?

Answer:

chmod 644 file.txt

Q5. What does -rwsr-xr-x mean in ls -l output?

Answer:
SetUID is set:

• File will run with owner’s privileges, not current user’s.

Q6. What does the Sticky Bit do?

Answer:
Prevents users from deleting others’ files in a shared directory like /tmp.
drwxrwxrwt indicates sticky bit set.

Q7. How do you recursively change ownership of a directory and its contents?

Answer:

chown -R user:group /path/to/dir

Q8. Explain what umask 027 means?

Answer:
Default permissions mask:

• For files: 666 – 027 = 640 (rw-r-----)

• For dirs: 777 – 027 = 750 (rwxr-x---)

Q9. What’s the permission number for rw-rw-r--?

Answer:

rw- rw- r-- = 664

Q10. How to give only execute permission to others?

Answer:

chmod o=x file.sh

Bonus Practice Examples

Certainly! Let's break down umask (User Mask or User file creation MASK) in full detail, including concept, default values, calculation logic, and practical examples — especially useful for FAANG-level interviews.

What is umask?

umask defines the default permission bits to subtract from newly created files or directories.

• It doesn’t grant permissions — it masks/restricts them.

• When a user creates a file or directory, Linux applies a default permission first, then subtracts the umask.

Default Permission Values

How umask Works (Step-by-Step)

Let's say:

• umask = 022

For files:

Default:   666
UMASK:     022
Result:    644 → rw-r--r--

For directories:

Default:   777
UMASK:     022
Result:    755 → rwxr-xr-x

So:

• Owner keeps full permissions

• Group & Others lose w permission

Common umask values & their effects

Examples in Shell

🔍 View current umask:

umask
# Output: 0022

 Set umask temporarily:

umask 0027
touch file.txt
mkdir dir1

ls -l
# file.txt => -rw-r-----
# dir1     => drwxr-x---

⚙️ Make umask permanent:

For bash shell, add this to:

vi ~/.bashrc
umask 027

Then:

source ~/.bashrc

Important Rules

1. umask removes bits, not adds them.

2. Files are never given execute (x) by default, even if umask allows it.

3. Directories do get x so you can cd into them.

Interview-ready Example

Q: If a user has a umask of 0077 and runs touch test.txt and mkdir demo, what are the resulting permissions?

Answer:

• Default for file: 666

• umask: 077

• Final: 600 (rw-------)

• Default for dir: 777

• umask: 077

• Final: 700 (rwx------)

So only the owner can read/write/execute. This is a secure configuration.

Visual Table: umask Logic

Absolutely! Let's dive deep into Linux Special Permissions — SetUID, SetGID, and the Sticky Bit — in a clear, detailed, and FAANG-level interview-ready manner with real-world use cases, diagrams (described), and practical examples.

Why Special Permissions Exist

Linux has standard permission bits for:

• User (Owner)

• Group

• Others

But what if you want:

• A user to run a program as root?

• Files in a shared directory to always inherit the same group?

• Prevent users from deleting others’ files in /tmp?

That’s where special permission bits come in.

1. SetUID (Set User ID)

What it Does:

When a binary file has SetUID, any user who executes it temporarily assumes the permissions of the file's owner (usually root).

Real-World Use Case:

• The passwd command allows any user to update their own password, but it needs to write to /etc/shadow, which is owned by root.

• So passwd runs as root, even when executed by a regular user.

Example:

ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 54256 Jan  1 00:00 /usr/bin/passwd
          ^
          └── 's' here means SetUID is ON for user

How to Set:

chmod u+s my_script

🔍 How to Verify:

ls -l my_script
-rwsr-xr-x 1 prakash devs 2345 Jun 6 12:00 my_script

2. SetGID (Set Group ID)

What it Does:

A) On Files:

• The process runs with group permissions of the file, not the executing user.

B) On Directories:

• New files/directories inside the directory will inherit the group ownership of the directory — not the creator's default group.

Real-World Use Case:

• In collaborative environments (e.g., /shared/projects), you want files created by any team member to have the same group, like devs.

Example on Directory:

mkdir shared
chgrp devs shared
chmod g+s shared

ls -ld shared
drwxr-sr-x 2 prakash devs 4096 Jun 6 12:00 shared
           ^
           └── 's' on group means SetGID is ON

Now, any file inside shared/ will automatically belong to group devs.

How to Set on File:

chmod g+s my_binary

How to Set on Directory:

chmod g+s /some/dir

3. Sticky Bit (t)

What it Does:

Only the owner of a file can delete or rename it, even if others have write access to the directory.

Real-World Use Case:

• /tmp directory: World-writable directory used by all users. Without sticky bit, users could delete each other’s temporary files.

Example:

ls -ld /tmp
drwxrwxrwt 10 root root 4096 Jun 6 12:00 /tmp
          ^
          └── 't' means Sticky Bit is set

How to Set:

chmod +t mydir

How to Remove:

chmod -t mydir

Summary Table

Interview-Style Example

Q: A file shows -rwsr-xr-x. What does it mean and why is it used?

Answer:

• The s in user field = SetUID.

• This means: when the file is executed, it runs with the owner's privileges, not the executor’s.

• Common use: commands like passwd which need to access /etc/shadow.

FAANG-Level Takeaway Tips

• Know how SetUID can be a security risk if misused (e.g., privilege escalation).

• Sticky bit is essential for shared directories to prevent accidental file deletion.

• SetGID on directories is useful in CI/CD pipelines and group collaboration.