Permissions & Access Control

Control who can read, write, and execute. The foundation of Linux security.

The Linux Permission Model

Every file and directory in Linux has three permission types for three user categories. Understanding this model is essential for both securing systems and finding privilege escalation vulnerabilities.

Read (4)

View file contents or list directory

Write (2)

Modify file or create/delete in directory

Execute (1)

Run as program or enter directory

Reading Permission Strings

user@linux:~$ ls -la /etc/shadow
-rw-r----- 1 root shadow 1423 Dec 18 16:30 /etc/shadow

# Breaking it down:
# -        = regular file (d = directory, l = link)
# rw-      = owner (root) can read and write
# r--      = group (shadow) can read only
# ---      = others have NO access

Octal	Binary	Permission	Meaning
7	111	rwx	Full access
6	110	rw-	Read + Write
5	101	r-x	Read + Execute
4	100	r--	Read only
0	000	---	No access

Permission Commands

Command	Purpose	Example
`chmod 755 file`	Set permissions (octal)	rwxr-xr-x
`chmod u+x file`	Add execute for user	Symbolic mode
`chown user:group file`	Change owner and group	chown root:www-data
`chgrp group file`	Change group only	chgrp developers

Security Implications

World-Writable Files

chmod 777 = anyone can modify. Never use on scripts or configs!

SUID Bit

Files with SUID run as the owner, not the user. Prime privilege escalation targets.

Sticky Bit

On directories (like /tmp), only owner can delete their files.

hacker@target:~$ find / -perm -4000 2>/dev/null
# Find all SUID binaries - potential privesc vectors!
/usr/bin/passwd
/usr/bin/sudo
/usr/bin/pkexec

LAB: Permission Hunter

You've gained access to a system. Your mission: analyze file permissions, identify security issues, and find SUID binaries that could be used for privilege escalation.

☐ List files with permissions in /var/www

☐ Fix an insecure world-writable config file

☐ Find SUID binaries on the system

☐ Get detailed info on a suspicious binary

perm-hunter

Permission Hunter Lab ===================== You have shell access. Hunt for permission issues! Current directory: /home/user Commands: ls, chmod, find, stat, cd, pwd, help Hint: Check /var/www for web server files...

user@target:~$

PERMISSION HUNT COMPLETE!

You've identified security issues and found privilege escalation vectors!

Skills demonstrated: Permission analysis, SUID hunting, secure file practices.

Ready to Test Your Skills?

Complete the quiz to prove your permission mastery.

Take the Quiz → Back to Script House

Completing CLH-004 to CLH-006 earns: CLI Analyst