Terminal.Drill Get the app
ch04 · foundation · 90-120 min

permissions and users

Read mode bits, ownership, groups, umask, and sudo boundaries before changing access.

You can repair a permission issue without broadening access blindly.

permissionschmodchownsudoumask
Teaching diagramch04 · mental model
-rwxr----- 1 app deploy deploy.sh user rwx group r-- other --- mode = WHAT each class may do ownership owner app : group deploy WHO the classes resolve to umask 0022 subtracts default bits new files: 644 / 755 sudo scoped, after read-only change the narrowest bit, inspect before and after

shows: How a file's access splits into ownership (who) and mode bits (what) per user/group/other class, how umask seeds defaults, and where sudo crosses the boundary.

does not prove: It shows the model, not your case: only running ls -l, stat, id, and sudo -l on the actual file proves who you are and what access you currently hold.

Lessons in this chapter

  1. ch04/l01 Mode bits and symbolic changes chmod u+x Translate `rwx` and octal modes into real access decisions.
  2. ch04/l02 Ownership, groups, and umask chown user:group Separate who owns a file from what permissions allow.
  3. ch04/l03 Sudo and privilege boundaries sudo -l Use elevated privileges as a scoped action, not a working mode.
capstone

permission repair dry run

Diagnose and repair permissions inside a disposable tree using symbolic changes and before/after evidence.

Deliverable

A repair note with owner, group, mode, reason, and verification.

Success criteria

  • No `777` appears.
  • You state who should read/write/execute.
  • Every change has before and after evidence.
Terminal Drill companion

Permissions

After your lab shows before/after mode evidence and no broad 777 shortcuts.

Train after the lesson

Risky -> saferMeaning -> flagsCommand -> mistake