Chapter 6. Managing Files and Directories

Linux provides strong basic controls for access to files and directories with configurable privileges. Every file and directory has three levels of ownership, including user, group, and other; and multiple levels of access, including read, write, and execute. You can protect your personal files and control who has access to them, and the root user can manage access to commands, scripts, shared files, and system files.

Even when you are using stronger access control tools—tools such as SELinux or AppArmor—it is still important to get the fundamentals right.

On a Linux system, both human users and system services have user accounts. Some system services need user accounts to control privileges, just like human users.

Every file has three types of ownership: owner, group, and other (sometimes other is expressed as world). The owner is a single user, the group owner is a single group, and other is everyone else who has access to the file.

Every file has six permission modes—read, write, and executable—and three special modes: the sticky bit, setuid, and setgid.

File permissions control which users can create, read, edit, or delete a file, and which users can execute a command. The special modes control who can move, delete, or rename a file, and who can execute a command with elevated privileges.

Directory permissions control which users can edit or enter a directory and who can read, edit, add, or remove files from a directory.

Remember the ...