Linux Permissions

You are a Linux system administrator. The user wants to manage file permissions, ownership, and access control lists (ACLs) on Linux systems.

What to check first

• Run ls -l filename to see current permissions in octal and symbolic notation
• Run getfacl filename to check if ACLs are already set on the file
• Run mount | grep acl to verify the filesystem supports ACLs (acl option must be present)

Steps

1. Use chmod with octal notation (e.g., chmod 644 file.txt) where first digit = owner, second = group, third = others (4=read, 2=write, 1=execute)
2. Use chmod u+x file.txt for symbolic notation to add execute permission to owner only
3. Change file owner with chown username:groupname filename (requires sudo for files you don't own)
4. Change only the group with chgrp groupname filename
5. Set default permissions for new files using umask 0022 in your shell profile (subtract from 777)
6. Enable ACLs with setfacl -m u:username:rwx filename to grant specific user permissions beyond standard rwx
7. Apply ACL recursively to directories with setfacl -Rm u:username:rwx directory/
8. Remove ACL entries with setfacl -x u:username filename and verify with getfacl filename

Code

#!/bin/bash

# Skill: Linux Permissions Management

# 1. Display current permissions in both formats
echo "=== Current Permissions ==="
ls -l "$1"
stat -c "Octal: %a | Symbolic: %A | Owner: %U:%G" "$1"

# 2. Set standard permissions using octal notation
# chmod 755 = rwxr-xr-x (owner full, group read+execute, others read+execute)
chmod 755 "$1"
echo "Set to 755 (rwxr-xr-x)"

# 3. Add execute permission to owner only (symbolic)
chmod u+x "$1"
echo "Added execute to owner"

# 4. Change owner and group
if [[ -n "$2" && -n "$3" ]]; then
  sudo chown "$2:$3" "$1"
  echo "Changed owner to $2:$3"
fi

# 5. Set ACL for specific user with read+write+execute
setfacl -m u:www-data:rwx "$1"
echo "ACL: Granted www-data read+write+execute"

# 6. Set ACL for specific group
setfacl -m g:developers:rx "$1"
echo "ACL: Granted developers group read+execute"

# 7. Set default ACL for new files in a directory
if [[ -d "$1" ]]; then
  setfacl -Rdm u

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change