Home Design Work Security Contact
Linux · Access Control

File Permissions
in Linux

Used Linux commands to audit and update file permissions across a research team's project directory — enforcing the principle of least privilege and removing unauthorised write access from files, hidden files, and directories.

Environment
Linux CLI
Commands
ls -la · chmod
Principle
Least Privilege

The Task

The research team required updated file permissions for files and directories within their projects directory. The existing permissions did not reflect the correct level of access for each user type, creating a security risk.

I used Linux commands to check the current state of permissions, then applied targeted chmod changes to bring each file and directory in line with the organisation's access policy.

Reading the Permission String

Linux represents permissions as a 10-character string. Each character position has a specific meaning — understanding this is the foundation of permission management.

# Example output from ls -la -rw-rw-r-- 1 user group 1234 Jan 01 project_t.txt drwx--x--- 2 researcher2 group 4096 Jan 01 drafts
Character 1 — Type
d / -

d = directory. - = regular file. This is the first thing to check to understand what you're working with.

Characters 2–4 — User
rwx

Read, write, and execute permissions for the file owner. A hyphen (-) means that permission is not granted.

Characters 5–7 — Group
rwx

Read, write, and execute permissions for the owning group. Typically more restricted than the user owner.

Characters 8–10 — Other
rwx

Permissions for all other users on the system. This should typically be the most restricted — least privilege applies here most strongly.

Example Read
-rw-rw-r--

Regular file. User has read+write. Group has read+write. Other has read only. No one has execute.

Hidden Files
.filename

Files beginning with a period are hidden. They only appear with ls -la and are managed with chmod the same way as regular files.

Step-by-Step Changes

01

Audited the directory

Used ls -la to list all contents including hidden files, reviewing the 10-character permission string for each item.

02

Removed write access from "other" on project_k.txt

The organisation's policy states other should not have write access to any file. Used chmod o-w project_k.txt to remove it.

chmod o-w project_k.txt ls -la -rw-rw-r-- 1 user group project_k.txt
03

Hardened the hidden archive file .project_x.txt

The archived file should have no write access for anyone, but user and group should retain read access. Used chmod u-w,g-w,g+r .project_x.txt.

chmod u-w .project_x.txt chmod g-w,g+r .project_x.txt -r--r--r-- 1 user group .project_x.txt
04

Restricted the drafts directory to researcher2 only

Only researcher2 should have execute access to the drafts directory. The group previously had execute permissions, so these were removed with chmod g-x drafts.

chmod g-x drafts drwx--x--- 2 researcher2 group drafts

What This Demonstrates

Practical use of Linux CLI tools — ls -la and chmod — to audit and enforce file system permissions.
Understanding of the Linux 10-character permission string and how to read user, group, and other access levels.
Applied the principle of least privilege — removing unnecessary access rather than granting blanket permissions.
Ability to manage hidden files (dot files) using the same permission model as regular files.
Restricted directory-level execute permissions to a specific named user, demonstrating precise access control.

Watch the Demo

A live walkthrough of the Linux commands used in this project. Use the speed controls to watch at your preferred pace.

Speed:
Next Project
Security Audit — Botium Toys →