File Permissions
in Linux
Used Linux commands to audit and update file permissions across a research team's project directory — enforcing the principle of least privilege and removing unauthorised write access from files, hidden files, and directories.
Overview
The Task
The research team required updated file permissions for files and directories within their projects directory. The existing permissions did not reflect the correct level of access for each user type, creating a security risk.
I used Linux commands to check the current state of permissions, then applied targeted chmod changes to bring each file and directory in line with the organisation's access policy.
Understanding Permissions
Reading the Permission String
Linux represents permissions as a 10-character string. Each character position has a specific meaning — understanding this is the foundation of permission management.
# Example output from ls -la
-rw-rw-r-- 1 user group 1234 Jan 01 project_t.txt
drwx--x--- 2 researcher2 group 4096 Jan 01 drafts
d = directory. - = regular file. This is the first thing to check to understand what you're working with.
Read, write, and execute permissions for the file owner. A hyphen (-) means that permission is not granted.
Read, write, and execute permissions for the owning group. Typically more restricted than the user owner.
Permissions for all other users on the system. This should typically be the most restricted — least privilege applies here most strongly.
Regular file. User has read+write. Group has read+write. Other has read only. No one has execute.
Files beginning with a period are hidden. They only appear with ls -la and are managed with chmod the same way as regular files.
What I Did
Step-by-Step Changes
Audited the directory
Used ls -la to list all contents including hidden files, reviewing the 10-character permission string for each item.
Removed write access from "other" on project_k.txt
The organisation's policy states other should not have write access to any file. Used chmod o-w project_k.txt to remove it.
chmod o-w project_k.txt
ls -la
-rw-rw-r-- 1 user group project_k.txt
Hardened the hidden archive file .project_x.txt
The archived file should have no write access for anyone, but user and group should retain read access. Used chmod u-w,g-w,g+r .project_x.txt.
chmod u-w .project_x.txt
chmod g-w,g+r .project_x.txt
-r--r--r-- 1 user group .project_x.txt
Restricted the drafts directory to researcher2 only
Only researcher2 should have execute access to the drafts directory. The group previously had execute permissions, so these were removed with chmod g-x drafts.
chmod g-x drafts
drwx--x--- 2 researcher2 group drafts
Key Takeaways
What This Demonstrates
ls -la and chmod — to audit and enforce file system permissions.Video Demo
Watch the Demo
A live walkthrough of the Linux commands used in this project. Use the speed controls to watch at your preferred pace.