Linux Phase 3: Permissions & Ownership
Abdulrahman Ahmad
π― Target Audience: Beginners in DevOps & DevSecOps
π§ Key Concepts: chmod, chown, sudo, file permissions, principle of least privilege
β±οΈ Estimated Read Time: 7-9 minutes
π‘ Outcome: Understand how to manage permissions & ownership for secure automation and system control
π οΈ Series: Part 3 of the βLinux for DevOps Beginnersβ series
π Real-World Focus: Enforce security, automate with confidence, and avoid permission hell in CI/CD pipelines
π§βπ» Why Permissions Really Matter
In the world of DevOps and DevSecOps, youβre not just pushing code, youβre managing infrastructure, securing systems, and automating everything from deployments to monitoring.
That means you must know what a chmod 755 or a sudo chown root:nginx actually does. Without this knowledge, youβre flying blind, or worse, breaking things in production.
This guide will break down Linux permissions and ownership into simple, snackable chunks, with real-life use cases to show how this knowledge powers automation, security, and control.
π Linux Permissions & Ownership 101
π The Linux File Permission Model
Every file and directory in Linux has three types of access for three types of users:
| Who? | What? |
| User (u) | The owner of the file |
| Group (g) | Users who are part of the fileβs group |
| Others (o) | Everyone else |
And they can perform three actions:
| Action | Symbol | Meaning |
| Read | r | View contents |
| Write | w | Modify contents |
| Execute | x | Run the file (scripts/programs) |
π§ Try This:
ls -l
This will list files like so:
-rwxr-xr-- 1 user devops_team 2048 Aug 7 12:00 deploy.sh
π Read this as: User has read/write/execute (
rwx), Group has read/execute (r-x), Others can only read (r--)
π οΈ chmod β> Change Permissions
The chmod command sets who can do what to a file.
Example: Give execute permission to a script
chmod +x deploy.sh
Example: Set exact permissions
chmod 755 deploy.sh
# rwxr-xr-x β owner: all perms, group: read+exec, others: read+exec
Numeric breakdown:
| Number | Meaning |
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r-- |
π’ chmod Numeric Permissions Reference
Each permission is assigned a number:
Read (
r) = 4Write (
w) = 2Execute (
x) = 1
Add them up to get permission numbers:
| User | Group | Others | chmod Value | rwx Representation |
| 7 | 5 | 5 | 755 | rwx r-x r-x |
| 6 | 4 | 4 | 644 | rw- r-- r-- |
| 7 | 0 | 0 | 700 | rwx --- --- |
| 6 | 0 | 0 | 600 | rw- --- --- |
| 7 | 7 | 7 | 777 | rwx rwx rwx |
Use this as your go-to cheat sheet when setting permissions manually.
π§βπ€βπ§ chown β> Change File Ownership
The chown command changes the owner or group of a file.
Example: Change ownership to nginx user
sudo chown nginx:nginx /var/www/html/index.html
π Useful when deploying files through CI/CD where the app server needs ownership.
β‘ sudo β> Superuser Powers
The sudo command lets a user execute commands as root (admin).
Example: Installing a package
sudo apt update && sudo apt install nginx
π Warning: Sudo gives you complete control over the system. Misuse can be catastrophic use it wisely and always double-check.
π Principle of Least Privilege (PoLP)
One of the core DevSecOps security principles:
β Only give the access that's absolutely needed, and nothing more.
Use chmod, chown, and sudo to enforce this:
| Scenario | Permission Strategy |
| Script used in CI pipeline | chmod +x, owned by pipeline user |
| Web server file | chown www-data:www-data |
| Deployment tool config | chmod 600 config.yaml (read/write owner only) |
π€ Real-Life DevOps Use Case
π― Scenario: You're setting up a deployment pipeline for a Node.js app on a Linux server.
πͺ Without permissions knowledge:
Scripts fail with "Permission denied"
Server can't read the app files
CI/CD breaks when trying to overwrite configs
β With permissions mastery:
# Make your start script executable
chmod +x start.sh
# Ensure web user owns files
sudo chown -R nginx:nginx /var/www/myapp
# Secure environment config
chmod 600 .env
Boom π₯: now everything runs smoothly, securely, and automatically.
π Recap
β Linux file permissions control who can do what
β
Use chmod to adjust access rights
β
Use chown to set ownership
β
Use sudo wisely for admin tasks
β Follow PoLP to build secure, reliable systems
If this helped clear the fog around Linux permissions, drop a comment below π Which command tripped you up the most at first: chmod, chown, or sudo?
π Share this with your fellow DevOps beginners
π Revisit Part 1 & Part 2 of the series
π Subscribe to the newsletter to get the next phase: "Linux Phase 4 : Search, Info & Help" π
π¨βπ« About the Author
I'm Abdulrahman A. Muhamad, a DevOps engineer focused on practical security, automation, and reliability. Through blogs and tutorials, I help you master the tools and mindsets that power modern cloud infrastructure.
π LinkedIn
π» GitHub
π My Arabic Blog
Subscribe to my newsletter
Read articles from Abdulrahman Ahmad directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Abdulrahman Ahmad
Abdulrahman Ahmad
π Code. Automate. Innovate. Hi, Iβm Abdulrahman, a passionate DevOps Engineer and Software Developer on a mission to bridge the gap between code and production. With a love for automation, cloud-native solutions, and cutting-edge tech, I turn complex problems into seamless, scalable systems. π‘ What I Do: Build robust CI/CD pipelines that deliver software at the speed of thought. Architect cloud infrastructure that scales with a single command. Transform manual processes into automated workflows that just work. Break down silos and foster collaboration between teams. π§ Tech Stack I β€οΈ: Containers (Docker), Orchestration (Kubernetes), Infrastructure as Code (Terraform), CI/CD (Jenkins, GitLab), Cloud (AWS/GCP/Azure), and scripting like itβs my superpower. π Why This Blog? This is where I share my journey, lessons learned, and the latest trends in DevOps and software engineering. Whether you're a seasoned pro or just starting out, join me as we explore the tools, tricks, and best practices that make the tech world tick. π Letβs Build the Future, One Pipeline at a Time. Connect with me, share your thoughts, and letβs automate the world together!