search

🐧Linux File Permissions Labs

hashtag
🎯 Objective

Learn to manage Linux file permissions, understand setuid/setgid, and recognize associated security risks.

hashtag
🧰 Prerequisites

  • Linux system (Ubuntu/Debian/CentOS)

  • sudo access

  • Basic shell familiarity

In Linux, everything is a file, like:

  • Binary application code

  • Data

  • Configuration

  • Logs

  • Devices

Permissions on such files determine which users are allowed to access those files and what actions they can perform on the files.

Each file and directory has three user-based permission groups:

  • u - owner – The Owner permissions apply only to the owner of the file or directory, they will not impact the actions of other users.

  • g - group – The Group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of other users.

  • a - all users – The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

The Permission Types that are used are:

  • r – Read

  • w – Write

  • x – Execute

The permissions are displayed as: -rwxrwxrwx 1 owner:group. Using ls -l test.txt would result in the following:

  1. The first character is the special permission flag

  2. The following set of three characters (rwx) is for the owner permissions

  3. The second set of three characters (rwx) is for the group permissions

  4. The third set of three characters (rwx) is for the all users permissions

  5. Following the grouping the number displays the number of hard links to the file

  6. The last piece is the owner and group assignment

The file owner and group can be changed using the chown command. By performing chown myuser:mygroup test.txt the owner of the file test.txt would be myuser and the group would be set to mygroup.

The file permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference. You may add the read and write permission to the group using chmod g+rw text.txt. To remove the same permissions for all other users you would type chmod o-rw text.txt.

hashtag
πŸ”Ή Lab 1: Basic File Permissions

hashtag
Step 1: Create a file and set permissions

Create a new file and check the default permissions:

By default the owner (the user novatec) and the group (novatec) have readand write access

But here we want to have write access for the owner only. So let's do this:

βœ… Expected: Only the owner can read/write.

hashtag
Step 2: Cleanup myfile1.txt

Remove the test file

hashtag
πŸ”Ή Lab 2: Understanding Numeric Permissions

You may also specify the complete file permissions using a binary reference instead: The numbers are a binary representation of the rwx string.

  • r (read) = 4

  • w (write) = 2

  • x (execute) = 1

So you could also perform chmod 644 test.txt instead of chmod g-w,a-w,u+w test.txt.

hashtag
Step 1: Create a file and set numeric permissions

Create a new file again and check the default permissions:

By default the owner (the user novatec) and the group (novatec) have readand write access

But here we want to have write access for the owner only. So let's do this, but this time using numeric style:

βœ… Expected: Only the owner can read/write.

Using the numeric style for setting permissions is much faster and easier compared to the first alternative used in the first lab.

hashtag
Step 2: Cleanup myfile2.txt

Remove the test file again

hashtag
πŸ”Ή Lab 3: Using umask to Set Default Permissions

umask sets the calling process's file mode creation mask (umask) to umask & 0777 (i.e., only the file permission bits of mask are used). The umask is used by system calls that create files, i.e. mkdir or touch. Same as the file permissions, in the umask mode value, the first digit, 0 is called the sticky bit, it is a special security feature. The next three digits represent the octal values of the umask for a file or directory.

In our lab we will ignore the first digit and only focus the last 3 digits for file/directory permissions.

In practical terms to get the effective file permissions of a umaskmode set you calculate

  • For directories: 777 - umask mode, i.e. 777 - 002 = 775 (drwxrwxr-x)

  • For file: 666 - umask mode, i.e. 666 - 002 = 664 (-rw-rw-r--)

hashtag
Step 1: Check current umask

Check current umask:

By default this should return the following value

With this umask value creating a new directory or a new file would have permissions set as described in the section above (directory=775, file=664).

hashtag
Step 2: Change umask

Let's change the umask to a bit more restrictive value:

  • For directories: 777 - 022 = 755 (drwxr-xr-x)

  • For files: 666 - 022 = 644 (-rw-r--r--)

βœ… New directories and files will have permissions limited by umask.

hashtag
Step 3: Cleanup and reset umask to default

Finally set the default umask again.

Finally, clean up files and directory

hashtag
πŸ”Ή Lab 4: Using special permissions using setuid and setgid

When executing a file, usually the process that gets started inherits your user ID. If the file has the setuid/setgid bit set, the process will have the user/group ID of the file’s owner/group instead.

We will try that using the sleep command. Because we will change permissions first, we will copy the binary to our own one experiment with. To check the installation path of the sleep file perform a which sleep. With this path perform the copy command:

Now let's check the file permissions for the mysleep file:

This should return something like this:

hashtag
Step 1: Execute mysleep with my own user

Normally, when you execute a file, the process that gets started inherits your user ID and group ID.

If you now execute it in a terminal with

And then execute this in another terminal:

Then this will run with the root user id:

You can check for your own user id (UID) using the id command:

This would return something similar like this:

hashtag
Step 2: Execute mysleep as a root user

If you now execute it as a root user in a terminal with

And then execute this in another terminal:

Then this will run with the root user id:

hashtag
🧱 Excursus: Breakdown of process output

breakdown

hashtag
Step 3: Execute mysleep with setuid bit set

Now with setuid bit set:

Check again with

If you now execute this in one terminal:

And execute this in another terminal:

Then you will see that even when executing as root, the command is run using the other user id:

This bit is typically used to give a program privilege that it needs but is not usually extended to regular users. Because setuid provides a dangerous pathway to privilege escalation, some container image security scanners report on the presence of files with the setuid bit set.

One example would be the passwd command which runs by default with the root user id.

Modern linux systems are much more restrictive by default with using the setuid bit with the root user.

hashtag
πŸ”Ή Lab 5: Setgid and Directory Behavior

Create a directory and setgid:

βœ… s appears on group permissions of the setgid-dir directory only.

Files created inside test-dir do NOT inherit the directory's group:

But files created inside setgid-dir inherit the directory's group:

βœ… Group ownership is inherited automatically.

Finally clean up everything:

hashtag
🚨 Attack Potential

  • If writable by multiple users, can lead to group privilege escalation or unauthorized access.

hashtag
πŸ”Ή Lab 6: Finding All Setuid and Setgid Binaries

Audit the system:

βœ… Review carefully β€” attackers often target vulnerable setuid/setgid binaries.

hashtag
βœ… Wrap-Up

  • βœ… Learned about Linux file permissions

  • βœ… Created and used setuid/setgid binaries

  • βœ… Understood real attack potential

  • βœ… Practiced mitigation and auditing techniques

PreviousBasicsNextLinux Namespaces Labs

Last updated