CtrlOps
|Docs
Core

Permissions & Access Control

Managing user permissions and controlling access to your servers

Understanding Linux permissions and how to manage access to your servers effectively.

Linux Permission Basics

Every file and directory in Linux has three permission levels:

Permission Types

PermissionSymbolWhat It Means
ReadrView file contents / List directory
WritewModify file / Create/delete in directory
ExecutexRun file as program / Enter directory

Permission Levels

Permissions are set for three categories:

  1. Owner — The user who owns the file
  2. Group — Users in the same group
  3. Others — Everyone else

Reading Permissions

When you see -rw-r--r--, it breaks down as:

-rw-r--r--
 |   |   |
 |   |   └── Others: r-- (read only)
 |   └────── Group: r-- (read only)
 └────────── Owner: rw- (read + write)

Common Permission Numbers

NumberPermissionUse Case
777rwxrwxrwxEveryone can do everything (dangerous!)
755rwxr-xr-xExecutable files, directories
644rw-r--r--Regular files (documents, configs)
600rw-------Private files (SSH keys)
400r--------Read-only sensitive files

Changing Permissions

Using chmod

# Make file executable
chmod +x script.sh

# Set specific permissions
chmod 755 myfile

# Recursive change
chmod -R 755 mydirectory/

Changing Ownership

# Change owner
chown username file.txt

# Change group
chown :groupname file.txt

# Change both
chown username:groupname file.txt

# Recursive
chown -R username:groupname directory/

User Management in CtrlOps

Adding Users to Your Server

1. Create the User

# Create user with home directory
sudo adduser john

# Set password
sudo passwd john

2. Add to Sudo Group (Optional)

# Grant admin privileges
sudo usermod -aG sudo john

3. Set Up SSH Key

# Switch to new user
su - john

# Create SSH directory
mkdir ~/.ssh
chmod 700 ~/.ssh

# Add public key
echo "ssh-ed25519 AAAAC3..." >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Managing Multiple Users

Create different permission levels:

Admin Group

# Create admin group
sudo groupadd admins

# Add users
sudo usermod -aG admins alice
sudo usermod -aG admins bob

Developer Group

# Create developer group
sudo groupadd developers

# Set group ownership
sudo chown -R :developers /var/www/html

# Set permissions
sudo chmod 775 /var/www/html

Directory Permissions

Web Server Example

# Typical web directory structure
/var/www/
├── html/          # Website files
   ├── index.html
   └── assets/
├── logs/          # Log files
└── config/        # Configuration

# Set permissions
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
sudo chmod -R 750 /var/www/config
sudo chmod -R 755 /var/www/logs

Home Directory Permissions

Each user should only access their own home:

# Set correct home permissions
chmod 700 /home/username

Special Permissions

SUID (Set User ID)

Allows executing a file with owner's permissions:

# Example: passwd command
-rwsr-xr-x 1 root root ... /usr/bin/passwd

SGID (Set Group ID)

New files inherit directory's group:

# Set SGID on shared directory
chmod g+s /shared-folder

Sticky Bit

Prevents users from deleting others' files:

# Common on /tmp
chmod +t /shared-directory

CtrlOps Permission Features

File Manager Permissions

In CtrlOps File Manager, you can:

  • View permissions at a glance (color-coded)
  • Edit permissions with visual checkboxes
  • Bulk change permissions on multiple files
  • See ownership information

Permission Warnings

CtrlOps warns you when:

  • Making files world-writable
  • Changing permissions on sensitive files
  • Removing execute permissions from scripts

Best Practice Recommendations

When you select a file, CtrlOps suggests appropriate permissions:

  • SSH keys: 600 (owner only)
  • Scripts: 755 (executable by all)
  • Config files: 644 (readable by all, writable by owner)
  • Log files: 644 (readable by all)

Security Checklist

Regularly audit your server permissions to maintain security.

Monthly Review

# Find world-writable files
find /home -type f -perm -002

# Find files with no owner
find / -nouser -o -nogroup

# Check SSH directory permissions
ls -la ~/.ssh/

# Review sudo access
getent group sudo

Principle of Least Privilege

  1. Give minimum permissions needed for the job
  2. Use groups to manage permissions efficiently
  3. Regular audits of who has access to what
  4. Remove access when users no longer need it

Common Issues

"Permission Denied"

  • Check file permissions with ls -la
  • Verify you're the owner or in the right group
  • Check parent directory permissions

"Operation not permitted"

  • You need sudo/root access
  • File might be immutable (chattr -i file)

Can't Enter Directory

  • Directory needs execute permission (chmod +x dir)
  • Parent directories also need execute permission

Summary

  • rwx = Read, Write, Execute
  • Owner, Group, Others = Three permission levels
  • chmod = Change permissions
  • chown = Change ownership
  • Least privilege = Give minimum necessary access

Security & Identity

Licensing, device tracking, hardware fingerprinting, and analytics privacy. Understanding how CtrlOps protects your data and validates licenses.

Server Discovery & Setup

How CtrlOps helps you connect to and manage your Linux infrastructure

On this page

Linux Permission BasicsPermission TypesPermission LevelsReading PermissionsCommon Permission NumbersChanging PermissionsUsing chmodChanging OwnershipUser Management in CtrlOpsAdding Users to Your Server1. Create the User2. Add to Sudo Group (Optional)3. Set Up SSH KeyManaging Multiple UsersAdmin GroupDeveloper GroupDirectory PermissionsWeb Server ExampleHome Directory PermissionsSpecial PermissionsSUID (Set User ID)SGID (Set Group ID)Sticky BitCtrlOps Permission FeaturesFile Manager PermissionsPermission WarningsBest Practice RecommendationsSecurity ChecklistMonthly ReviewPrinciple of Least PrivilegeCommon Issues"Permission Denied""Operation not permitted"Can't Enter DirectorySummary