Access Control

3. Access Control#

In Unix, security is built on a simple principle: every file has an owner, belongs to a group, and has permissions that control who can do what.

This chapter teaches you to think and act securely. You’ll learn how to set permissions correctly, manage users and groups, and design systems that protect data while allowing collaboration.

What You'll Learn

Core Concepts

  1. Users and Groups — The foundation of access control

    • What users and groups are

    • How the system identifies them

    • Why they matter for security

  2. Permissions — Who can do what

    • Permission symbols and their meaning

    • Octal notation and calculations

    • Special permissions (setuid, setgid, sticky bit)

  3. Default Permissions — Automation that saves security

    • How umask works

    • Setting secure defaults

    • Permissions inheritance

  4. Environment and Security — Secure configuration

    • Environment variables and their role

    • PATH security implications

    • Avoiding common mistakes

  5. Secure Project Setup — Putting it all together

    • Designing permissions for teams

    • Project ownership and group setup

    • Security best practices

Why This Matters

Many security breaches start with poor permissions. Understanding access control:

  • Protects data — Only authorized people access sensitive files

  • Enables collaboration — Teams work safely together

  • Prevents accidents — Bad umask doesn’t expose secrets

  • Builds secure habits — Good practices become automatic

Real-World Scenario

Imagine a team working on an API:

  • Developers need to read/modify code

  • QA team needs to run tests but not change source

  • Database password should be readable only by the app

  • Secrets must never be world-readable

Without proper permissions, anyone on the system could steal the password. With correct permissions, the system itself enforces security.

Progression

This chapter builds from fundamentals to security decisions:

  1. Users/Groups — Understand the players

  2. Permissions — The rules of access

  3. Defaults — Making secure choices automatic

  4. Environment — Secure system setup

  5. Projects — Applying to real scenarios

Prerequisites

From Chapter 2, you should understand:

  • File ownership (you own your files)

  • Basic permission concepts (r, w, x)

  • File attributes and metadata

Permission details will be fully explained here.

Quick Chapter Map

Section

Focus

Key Skills

0302

Users & Groups

Identity, group membership, system accounts

0303

Permissions

Symbols, octal, chmod, changing permissions

0304

Defaults

umask, secure defaults, inheritance

0305

Environment

Environment variables, PATH security, best practices

0306

Projects

Securing shared projects, team setup

0307

Lab

Hands-on permission management

By the End

You’ll be able to:

  • ✅ Create users and groups for different roles

  • ✅ Set permissions that are secure yet practical

  • ✅ Understand and adjust umask for different situations

  • ✅ Configure environment variables securely

  • ✅ Design permission schemes for team projects

  • ✅ Audit and fix permission problems

Let’s secure your systems!