For files and directories, permissions can be set in terms of the user, group and other. Read has a value of 4, Write has a value of 2, and Execute has a value of 1. So, if one wants to change the permission of a file, one can add those numbers to the permission level desires, and use the chmod command, like this:

$ sudo chmod 777 file.xz

The above gives read, write, and execute (4+2+1=7) values to UserGroupOther.

Another interesting thing I learned is that there is actually space for a four value, before the 777 in that above example. That value is reserved for a special permission, such as setUserID (s) or set GroupID (s) or a Sticky Bit, which is applied to directories and allows users to only delete the files that they are owners of. So, Revengeful Robin, member of the XY Group, is not able to delete all the files in a directory that XY Group has permissions to- only the files that she is owner of.

Lastly, files can have attributes set in a more-granular way with file attributes. One can list the file attributes of file xyz.xy by using this command:

$ lsattr xyz.xy

and then change those attributes using this command:

$ chattr -i xyz.xy

What the -i flag does is it makes the file immutable, so nobody can change it.

Okay, just one more thing: Access Control Lists. This is for more-granular permission setting:

$ getfacl file.xy

=”Get File Access Control List” <filename>

This will list out the user, group, other attributes. Don’t like those permissions? Let’s change them with:

$ setfacl -m u:billy_bob:r file.xy

We are using the -m flag her to modify the attributes, setting the user (billy_bob) to read-only (r) permissions on the file titled ‘file.xy’.