Linux Permissions

Where shell we begin ?

Open a terminal window by pressing Ctrl + Alt + T

Typels -l lower case L

You should get something like this:

drwxr-xr-x  2 owner-username group     4096   Dec 25 20:15 Templates
-rwx--x--x  1 owner-username group     36     Jul 28 2016  script.ssh

The letters at the start of each line ( drwxr-xr-x ) tell us whether it’s a file or a folder and what permissions are set for that file or folder.

Each character position is called a permissions bit, with the exception of the first character which simply defines the file type. If the first character (type) is the letter d, then it’s a folder. Otherwise if the first character is a – (dash), then it’s a file.  File and folder names will be different colours, for example on my system it’s green for executables (scripts), blue for folders and red for all other files. It may vary depending on what version of Linux you’re running.

The owner-username and group show you which user owns that file or folder and which group also has access to it. Although, if you are looking at your home directory you might just see your username as owner and again as group, that’s perfectly normal. Your web servers html folder on the other hand might need the www-data group assigned to it.  Which is why you have separate permission bits, so you can for example give yourself (Owner) full access (rwx), your web server (Group) read-execute (r-x) and everything else (Other) read-only (r–). You can change the Owner and Group using the chown command, which we will cover later.

Permission Bits:

There are 3 parts to the permission bits. They are: Owner, Group and Other (aka World).

Each part has 3 bits, which are (r)Read , (w)Write and (x)eXecute . Always in that order.

For example: -rwxr--r-- would give the Owner read, write and execute permissions but read-only for Group and Other.

Another example: dr--r--r-- would give Owner, Group and Other read-only access to that folder (remember the d type is folder)

Each permission bit has a value when set: r = 4 , w = 2 , x = 1 (read , write , execute).

If we take the first example and explode it, we get this:   -  rwx  r--  r--  (type, owner, group, other)

So how do we get from -rwxr--r-- to 744 .

We simply add up the values for each permission bit respectively for Owner, Group and Other. Like this:

Note: Permission bits will always be Owner, Group and Other, in that order.

Below we have an exploded example with both the letter and numerical values for each permission bit.

Type    Owner        Group       Other
        Permissions  Permissions Permissions
 -      rwx          r--          r--
        7            4            4

Setting Permissions with chown and chmod:

chmod sets the permissions (what the Owner, Group and Other can do with the file or folder).
chown sets the owner of the file(s) or folder(s).

Now let’s say that we wanted to give:
Owner (r)ead, (w)rite and e(x)ecute permissions.
Group (r)ead, (w)rite and e(x)ecute permissions.
Other (r)ead only.

We would do it like this:

chmod 774 /home/hayward/file.txt - Owner (rwx)=4+2+1, Group (rwx)=4+2+1, Other (r--)=4.

If we wanted to set those same permissions on a directory instead, we would do it like this:

chmod 774 /home/hayward/documents - Changes permissions for the /documents folder and the files inside it.

chmod 774 -R /home/hayward/documents - Changes permissions for all folders and files recursively.

Now lets look at chown.

chown user:group -R /home/hayward/documents - Sets the user and group owners for that file or folder, recursively.

chown username file.txt - Sets the owner of file.txt to username.

You may need to use sudo or be root to use chmod and chown on your system.

Also, one last bit of advice.  Never , ever , ever , set file or folder permissions to 777 .
Why ? Have a think about it. Answers on a postcard please :p

Linux User Management

Let’s begin by asking, who am I ?

Before we continue, we need to make sure that our account (user login) has the permissions needed to manage users and groups.
If you are not the server owner or do not have some administrative rights, then this article is not for you.

Start by opening a terminal window by pressing Ctrl + Alt + T


The output will be the username you are currently logged in as.  You might also have noticed that your username makes up the first part of your command line prompt (i.e [email protected] ). For something a little more useful you can try: who -m.

Now that we know what user you’re logged in as, lets find out what groups you are a member of.

Type: groups

You should get an output similar to this (I’ve added the #comments for clarity).

[email protected]:~$ groups    #The command
hayward sudo shares admin     #The output

My logged in username is hayward, my primary group is hayward and my secondary groups are sudo, shares and admin.

The important thing to note here is that my account is a member of the sudo group (commonly known as Super User DO) .

What is sudo ?

Sudo is a program that allows users to run commands that would normally only work with higher level accounts, such as root for example. Users who need administrative privileges should be added to the sudo group, rather than given the root login and password.  When a sudo group member wants to run an administrative command, they prefix it with sudo then-command-to-execute.  Sudo tells the system to run the following command(s) as a substitute user, commonly the root user. The sudo user will need to provide their own password for security authentication. Nobody, even the server owner should be logging in as root, unless absolutely critical to the task in hand.

Be very careful running commands as root user. is your friend for more information and horror stories on using root :p

Why is my primary group the same as my username ?

The primary group is used by default when you log in, for setting ownership on files you create for example.
You can learn more about file permissions in our article: Linux Permissions 101 .

It is possible of course to change your primary group to something else, but that’s for advanced users and wont be covered here.

My username is root , what now ?

If your version of Linux didn’t prompt you to provide a username during installation (as is the case with most VPS hosting), then you’ll more than likely be logging in for the first time using the root account. This is often an unavoidable step when setting up a new server, so it’s nothing to worry about. Although you should make it a priority to prevent remote access with the root account.

Adding a new user:

The native command for adding new users is useradd, this is considered the more advanced method. But I’m trying to make your life easier, so I’ll show you how to use the second method also, which is with the adduser command (it’s actually a perl script that calls the useradd command).  adduser prompts you for the information needed, while useradd expects you to provide it as part of the command line.  Let’s take a look at both methods below:

adduser (recommended method).

Should your version of Linux not have adduser installed, install it with this command: sudo apt-get install adduser

If you are logged in as root:

Type: adduser newusername

If you are logged in as a user with sudo privileges:

Typesudo adduser newusername

You will be asked to set a password for the new user and given the option to provide additional information, such as Full Name. Once you’ve set a password you can simply press enter for each of the other prompts until you’re asked if the information you provided is correct. Press Y , then Enter.

useradd (for advanced users).

Using this command will not automatically add a home directory or prompt you to set the user password.

If you are logged in as root:

Type: useradd username Without home directory or password
Alternatively: useradd -d /home/username/ -m username With home directory, note the space after /username/

If you are logged in as a user with sudo privileges:

Type: sudo useradd username Same as above, but you’ll need to enter your password to continue.
Alternatively: sudo useradd -d /home/username/ -m username Note the space after /username/

Once you’ve added the new user, set a password by typing: sudo passwd username Don’t use sudo if logged in as root.

Adding the new user to a secondary group (sudo, for this example).

If you are logged in as root:

Typeusermod -a -G sudo username Adds username to the sudo group

-a (append)
-G sudo (add user to secondary group, sudo)

If you are logged in as a user with sudo privileges:

Typesudo usermod -a -G sudo username Same as above, but you’ll need to enter your password to continue.

This user will now be able to run commands as sudo (Super User DO).

You can switch to this new user by typing: su username To switch back, just type exit and press enter.

Tor Project

Tor Website on Ubuntu

This is a quick tutorial on how to set up a Tor website using Nginx on Ubuntu.

Step 1: Install Nginx

Type: sudo apt install nginx

Type: sudo nano /etc/nginx/sites-available/default

Replace the entire contents of the file with the code block below.

server {
       listen default_server;
       server_name localhost;
       root /usr/share/nginx/html;
       index index.html index.htm;
       location / {
               deny all;

Step 2: Install Tor

Typelsb_release -a

Note down your Linux release version and codename.

Then visit this link and select your Linux version and codename from the drop down menu.

Follow the instructions on that page, then continue back here.

Type: sudo nano /etc/tor/torrc

Look for the following two lines of code and uncomment them, then change “” to “”.

#HiddenServiceDir /var/lib/tor/hidden_service/ 
#HiddenServicePort 80

After making those changes, the two lines should now look like this:

HiddenServiceDir /var/lib/tor/hidden_service/ 
HiddenServicePort 80

Step 3: Restart the Services

Type: sudo service nginx restart

Typesudo service tor restart

Step 4: Test Your Tor Website

Typesudo nano /var/lib/tor/hidden_service/hostname

Copy your .onion hostname and try it out in your Tor Browser.

Your websites html files can be found in /usr/share/nginx/html

As a final note, I strongly advise you to read Tor Hidden (Onion) Services Best Practices.


Linux Command Cheatsheet

Keyboard Shortcuts:

Ctrl + alt + t #Opens a new terminal window.
Ctrl + c #Halts the current command.
Ctrl + d #Log out of session. Same as typing exit
Ctrl + w #Delete one word on the current line.
Ctrl + u #Delete the entire line.
!! #Repeat previous command.

Process Management:

ps #Display active processes.
top #Display all running processes.
kill pid #Kills process id pid
killall proc #Kills all processes named proc

System Information:

man command #Shows the manual page for command.
date #Show current date and time.
uptime #Shows the current system uptime.
whoami #Who are you logged in as.
uname -a #Display kernal information.
lsb_release -a #Display Linux version
df #Show disk usage.
du #Show directory space usage.
free #Shows memory and swap usage.
whereis appname #Lists possible locations for appname
which app #Displays which app will be run by default.
cat /proc/cpuinfo #CPU information.
cat /proc/meminfo #Memory information.

Network Related:

ping client #Pings server client cancelled.
whois domain #Gets the whois record for domain.
dig domain #Returns DNS record for domain.
nslookup domain #Same as dig
tracepath domain/ip #Lists hops to domain/ip
traceroute domain/ip #Same as tracepath
wget http://url/file #Downloads file.
wget -c http://url/file #Continue a stopped download.


tcpdump -i eth0 #Sniff packets on Ethernet port.

tcpdump switches:
i (Lower Case I) #Interface to sniff.
n #Shows IP and ports instead of hostname.
v #Verbose, could be used up to 3 times.
w file #Sends captured packets to file.

tcpdump expressions:
dst #Traffic destination, could be combined with port or net.
src #Traffic origin, could be combined with port or net.
port (number) #Specific port for packet capture.
portrange #Range of ports to sniff
net #Network to sniff
and #To concatenate (src and dst
or #Record, If either conditions are met (dst port 80 or dst port 443)


ftp #Opens an FTP connection to
put #Upload a file.
mput #Upload several files (interactive by default).
get #Download a file.
mget #Download several files (interactive by default).
prompt #Disable the interactive option of mput/mget.
cd #Move to a directory.


chmod 744 file #Read, write and execute for all.
chmod 755 file #Owner rwx, group and world rx only.
chmod 744 -R /folder #Change all files and folder permissions recursively.
chown -R username:group /folder #Sets owner and group for this folder.

Learn more about Linux file permissions in this article.

Input and Output:

cmd1 | cmd2 #Use the result of cmd1 as input for cmd2 (PIPE).
echo hello > file #Save output to file (Will overwrite if file exists).
echo goodbye >> file #Append output to file
cmd1 < file #Return file contents as input for cmd1
cmd1 & #Execute cmd1 in the background.
cmd1 && cmd2 #Execute if both cmd1 AND cmd2 return true.
cmd1 || cmd2 #Execute cmd2 only if cmd1 returns false (nonzero).


ssh-keygen -t rsa -b 4096 #Generate key pairs for user.
ssh [email protected] #Connect to server as user
ssh -p (port) [email protected] #Connect to server on port as user
ssh-copy-id [email protected] #Add your key to server

User Management:

adduser user #Simplest way to add a user with prompts.
useradd -d /home/user -m user #Add a user without prompts.
passwd user #Set password for user.

Additional options for useradd:
-a #append
-m #Create home folder
-d #Path to home folder
-s #Shell for the user
-c #Comments for the user
-U #Create group with user
-G #Specify other groups for the user
-e (expiry date) #Date format YYYY-MM-DD
chage -M (days) user #Set password expiration for that user

Learn more about user management in this article.

File and Directory Commands:

ls -al #Formatted directory listing, including hidden files.
pwd #Shows the current directory you're in.
cd - #Switch to previous directory.
cd ~ #Changes to your home directory.
mkdir dir #Creates a directory called dir
rm -r dir #Deletes the directory called dir
rm file #Deletes file
rm -f file #Force removes file
rm -rf dir #Force delete directory dir
cp -r dir1 dir2 #Copy dir1 to dir2 , creates dir2 if necessary.
cp file1 file2 #Copy file1 to file2
mv file1 file2 #Rename file1 to file2. Or move file1 into file2 if directory.
touch file #Creates or updates file
more file #Print file contents to screen.
head file #Print first 10 lines of file to screen.
tail file #Print the last 10 lines of file to screen.
tail +0f file #Display file contents live


grep pattern files #Search files for pattern.
grep -r pattern dir #Recursively search for pattern in dir.
locate file #Search for all instances of file


i #Insert mode
esc #Exit back to normal mode
: (Colon) #Command mode

Command mode:
q #Exit (warns if changes made without saving).
q! #Exit without saving changes.
w #Save current changes and continue.
x #Save changes and exit.
/pattern #Search for text pattern
UP ARROW (key) #Shows last command used, same as bash.
split #Divides the screen

Normal mode:
n #Cycles through each instance of search pattern (top to bottom).
d #Delete and copy the line.
x #Delete what is under the cursor.
p (lower case) #Paste after cursor.
P (upper case) #Paste before cursor.
u #Undo last action or command.
ctrl+r #Redo last action or command.
h #Move cursor left.
j #Move cursor down.
k #Move cursor up.
l (Lower case L) #Move cursor right.
0 (Zero) #Jump to first character of the line.
^ (Circumflex) #Jump to first non white character of the line.
$ #Jump to last character of the line.


scp file [email protected]:/path/file #Copy local file to remote server.
scp [email protected]:/path/file . #Copy file from server to local host.
scp -r /path/dir/ [email protected]:/dir/ #Copy local dir to remote server.
scp -r [email protected]:/dir/ . #Copy dir from remote server to local host.


tar cf file.tar files #Create a tar file named file.tar containing files
tar xf file.tar #Extract the files from file.tar
tar czf file.tar.gz files #Creates a tar file with Gzip compression.
tar xzf file.tar.gz #Extract a tar file using Gzip.
gzip file #Compresses file and renames it file.gz
gzip -d file.gz #Decompresses file.gz back to file


Install from source files:
make install

dpkg -i package.deb #Install from Debian package
rpm -Uvh package.rpm #Install from RPM package