← back to home

// 02 — survival kit

FILESYSTEM
& PERMISSIONS

Linux keeps everything in one big tree of folders, starting from /. Every file has an owner and a set of rules about who can read, write, or run it. Once you understand this, "permission denied" stops being scary.

5 commands ~20 min beginner

THE FILESYSTEM TREE

On Windows you have C:\ and D:\. Linux has one single tree that starts at / (called "root" or "slash"). Everything — including USB drives and network shares — lives somewhere inside this tree.

As a developer, you only need to know a handful of these folders:

/ — the very top, everything starts here ├── home/ — all user home folders live here │ └── user/ — your personal folder (~) ├── etc/ — system-wide config files ├── var/ — logs, databases, runtime data │ └── log/ — system logs (nginx, auth, etc.) ├── usr/ — installed programs and libraries │ └── bin/ — user commands (git, python, node…) ├── bin/ — essential system commands (ls, cd, cp…) └── tmp/ — temporary files, wiped on reboot
The place you'll spend most time as a developer is ~/ (your home folder). Everything else you'll mostly touch when you install software or debug a server.

ROOT VS YOUR USER

Linux has a special all-powerful user called root. Root can do anything — read any file, delete anything, change any setting. Your regular user account can only touch your own files and a few shared things.

You never log in as root day-to-day. Instead, you use sudo to run a single command with root power when you need to.

sudo superuser do

Runs one command as root. You'll be asked for your own password (not root's). Think of it as a permission slip for a single command.

# this fails — only root can do this user@machine:~$ apt install nginx E: Could not open lock file ... Permission denied # this works — sudo grants root power for this one command user@machine:~$ sudo apt install nginx [sudo] password for user:
whoami check current user

Prints the current user's name. Useful when you're not sure whether you're running as root or your regular user.

user@machine:~$ whoami user user@machine:~$ sudo whoami root

When Should You Use sudo?

A simple rule: use sudo when the command touches something outside your home folder.

# No sudo needed — your own files $ rm ~/Desktop/old-file.txt $ mkdir ~/projects/myapp # sudo needed — system-level stuff $ sudo apt install nodejs # installing software $ sudo nano /etc/hosts # editing a system config $ sudo systemctl restart nginx # controlling services
Don't run everything with sudo "just in case." If a command you ran as root creates a file, that file is owned by root and your normal user can't edit it. Only use sudo when you actually need it.

READING PERMISSIONS

Every file and folder in Linux has permissions attached. When you run ls -la, the first column of each line shows them. Let's decode it.

ls -la output
-rw-r--r-- 1 user group 1234 Apr 20 10:00 notes.txt -rwxr-xr-x 1 user group 512 Apr 20 09:55 script.sh drwxr-xr-x 2 user group 4096 Apr 20 09:45 Documents

Breaking Down the Permission String

Take -rw-r--r-- and read it in four parts:

- | rw- | r-- | r--
type - = file   d = folder
owner rw- = read + write
group r-- = read only
everyone else (others) r-- = read only

Each block of 3 characters uses the letters r (read), w (write), x (execute). A dash (-) means that permission is off.

The execute bit (x) on a folder means "can enter this folder." You need it to be able to cd into a directory. On a file it means "can run this as a program."

CHANGING PERMISSIONS

chmod change mode

Changes the permissions of a file or folder. You'll use it most often to make a script executable or fix a file that's locked down too tight.

The easy way — symbolic

# make a script executable (add x for everyone) user@machine:~$ chmod +x script.sh # remove write from group and others user@machine:~$ chmod go-w config.json

The number way — octal

Each permission group (owner, group, others) gets a number. r=4, w=2, x=1. Add them up.

# 755 = owner: rwx (7) | group: r-x (5) | others: r-x (5) # typical for scripts and folders user@machine:~$ chmod 755 deploy.sh # 644 = owner: rw- (6) | group: r-- (4) | others: r-- (4) # typical for regular files user@machine:~$ chmod 644 notes.txt # 600 = owner: rw- (6) | nobody else can touch it # use this for SSH keys and sensitive files user@machine:~$ chmod 600 ~/.ssh/id_rsa
chown change owner

Changes who owns a file. You'll need this when a file was created by root and you want your own user to be able to edit it.

# give ownership to your user user@machine:~$ sudo chown user somefile.txt # change owner and group at once user@machine:~$ sudo chown user:user somefile.txt # change ownership of a whole folder recursively user@machine:~$ sudo chown -R user:user ./myproject
Try this: create a file with touch test.sh, check its permissions with ls -la test.sh, then make it executable with chmod +x test.sh and run ls -la test.sh again. You'll see the x appear in the permission string.

QUICK REFERENCE

$ whoami # who am I logged in as? $ ls -la # list files with permissions $ sudo <command> # run command as root $ chmod +x file.sh # make file executable $ chmod 755 file.sh # rwx for owner, rx for everyone $ chmod 644 file.txt # rw for owner, r for everyone $ chmod 600 secret.key # rw for owner only $ sudo chown user file.txt # change file owner $ sudo chown -R user:user ./folder # change owner recursively