Control who can do what — read the permission string from ls -l, change permissions with chmod, change owners with chown, run admin tasks safely with sudo, and link files with symbolic and hard links.
ls -l starts each line with something like -rwxr-xr--. The first character is the type (- file, d directory, l link). The next nine are three groups of rwx (read, write, execute) — for the owner, the group, and everyone else. So -rwxr-xr-- means the owner can read/write/run it, the group can read/run it, and others can only read it. The two names after are the owning user and group.
Long listing shows permissions, owner, and group on every line
ls -l /etc/passwdLook at a folder's own permissions (-d = the folder, not its contents)
ls -ld /homeReminder of the layout: - rwx r-x r-- -> type | owner | group | others
chmod ("change mode") sets permissions. The easy way is symbolic: u/g/o (user/group/others) or a (all), then + or - to add or remove, then r/w/x. The shorthand you will see everywhere is numeric: r=4, w=2, x=1, added up per group — so 755 is rwxr-xr-x and 644 is rw-r--r--. Making a script runnable is the most common reason you will reach for this.
Make a script executable for everyone (add the x permission)
chmod +x deploy.shRemove write access for group and others
chmod go-w notes.txtNumeric form: 755 = rwx for owner, r-x for group and others
chmod 755 deploy.sh644 = owner can read/write, everyone else read-only (typical for files)
chmod 644 notes.txtNormal users cannot touch system files — that protection is what keeps Linux stable. sudo ("super user do") runs a single command with administrator (root) powers, after asking for your password. Prefer it over logging in as root: it limits risk to one command at a time and records who did what. Many failures with "Permission denied" simply need sudo in front.
A protected file: editing it fails without admin rights
nano /etc/hosts # -> Permission deniedRun the same edit with admin powers
sudo nano /etc/hostsRun any command as root
sudo systemctl restart sshWho am I right now?
whoamiEvery file is owned by a user and a group. chown ("change owner") reassigns that — usually needed after creating files for a service or another user. The format is chown user:group file; -R applies it recursively to a whole folder tree. Changing ownership is an admin action, so it normally needs sudo.
Give a file to user "deploy" and group "deploy"
sudo chown deploy:deploy /var/www/app.jsChange the owner of a whole folder tree (-R = recursive)
sudo chown -R deploy:deploy /var/wwwChange only the group, leaving the owner as-is
sudo chown :www-data /var/www/app.jsA link lets one file appear in two places. A symbolic link (ln -s) is a pointer, like a shortcut — it names another path, and breaks if the target is deleted. A hard link is a second real name for the exact same data; the data survives until every name is removed. Symbolic links are what you reach for 95% of the time.
Create a symbolic link (a shortcut) named "current" -> the real folder
ln -s /var/www/releases/v2 currentIt shows up as a link in ls -l, with an arrow to its target
ls -l currentA hard link: a second name for the same underlying file
ln notes.txt notes-alias.txt