Ownership and modes

Unix permissions are a three-part model: user, group, and others. Each part can read, write, or execute.

Mode basics

• r = read
• w = write
• x = execute

A file with mode -rw-r----- means the owner can read/write, the group can read, and others have no access.

Operational guidance

• Grant minimal access and build upward.
• Use groups to model team access.
• Track setuid/setgid changes explicitly.