[{"content":"Overview File permissions are detemine who can access the directed files and directories.\nLinux permissions could be viewed using command ls -l - list long format. Command execution result will represent you a file with a preffix type: rwxrwxrwx + rest of info as a file and group owner,file modification date and file name. File access is represented on a 3 levels of the users who could have possibility to read, write, execute intened file. These access groups consist of owner,group, others. \u0026ldquo;Owner\u0026rdquo; - file owner, \u0026ldquo;group\u0026rdquo; - group which owns a file, \u0026ldquo;others\u0026rdquo; - everyone else.\n2 How to read permissions Linux permissions could be viewed using command\nls -l # list long format So, example rules like\n-rw-r--r-- could be explaines as:\n\u0026quot;-\u0026quot; - shows a file. \u0026quot;rw-\u0026quot; - means that\u0026rsquo;t file owner could read, write file, but NOT execute (as x letter has \u0026ldquo;-\u0026rdquo; \u0026quot;r--\u0026quot; - group which owns a file could *read, but CAN NOT write,CAN NOT execute a file \u0026quot;r--\u0026quot; others can read, but CAN NOT write, CAN NOT execute Second example:\n\u0026quot;drwxr-x---\u0026quot; means: \u0026quot;d\u0026quot; - directory \u0026quot;rwx\u0026quot; - user who owns a directory CAN read,write,execute. \u0026quot;r-x\u0026quot; - group can read, CAN NOT write, can execute \u0026quot;---\u0026quot; - others CAN NOT read,CAN NOT write,CAN NOT execute. 3 Ownership and group Owner and group could be changed in a various ways:\nchown username filename This command is used to change a file owner. Thus,after command. execution FILE will rewrite an owner to USER.\nchgrp groupname filename This command is used to change a group which owns a file. Thus, executing this command FILE will rewrite GROUP.\nchown - command is used to change an OWNER and GROUP at the same moment. In the end, file owner and group will be a USER and GROUP. These changes could be verified using\nls -l 4 Changing permissions Also, there are 2 ways to change permissions - numeric and symbolic ones. Chmod command is used to change assigned permissions. There are few ways how to do it: Symbolic mode:\nchmod u+x file - adding a posibility to execute a file to the user(file owner). chmod g-w file - substracts a possibility to write from the group which owns a file. chmod o=r file - others could only read the file chmod u=rwx file,g=rx,o= file - that\u0026#39;s means USER could *read,write,execute* a file, group - read and execute, others - has no permissions to do nothing. Numeric mode(octal): There is a possibility to make numeric modifications with a file. Maximum value is 7 which is consist of:\n4 - read (r)\n2 - write (w)\n1 - execute (x)\nSo, rwx permission is equal to 7\nchmod 644 file means:\n7-1=6 - only execution(x) is substracted for user\n7-1-2=4 - execution(x) and read(r) is substracted for group\n7-1-2=4 - execution and read(r) is substracted for others\nIn the end, file permissions are: rw-r\u0026ndash;r\u0026ndash;\nChmod 600 file is: 7-1(x) = 6(read+write) for user 0 - NO read,write,execute for group 0 - No read,write,execute for others So, file permissions are: (rw-)(\u0026mdash;)(\u0026mdash;).\nChmod 755 script.sh: 7 - read,write,execute 7-2(w) = 5 - wite is substracted from the group and others File permissions are: rwxr-xr-x.\nChmod 700 dir: 7 - full permissions 0 - No read,write,execute for group and others Directory permissions are: rwx\u0026mdash;\u0026mdash;\n5 Directories vs files read, write and execute permission could be implemented to the:\nregular files directories Read - allows to view file content and list directory content; Write - allows file modification/deletion or adding/removing entries(directories); Execute - allows to run a file and enter a directory.\nNo execute (x) option does not allows to enter directory.\n[username@hostname ~]$ ls -l total 4 -rw-r--r--. 1 username username 98 Jan 11 20:30 1 drw-rw-rw-. 3 username username 59 Jan 11 18:53 labExamples drwxr-xr-x. 8 username username 161 Jan 6 18:34 N2stas1a.github.io [username@hostname ~]$ cd labExamples/ bash: cd: labExamples/: Permission denied [username@hostname ~]$ No read(r),but wx options are here. Execute(x) option allows to enter directory, but no read(r) option does not allows to list directory content.\n[username@hostname ~]$ ls -l total 0 d-wx-wx-wx. 3 username username 59 Jan 11 18:53 labExamples drwxr-xr-x. 8 username username 161 Jan 6 18:34 N2stas1a.github.io [username@hostname ~]$ cd labExamples/ [username@hostname labExamples]$ ls -l ls: cannot open directory \u0026#39;.\u0026#39;: Permission denied 6 Special permissions bits(RHCSA-relevant) SUID SUID - special file permission allowing to execute a file from the file owner.\n[username@hostname labExamples]$ chmod u+s file1 [username@hostname labExamples]$ ls -l total 4 -rw-r--r--. 1 username username 297 Jan 11 20:42 1 -rwsrwxrwx. 1 username username 0 Jan 11 20:48 file1 SGID SGID - permission which allows to the file to be executed from the group that\u0026rsquo;s owns a file. Additionaly, files which are created in a directory will inherit a group where SGID is set.\nusername@hostname ~]$ chmod g+s ./labExamples [username@hostname ~]$ ls -l total 8 drwxrwsrwx. 4 username username 44 Feb 4 22:11 labExamples drwxr-xr-x. 8 username username 161 Jan 27 22:09 N2stas1a.github.io [username@hostname ~]$ cd ./labExamples/ [username@hostname labExamples]$ ls -ld drwxrwsrwx. 4 username username 44 Feb 4 22:11 . [username@hostname labExamples]$ mkdir SGIDdir [username@hostname labExamples]$ ls -l total 0 drwx--S---. 2 username username 6 Feb 4 22:23 SGIDdir Sticky bit Sticky bit - permission which is restricting file deletion. Only file owner (and root) are able to delete files within this directory.\n[username@hostname labExamples]$ mkdir STICKY [username@hostname labExamples]$ chmod +t STICKY/ [username@hostname labExamples]$ ls -ld STICKY/ drwxr-xr-t. 2 username username 6 Jan 11 21:19 STICKY/ Umask Umask - is a command to set permissions for files which are created by user in a current runtime. After new umask implementation, permission rules for the newely created files, will be changed. 777 permissions could be over permissive for created files. So, umask could be implemented to substract a permissions.\nusername@hostname labExamples]$ umask 0022 drwxrwxrwx. 2 username username 6 Jan 22 22:30 . [username@hostname labExamples]$ mkdir exampledir1 [username@hostname labExamples]$ ls -l total 0 drwxr-xr-x. 2 username username 6 Feb 4 22:11 exampledir1 [username@hostname labExamples]$ umask 077 [username@hostname labExamples]$ mkdir exampledir2 [username@hostname labExamples]$ ls -l total 0 The difference between two files after new umask implementation is showed below.\ndrwxr-xr-x. 2 username username 6 Feb 4 22:11 exampledir1 drwx------. 2 username username 6 Feb 4 22:11 exampledir2 8 Troubleshooting cheatsheet There is main troubleshooting pricnciples applicable to the permission topic: „“I can’t access a file” – check the file\\directory permissions. Ls –l option or stat [file] should be applied. Please check file ownership: Does your user has a possibility to execute needed directory? – check execution options Does your user belongs to the group allowed to execute file\\directory? – check group using\nid [User] and group [user] “Permission denied on a script” – execution (x) permission letter must be implemented to the file\\directory. “I changed permissions but it still fails” – verify the file path correctness. Verify command and command path correctness.\n","permalink":"https://n2stas1a.github.io/posts/2026-01-06-rhcsa-permissions/","summary":"RHCSA note for managing permissions","title":"RHCSA permissions"},{"content":"1) What are su and sudo? su (“switch user”) starts a new shell (or runs a command) as another user, commonly root. sudo (“superuser do”) runs one command (or an interactive root shell) with elevated privileges according to policy in /etc/sudoers (and /etc/sudoers.d/*). For RHCSA: prefer sudo for controlled elevation and auditing.\n2) How do they work (high level)? su (switch user) Runs su and requests authentication (via PAM). If accepted, the process changes identity to the target user (UID/GID) and starts a shell. Typical usage:\nsu # switch to root (asks for root password) su - alice # switch to user alice with a \u0026#34;login\u0026#34; shell su -c \u0026#39;id\u0026#39; # run a single command as target user sudo (policy-based elevation) sudo checks authorization (sudoers rules) and may require authentication (your password). If allowed, it runs the command as the target user (default: root) and logs the action. Typical usage:\nsudo dnf install -y vim sudo systemctl restart sshd sudo -i # interactive root login-style shell 3) When do they exist / work? (sudo is a separate package) On many systems, sudo may not be installed by default (minimal installs/containers). It is typically provided by the sudo package. su is usually present because it comes from base system utilities (commonly util-linux on RHEL-like systems). Quick checks:\ncommand -v sudo || echo \u0026#34;sudo not installed\u0026#34; command -v su rpm -q sudo 2\u0026gt;/dev/null || true rpm -q util-linux 2\u0026gt;/dev/null || true Also note: even if installed, sudo works only if you are permitted by sudoers (often via the wheel group on RHEL).\n4) How /etc/sudoers works Sudoers is a policy file. Conceptually:\n“Who” (user/group) “Where” (host) “As whom” (Runas) “What commands” (command list) Optional flags (NOPASSWD, env handling, etc.) A common rule shape:\nUSER HOST=(RUNAS) COMMANDS Always edit with visudo:\nvisudo visudo -f /etc/sudoers.d/rhcsa Mermaid overview of sudo decision flow:\nflowchart TD A[\u0026#34;User runs: sudo \u0026amp;lt;command\u0026amp;gt;\u0026#34;] --\u0026gt; B[\u0026#34;Read policy: /etc/sudoers + /etc/sudoers.d/*\u0026#34;] B --\u0026gt; C{\u0026#34;Rule matches user, host, runas, command?\u0026#34;} C --\u0026gt;|No| X[\u0026#34;DENY\u0026lt;br/\u0026gt;Log denial\u0026#34;] C --\u0026gt;|Yes| D{\u0026#34;Authentication required now?\u0026#34;} D --\u0026gt;|Yes| E[\u0026#34;PAM auth\u0026lt;br/\u0026gt;Prompt for user\u0026#39;s password\u0026#34;] E --\u0026gt; F{\u0026#34;Auth success?\u0026#34;} F --\u0026gt;|No| Y[\u0026#34;DENY\u0026lt;br/\u0026gt;Log failure\u0026lt;br/\u0026gt;May trigger PAM lockouts/delays\u0026#34;] F --\u0026gt;|Yes| G[\u0026#34;Apply policy\u0026lt;br/\u0026gt;Runas user/group\u0026lt;br/\u0026gt;Environment rules\u0026#34;] D --\u0026gt;|\u0026#34;No (timestamp cached)\u0026#34;| G G --\u0026gt; H[\u0026#34;Execute command as target (default root)\u0026#34;] H --\u0026gt; I[\u0026#34;Log event\u0026lt;br/\u0026gt;(user, tty, cwd, command, result)\u0026#34;] 5) Why does su sometimes not ask for the root password? su asks for the target user’s password (often root) unless the caller is already privileged.\nExample:\nsudo su Here, sudo starts su as root (effective UID 0). From su’s perspective, the caller is already root, so there is nothing to authenticate. Result: no root password prompt.\n6) sudo -i vs sudo su - (are they the same?) They are similar in intent: both typically drop you into a root login-style shell.\nsudo -i: sudo directly creates an interactive “login-like” root shell. sudo su -: sudo runs su -, which then creates a root login shell. Key practical difference (important for operations/auditing):\nWith sudo -i, you are clearly in a sudo-initiated session. With sudo su -, sudo often logs only that you ran su -; commands typed after that are not individually logged by sudo. For RHCSA-style best practice: prefer sudo -i when you truly need an interactive root environment.\n7) What is the - in su - (and what if you don’t use it)? - means login shell (same idea as --login).\nsu - (login shell) Changes to the target user’s home directory (e.g., /root). Sets up environment closer to a real login. Reads typical “login” profile scripts (system + user). su (no -) Often keeps more of your current environment and current working directory. You may end up as root in your current directory, with a mixed environment. Why it matters:\nReduces confusion: root should typically work from /root with root’s environment. Avoids “environment surprises” (PATH, HOME, proxies, locale, custom variables). A quick demo:\npwd; echo \u0026#34;$HOME\u0026#34;; whoami sudo su pwd; echo \u0026#34;$HOME\u0026#34;; whoami exit sudo su - pwd; echo \u0026#34;$HOME\u0026#34;; whoami 8) Exiting: exit or Ctrl+D To leave the root shell (or any subshell):\nType: exit Or press Ctrl + D (sends EOF to the shell) Both return you to the parent shell.\n9) What happens if you repeat commands and create “shells inside shells”? Every time you start a new interactive shell (su, su -, sudo -i), you typically create a child shell (a subshell). If you do it again, you get another layer.\nExample of accidental nesting:\nsudo -i sudo -i sudo -i Now you must exit three times to get back.\nHow to see nesting:\necho \u0026#34;$SHLVL\u0026#34; # shell level (often increases with nesting) ps -p $$ -o pid,ppid,cmd # current shell PID and parent What if you type the wrong password “several times”?\nsudo will deny access and log failures. Depending on PAM policy (e.g., pam_faillock), repeated failures can introduce delays or temporary lockouts. This is configuration-dependent; do not assume a fixed number of attempts. 10) Practical guidance for an RHCSA student Prefer single-command sudo: sudo systemctl status sshd sudo dnf install -y tree If you need many root actions, use sudo -i (cleaner intent than sudo su): sudo -i Use su mainly when: sudo is not installed / not configured, or you are practicing systems where root passwords are used by policy. Remember: sudo su (and especially sudo su -) can reduce per-command sudo auditing after you enter the root shell. ","permalink":"https://n2stas1a.github.io/posts/2026-01-11-sudo-su/","summary":"what’s the difference?","title":"sudo su"},{"content":"Just init\n","permalink":"https://n2stas1a.github.io/posts/2025-11-11-init/","summary":"Init post","title":"Init Blog"},{"content":"Red Hat Enterprise Linux (RHEL)\nRed Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat.\nRed Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z, and a desktop version for x86-64.\nKey Components of the RHEL Family Red Hat Enterprise Linux (RHEL) This is the flagship commercial product, developed by Red Hat.\nIt is tailored for enterprise use with paid subscriptions that provide professional support, security updates, and a defined lifecycle.\nFedora This is a community-driven, cutting-edge distribution that serves as a testing ground for new features and innovations that may eventually be incorporated into RHEL.\nCentOS Originally a community-supported distribution built from the same open-source source code as RHEL, CentOS provided a free alternative with similar functionality.\nCentOS Stream CentOS Stream is a continuously delivered distribution that serves as the upstream development branch for RHEL.\nIt is a rolling-release version where development is happening live before it gets released to RHEL customers.\nOther Derivatives Other projects, like AlmaLinux and Rocky Linux, have also emerged as community-driven clones of RHEL, aiming to provide a free, stable alternative with long-term support.\nUseful Links Download RHEL Installation Guide (Dell KB) The Shell Environment The shell is the environment where the user interfaces with the operating system.\nBash is the default command-line shell.\nGNOME is the standard graphical shell.\nFrom a graphical shell, a terminal window running Bash can be started.\nFeatures of the Bash Shell The Bash shell provides many features to make working with the shell easier, such as:\nCommand line completion Command history Variables Using --help Use the --help option - this is often the fastest way to get basic information about a command.\nType this command and press Enter to see usage information.\nMAN Command The man command in Linux is used to display the user manual of any command that can be run on the terminal.\nIt provides a detailed view of the command and its options.\nDocumentation Sections Documentation in man is organized in different sections.\nFor basic administration, the following sections matter most:\nExecutable programs or shell commands File formats and conventions System administration commands All sections are described in man man.\nUse man n intro for an introduction to the topic of a specific section number.\n","permalink":"https://n2stas1a.github.io/posts/2025-11-11-post01/","summary":"RHCSA course basics","title":"RHEL essentials"}]