GNU/Linux security model

Each file has an owner and belongs to a group.

Each running process has an owner and belongs to a group.

Users may belong to multiple groups.

at any session a user has an active group, and process she starts will inherit this active group.

each user has a default active group.

users may change the current active group using the commands newgrp and sg.

this security model is sufficient for most needs because GNU/Linux tries to represent everything as a file.

Each file has 3 sets of permissions that apply to different users, one set applies to the file owner, one applies to members of the file's group and the last set applies to anyone else.

in case one needs more some kernel modules offer Access Control Lists which provide more fine grained control.

Permission grid

ReadWriteExecuteSetUIDSetGIDSticky
fileCan readcan modifyCan executeexecuted as if ownerexecuted as if were in that groupno effect
directorycan lscan make new files and delete filecan cd to directory and access its files and subdirectoriesno effectnew files get group & new dirs get setgidonly owners can delete files
alphabetical chmod+r+w+xu+sg+so+t
numerical chmod421400020001000