Linux Permissions Masterclass – "From Fundamentals to Practical Application, Security, and Service Operations"

This course is designed not as a simple lecture that ends at a basic conceptual level of Linux filesystem permission structures, but as a practical, hands-on learning curriculum capable of resolving permission issues, security risks, and service failures that occur in real-world production environments.

Permissions are the foundation of Linux server operations, but at the same time, incorrect settings can compromise the stability of the entire service and become a direct cause of security incidents. This course prevents such risks in advance and guides students step-by-step to a level where they can accurately configure, interpret, and diagnose permission structures through a systematic understanding.

Linux Permission issues cannot be solved by simply memorizing the three letters 'rwx'.
There are many factors to consider in a real environment, such as file owners/groups, ACLs, special permissions (SetUID/SetGID/Sticky-Bit), system accounts used by service processes, and directory permissions accessed by DBMS and Web Applications. Only by accurately understanding these can you satisfy both operational and security requirements.

This course covers the following topics in depth, and each session is practice-based so that anyone can understand through hands-on experience.

The goal of this course is to systematically lead students to a level where they can logically interpret these complex permission systems and solve practical problems on their own.


Additionally, for the convenience of practice, the course provides installation scripts that can automatically set up Oracle 11g XE, Apache Tomcat, and JSP web application environments, along with a 300-page PDF textbook that systematically organizes the entire course content.
(However, as the PDF is subject to copyright protection, external sharing or distribution is prohibited, and it may only be used for the student's personal learning purposes.)

This course is designed to provide practical help to everyone who needs to build a deep foundation in Linux permissions, from beginners to professional server administrators, security personnel, and DevOps engineers.

Section 1. Setting Up the Practice Environment

We begin by systematically setting up the virtualization environment, OS installation, and terminal connection environment essential for permission analysis and service deployment.

By installing distributions widely used in real corporate environments, such as Rocky Linux 9 and Ubuntu 24.04, we lay the foundation for students to apply the same permission principles across any OS.

Learning Content

• Course Overview and Learning Objectives Explanation

• Configuring a VMware Workstation-based virtualization environment

• Rocky Linux 9 & Ubuntu 24.04 Installation Practice

• Quick Installation and Initial Setup

• MobaXterm / SSH Terminal Connection Environment Configuration

thoughtful This section serves as the foundation for the entire course, and all subsequent permission practices will be performed in a Rocky Linux 9 environment.
Therefore, the virtual machine, account, service, and directory structures established in this step will serve as the common foundation for all future learning, including permission analysis, ACL practice, and service-specific permission settings.

Section 2. Users and Groups

In this section, you will systematically understand the User and Group structure, which is the core of Linux permissions.
In addition to hands-on practice with commands for creating, deleting, and modifying accounts, we will explain the structure of the /etc/passwd and /etc/shadow files step-by-step.

In particular, the /etc/shadow file stores encrypted (hashed) password information that must not be exposed to regular users. We will cover how these hash values are generated and verified, how the crypt() function-based SHA512 hash algorithm operates, and what role the salt value plays in authentication security.

It also explains why access permissions for the /etc/shadow file are restricted to root only, and what kind of security incidents can occur if the /etc/shadow file is exposed.

Learning Content

• Understanding User and Group Structures

• Hands-on practice with useradd / userdel / usermod commands

• Analysis of UID/GID structure

• Differences between system accounts and regular accounts

• How to handle home directories when deleting accounts

• Analysis of the field structure of the /etc/passwd file

• Field structure analysis of the /etc/shadow file
  
  

What you will gain from this section is

• Principles of Login Authentication

• Password Hash Generation Principles

• /etc/shadow security modelMô hình bảo mật /etc/shadow

• The impact of accounts, groups, and UID/GID on permission interpretation

• User creation, deletion, and detailed managementユーザーの作成・削除、および詳細な管理

  
  

You will be able to understand them clearly.

Section 3. Linux Permissions 1 – Basic Structure of Permissions

In this section, we explain the components of permissions by focusing on actual operational principles rather than simple descriptions, helping you logically interpret permission determinations. Through this section, you will gain a clear understanding of how permissions are interpreted and applied within the file system.

Learning Content

• File ownership and permission structure

• How read/write/execute permissions work

• Difference between ACL (Access Control List) and standard permissions

• getfacl/setfacl practice

• The impact of permissions on service operation

• Practice with permission change commands: chmod, chown, and chgrp

• Introduction to the concepts and risks of special permissions

• Testing access to /etc/shadow, which should not be accessible by regular accounts

  
  

Section 4. Linux Permissions 2 – Standard Permissions (r, w, x) Practice

One of the core elements of the permission lecture is directly experiencing cases of permission failure. We will set up actual test scenarios for each permission, compare the file access results, and analyze why those outcomes occur.

Learning Content

• Differences in behavior based on the presence or absence of read (r) permission

• Differences in behavior depending on the presence or absence of write (w) permission

• Differences in behavior based on the presence or absence of execute (x) permission

• The impact of regular file and directory permissions on file access

This is a practice-oriented section designed to help you move beyond simple memorization and develop the ability to independently analyze the causes of malfunctions frequently encountered during service operations.

Section 5. Linux Permissions 3 – Advanced Special Permissions (SetUID, SetGID, Sticky-Bit)

In this section, we go beyond simple conceptual explanations to provide an in-depth analysis of how special permissions operate in real systems and what security implications they hold through various hands-on exercises.
Moving one step beyond standard permissions, we cover the impact of special permissions on service operations and system security from a practical perspective.

In particular, because special permissions can lead to immediate security vulnerabilities if misconfigured, it is crucial to accurately understand their operating principles and application criteria.

Learning Objectives

• Analyzing the operation of SetUID and understanding the internal structure of the passwd command

• Hands-on practice on how SetGID is applied to directories

• Security issue scenarios that can occur in environments without the Sticky-bit

• Testing the potential exploitability of programs granted special permissions

• The necessity of special permissions and methods for secure restriction when operating services and applications

Through this section, students will gain a precise understanding of special privilege vulnerabilities frequently exploited in real-world hacking and security incidents and acquire the correct configuration standards for operating systems securely.

Section 6. DBMS & WEB Services and Permissions

This section goes beyond simple permission training; it is an advanced course where you will understand how permissions are applied in a real service environment and how they affect service operations through hands-on practice with DBMS and WEB applications.

You will directly install Oracle Database 11g XE and Apache Tomcat in a Rocky Linux 9 environment, and a JDBC-based JSP web application (jumsu program) is provided for practice.
The application is distributed as a pre-built jumsu.war file. Students will deploy this WAR file to Tomcat and experience the entire process of making the functions work properly by directly designing and linking the necessary tables in the Oracle DB.

Through this process, you will gain a deep understanding of how permissions impact the stability of real-world services by detailedly analyzing which directories the web application accesses internally, what permissions are required for DB connection, and which account the Tomcat process runs under and which directories require read/write permissions.


Additionally, since installing Oracle 11g XE and Tomcat can be difficult for beginners, this lecture provides scripts that automate the entire installation and initial configuration to help students quickly set up the same environment and focus on the practice.

Learning Content

• Installing Oracle Database 11g XE on Rocky Linux 9

• Provision of Oracle and Tomcat installation automation scripts → Simplification of repetitive setups

• Analysis of the permission structure of the oradata directory where Oracle data files are stored

  
  

• Practice on the deployment and execution procedures of the jumsu.war web applicationjumsu.war ウェブアプリケーションのデプロイおよび実行手順の実習

• Direct design of necessary tables in Oracle DB and JDBC connection testing

  
  

• Permission setting standards for secure Web Root directories and application deployment paths

Through this section, students will
experience the overall structure in which JSP web applications + Tomcat + Oracle DB operate organically, and gain a clear understanding of the role permissions play based on practical industry standards.

This is a core section that goes beyond simple permission learning to equip you with the ability to interpret permissions from the overall perspective of service operations, security, and infrastructure engineering.

Section 7. Schedule Daemon Services and Permissions (Cron)

This section covers the operational structure and permission model of Cron, an essential scheduling service for Linux server operation, in great depth. Beyond simple task scheduling, we provide hands-on explanations of the privileges under which Cron executes and how user-specific cron files are created and managed in /var/spool/cron.

We will also practice rsync-based backup automation, a common task in server operation, to directly verify which permission conditions lead to the success or failure of automated tasks in a real service environment.

In particular, we analyze the relationship between user Cron and SetUID privileges, as well as permission rights.
During this process, we also explain in detail how the /var/spool/cron/username file is created and the security implications of its permissions.

Learning Objectives

• Understanding the structure of the Cron service and how the scheduler operates

• Analysis of /etc/crontab for system cron

• Configuring automatic backup schedules using rsync

• Differences and comparison between system cron and user cron

• Analysis of the /var/spool/cron/ file structure when a user cron is created

  
  

• Cron configuration based on conditions (day of the week/time/period)

Through this section, students can go beyond simple schedule settings to understand, from a practical standpoint, which user privileges Cron runs with and how file and directory permissions affect scheduled tasks.

Section 8. DNS Services and Permissions

DNS is a critical network service in Linux server environments and is a representative service where failures frequently occur due to permission setting errors. In particular, the permissions of the /var/named directory directly affect not only security but also the normal operation of the DNS service, making a precise understanding essential.

In this section, we cover everything from the basic principles of DNS to BIND installation and configuration, forward zone setup, and the creation of automation scripts for primary and secondary DNS servers based on real-world practices. Through hands-on exercises, we will clearly analyze the permission structures under which DNS services operate and identify which missing permissions lead to errors.

Additionally, you can learn the process of writing your own scripts to automate DNS installation and removal, as well as deploying them to remote servers.

Learning Content

• Understanding DNS concepts and name server architecture

• Configuring the vim environment for DNS setup

• Hands-on practice for BIND-based DNS server installation and configuration

• Preparations for configuring primary and secondary DNS servers

• Forward zone file configuration and query testing

• Writing automation scripts for DNS installation and removal

• Deploy the written script to a remote server to execute installation/deletion

• Detailed analysis of key configuration items in named.conf

• /var/named directory permission structure and security configuration standards và tiêu chuẩn thiết lập bảo mật

• Analysis of DNS query failure cases caused by incorrect permissions

thoughtful This section is a course designed to go beyond simple DNS setup and help you fully understand DNS operations and permission models from the perspective of Linux permissions. By understanding not only the operating principles of DNS services but also the mechanisms by which permission errors lead to actual service failures, it will be of great help in grasping Linux permissions from the overall perspective of service operations.

Practical outcomes you can achieve through this course

By taking this course, you will acquire the following practical skills.

• The ability to perfectly understand and configure permission structures from the ground up

• Understanding the differences between ACLs and standard permissions, and considerations for service operations

• Acquiring knowledge of the risks associated with special permissions and appropriate defense strategies

• Ability to analyze the permission structures of DBMS, WEB, and DNS services

• Acquire essential operational skills such as user and system account management, Cron operation, and file ownership management.

• The ability to directly resolve permission-related issues that occur in real-world environments

This course contains essential content for everyone, from beginners to practitioners, security personnel, and server administrators, and is designed as an in-depth curriculum covering the entirety of service operations based on permissions.

Section 9. Web Application Services and Permissions

thoughtful 16>APM (Apache · PHP · MariaDB) based web services are the most widely operated structures in Linux environments, but
they are areas prone to installation errors, upload failures, DB connection errors, and webshell vulnerabilities due to incorrect permission settings.f menu 1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

thoughtful
In particular, it is essential to accurately understand which user the Apache web server operates as, which directories PHP accesses, and the permission structures required by live services such as WordPress, Gnuboard, and phpMyAdmin.

In this section, we cover the entire process from building an APM environment to analyzing Apache configuration files and practicing the installation of Gnuboard, WordPress, and phpMyAdmin from a practical perspective. We clearly analyze how web services operate under specific permissions and users through
step-by-step hands-on exercises.

In addition, we reproduce real-world cases of common issues encountered during web service installation and initial configuration—such as permission errors, directory write failures, and access control—and provide secure permission configuration methods to resolve them.

Learning Content

• APM (Apache · PHP · MariaDB) Environment Configuration

• APM installation and analysis of service operation accounts

• GNU Board installation and data directory permission configuration practice

• WordPress installation process and analysis of wp-content/upload directory permission standards

• Installing phpMyAdmin and configuring security for the config directory

• Analysis of key directives in Apache configuration files (httpd.conf, vhost.conf)

• Analysis of permission error cases occurring during web service operation

  
  

• Permission models for web service directory structures and standards for secure permission settings

• Principle of least privilege for Apache process execution accounts

• Analysis of web security vulnerabilities (such as DB credential exposure) caused by incorrect permissions

This section is a course designed not just to build a web service, but to provide a complete understanding from a Linux permissions perspective of how the permission model is actually applied in an APM environment and how it affects service stability and security.

By clearly identifying the role of permissions at every stage—from installation to operation and security—you will build the practical expertise needed to reliably manage overall web service operations.