Linux Permission Masterclass – "From Basics to Practical Application, Security, and Service Operations"

This course is designed not as a simple lecture that ends at a basic conceptual level of Linux filesystem permission structures, but as a practical, hands-on learning curriculum that enables you to resolve permission issues, security risks, and service failures occurring in real-world production environments.

Permissions are the foundation of Linux server operation, but at the same time, incorrect settings can immediately degrade the stability of the entire service and become a direct cause of security incidents. This course prevents such risks in advance and guides students step-by-step to a level where they can accurately configure, interpret, and diagnose by systematically understanding the permission structure.

Linux Permission cannot be solved by simply memorizing the three letters rwx.
There are many factors to consider in a real environment, such as file owners/groups, ACLs, special permissions (SetUID/SetGID/Sticky-Bit), system accounts used by service processes, and directory permissions accessed by DBMS and Web Applications; only by accurately understanding these can you satisfy both operations and security.

This course covers the following content in depth, and each session is practice-based so that anyone can understand through hands-on experience.

The goal of this course is to systematically lead students to a level where they can logically interpret these complex permission systems and solve practical problems on their own.


Additionally, for the convenience of practice, the course provides installation scripts that can automatically set up Oracle 11g XE, Apache Tomcat, and JSP web application environments, along with a 300-page PDF textbook that systematically organizes the entire course content.
(However, as the PDF is subject to copyright protection, external sharing or distribution is prohibited, and it may only be used for the student's personal learning purposes.)

This course is designed to provide practical help to everyone who needs to build a deep foundation in Linux permissions, from beginners to professional server administrators, security personnel, and DevOps engineers.

Section 1. Setting Up the Practice Environment

We begin by systematically setting up the virtualization environment, OS installation, and terminal connection environment essential for permission analysis and service deployment.

By installing distributions widely used in actual enterprise environments, such as Rocky Linux 9 and Ubuntu 24.04, we establish a foundation so that students can apply the same permission principles across any OS.

Learning Content

• Explanation of Course Overview and Overall Learning Objectives

• Configuring a virtualization environment based on VMware Workstation

• Rocky Linux 9 & Ubuntu 24.04 Installation Practice

• Quick Installation and Initial Setup

• MobaXterm / SSH Terminal Connection Environment Configuration

This section serves as the foundation for the entire course, and all subsequent permission practice sessions will be conducted in a Rocky Linux 9 environment.
Therefore, the virtual machine, account, service, and directory structures established in this step will serve as the common foundation for all future learning, including permission analysis, ACL practice, and service-specific permission settings.

Section 2. Users and Groups

In this section, you will systematically understand the User and Group structure, which is the core of Linux permissions.
In addition to hands-on practice with commands for creating, deleting, and modifying accounts, we provide a step-by-step explanation of the structure of the /etc/passwd and /etc/shadow files.

In particular, the /etc/shadow file stores encrypted (hashed) password information that must not be exposed to general users; we cover how these hash values are generated and verified, how the SHA512 hash algorithm based on the crypt() function operates, and what role the salt value plays in authentication security.

It also explains why the access permissions for the /etc/shadow file are restricted to root only, and what kind of security incidents can occur if the /etc/shadow file is exposed.

Learning Content

• Understanding User and Group Structures

• Hands-on practice with useradd / userdel / usermod commands

• Analysis of UID/GID structure

• Difference between system accounts and regular accounts

• How to handle the home directory when deleting an account

• Analysis of the field structure of the /etc/passwd file

• Analysis of the field structure of the /etc/shadow file
  
  

What you will gain through this section is

• Principles of login authentication

• Password hash generation principles

• /etc/shadow security model

• The impact of accounts, groups, and UID/GID on permission interpretation

• User creation, deletion, and detailed management

  
  

you will be able to understand them clearly.

Section 3. Linux Permissions 1 – Basic Structure of Permissions

In this section, we explain the components of permissions based on actual operating principles rather than simple descriptions, helping you logically interpret permission judgments. Through this section, you will gain a clear understanding of how permissions are interpreted and applied within the file system.

Learning Content

• File ownership and permission structure

• How read/write/execute permissions work

• Difference between ACL (Access Control List) and standard permissions

• getfacl/setfacl practice

• The impact of permissions on service operations

• Practice with permission change commands: chmod, chown, and chgrp

• Introduction to the concepts and risks of special permissions

• Testing access to /etc/shadow, which should not be accessible by a regular account

  
  

Section 4. Linux Permissions 2 – General Permissions (r, w, x) Practice

One of the core aspects of the permission lecture is directly experiencing cases of permission failure. We will set up actual test scenarios for each permission, compare the file access results, and analyze why those results occur.

Learning Content

• Differences in behavior based on the presence or absence of read (r) permission

• Differences in behavior depending on the presence or absence of write (w) permission

• Differences in behavior based on the presence or absence of execute (x) permission

• The impact of regular file and directory permissions on file access

This is a practice-oriented section designed to help you independently interpret the causes of common malfunctions encountered during service operations, rather than relying on simple memorization.

Section 5. Linux Permissions 3 – Advanced Special Permissions (SetUID, SetGID, Sticky-Bit)

In this section, we go beyond simple conceptual explanations and conduct an in-depth analysis of how special permissions operate in real systems and what security implications they hold through various hands-on exercises.
Moving one step beyond general permissions, we cover the impact of special permissions on service operations and system security from a practical perspective.

In particular, because special permissions can lead to immediate security vulnerabilities if misconfigured, it is crucial to accurately understand their operating principles and application standards.

Learning Content

• Analysis of SetUID's operation and understanding the internal structure of the passwd command

• Practice on how SetGID is applied to directories

• Security issue scenarios that can occur in an environment without the Sticky-bit

• Testing the potential exploitability of programs granted special permissions

• The necessity of special permissions when operating services and applications, and methods for secure restriction

Through this section, students will accurately understand special permission vulnerabilities that are frequently exploited in real-world hacking and security incidents and acquire the correct configuration standards for operating systems securely.

Section 6. DBMS & WEB Services and Permissions

This section is an advanced course that goes beyond simple permission training to understand how permissions are applied in actual service environments and how they affect service operations through hands-on practice with DBMS and WEB applications.

You will directly install Oracle Database 11g XE and Apache Tomcat in a Rocky Linux 9 environment, and a JSP web application (jumsu program) operating on a JDBC basis is provided for practice.
The application is distributed in the form of a pre-made jumsu.war file, and students will experience the entire process of deploying this WAR file to Tomcat and directly designing and linking the necessary tables in the Oracle DB to ensure the functions operate normally.

In this process, you can gain a deep understanding of the impact of permissions on practical service stability by analyzing in detail which internal directories the web application accesses, what permissions are required for DB connection, and which account the Tomcat process runs under and which directories require read/write permissions.


Furthermore, since installing Oracle 11g XE and Tomcat can be difficult for beginners, this lecture also provides scripts that automate the entire installation and initial configuration to help students quickly set up the same environment and focus on the practice.

Learning Content

• Installing Oracle Database 11g XE on Rocky Linux 9

• Provision of Oracle and Tomcat installation automation scripts → Simplification of repetitive setups

• Analysis of the oradata directory permission structure where Oracle data files are stored

  
  

• Practice on the deployment and execution procedures of the jumsu.war web application

• Direct design of tables required for Oracle DB and JDBC connection testing

  
  

• Permission setting standards for secure Web Root directories and application deployment paths

Through this section, students will experience the entire structure in which
JSP web applications + Tomcat + Oracle DB operate organically, and gain a clear understanding of the role permissions play based on practical standards.

This is a core section that goes beyond simple permission learning, equipping you with the ability to interpret permissions from the overall perspective of service operations, security, and infrastructure engineering.

Section 7. Schedule Daemon Services and Permissions (Cron)

In this section, we will take an in-depth look at the operational structure and permission model of Cron, an essential scheduling service in Linux server operations. Rather than just setting up simple scheduled tasks, we will focus on hands-on practice to explain what permissions Cron runs with and how user-specific cron files are created and managed in /var/spool/cron.

We will also practice rsync-based backup automation, which is frequently used in server operations, to directly verify under what permission conditions automation tasks succeed or fail in a real service environment.

In particular, we will analyze the relationship between user Cron and SetUID permissions, as well as permission levels.
During this process, we will explain in detail how the /var/spool/cron/username file is created and the security implications of that file's permissions.

Learning Content

• Understanding the structure of the Cron service and how the scheduler operates

• Analysis of /etc/crontab in the system cron

• Configuring an automatic backup schedule using rsync

• Differences and comparison between system cron and user cron

• Analysis of the structure of the /var/spool/cron/<user> file when a user cron is created

  
  

• Cron configuration based on conditions (day of the week/time/cycle)

Through this section, students can go beyond simple schedule settings to understand, from a practical standpoint, which user permissions Cron runs with and how file and directory permissions affect scheduled tasks.

Section 8. DNS Services and Permissions

DNS is a very important network service in a Linux server environment and is a representative service where failures frequently occur due to permission setting errors. In particular, a precise understanding of the permissions for the /var/named directory is essential, as they directly affect not only security but also the normal operation of the DNS service.

In this section, we cover everything from the basic principles of DNS to BIND installation and configuration, forward zone setup, and the creation of automation scripts for primary and secondary DNS servers based on practical experience. Through hands-on practice, we will clearly analyze the permission structure under which DNS services operate and identify which missing permissions lead to errors.

In addition, you can learn the process of directly writing scripts to automate DNS installation and removal and deploying them to remote servers.

Learning Content

• Understanding DNS concepts and name server structure

• Configuring the vim environment for DNS setup

• Hands-on practice for BIND-based DNS server installation and configuration

• Preliminary preparation for configuring primary and secondary DNS servers

• Forward zone file configuration and query testing

• Writing an automated script for DNS installation and removal

• Deploy the written script to a remote server to execute installation/deletion

• Detailed analysis of key configuration items in named.conf

• /var/named directory permission structure and security configuration standards

• Analysis of DNS query failure cases caused by incorrect permissions

This section is a course designed not just for simple DNS construction, but to help you completely understand DNS operation and the permission model from a Linux permission perspective. By understanding not only the operating principles of DNS services but also the mechanisms by which permission errors lead to actual service failures, it will be of great help in grasping Linux permissions from the perspective of overall service operation.

Practical outcomes you can achieve through this course

By taking this course, you will acquire the following practical skills.

• The ability to perfectly understand and configure permission structures from the ground up

• Understanding the difference between ACL and basic permissions, and considerations for service operation

• Acquiring knowledge of the risks associated with special permissions and appropriate defense strategies

• Ability to analyze the permission structures of DBMS, WEB, and DNS services.

• Acquire essential operational skills such as user and system account management, Cron operation, and file ownership management.

• The ability to directly resolve permission-related issues that occur in practical working environments.

This course contains essential content for everyone, from beginners to practitioners, security professionals, and server administrators, and is designed as an in-depth course covering the entire scope of service operations based on permissions.

Section 9. Web Application Services and Permissions

APM (Apache · PHP · MariaDB) based web services are the most widely operated structures in Linux environments, but they are an area prone to installation errors, upload failures, DB connection errors, and web shell vulnerabilities due to incorrect permission settings.

In particular, it is essential to accurately understand which user the Apache web server operates as, which directories PHP accesses, and the permission structures required by actual services such as WordPress, Gnuboard, and phpMyAdmin.

In this section, we cover the entire process from building an APM environment to analyzing Apache configuration files and practicing the installation of Gnuboard, WordPress, and phpMyAdmin from a practical perspective. We will clearly analyze how web services operate under specific permissions and users through
step-by-step hands-on exercises.

In addition, we reproduce real-world cases of common issues such as permission errors, directory write failures, and access control that occur during the web service installation and initial configuration process, and present secure permission configuration methods to resolve them.

Learning Content

• APM (Apache · PHP · MariaDB) Environment Configuration

• APM installation and service operation account analysis

• GNU Board installation and data directory permission configuration practice

• WordPress installation process and analysis of permission standards for the wp-content/upload directory

• phpMyAdmin installation and config directory security settings

• Analysis of major directives in Apache configuration files (httpd.conf, vhost.conf)

• Analysis of permission error cases occurring during web service operation

  
  

• Permission models for web service directory structures and standards for secure permission settings

• The principle of least privilege for the Apache process execution account

• Analysis of web security vulnerabilities (such as DB information exposure) caused by incorrect permissions

This section is a course designed not just to build a web service, but to provide a complete understanding from a Linux permissions perspective of how the permission model is actually applied in an APM environment and how it affects service stability and security.

By clearly understanding the role of permissions at every stage—from installation to operation and security—you will build the practical skills necessary to reliably manage all aspects of web service operations.