Linux Permissions and Security Cheat Sheet

Linux•Permalink

High-value Linux permissions and security reference covering users, sudo, ACLs, special mode bits, SSH access, SELinux, and AppArmor basics.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Accounts Authentication and Access

Query passwd database

↗#

getent passwd alice

# Resolve user information through NSS.

Query group database

↗#

getent group docker

# Resolve group entries through NSS.

Lock user password

↗#

sudo passwd -l deploy

# Disable password authentication for a user.

Show password aging info

↗#

sudo chage -l alice

# Inspect account password expiration details.

Safely edit sudoers

↗#

sudo visudo

# Open sudoers with syntax checking and locking.

Test SSH daemon config

↗#

sudo sshd -t

# Validate SSH daemon configuration for syntax errors.

Install SSH public key manually

↗#

cat id_ed25519.pub >> ~/.ssh/authorized_keys

# Append a key to authorized_keys.

## Permissions ACLs and Special Bits

Set sticky bit on shared directory

↗#

chmod +t /shared/tmp

# Allow only owners to delete their own files in a shared directory.

Set setgid on directory

↗#

chmod g+s /srv/shared

# Force new files to inherit the directory group.

Find setuid files

↗#

find / -perm -4000 -type f 2>/dev/null

# Search for files with the setuid bit set.

Find world-writable paths

↗#

find / -xdev -type d -perm -0002 2>/dev/null

# Audit files or directories writable by anyone.

Set default ACL on directory

↗#

setfacl -d -m g:appteam:rwx shared/

# Apply inherited ACL rules to new files and directories.

## SELinux and AppArmor Basics

Show SELinux mode

↗#

getenforce

# Print current SELinux mode.

Show SELinux status

↗#

sestatus

# Display SELinux policy and mode details.

Restore SELinux contexts

↗#

sudo restorecon -Rv /var/www/html

# Reset file labels according to policy.

Allow service on custom SELinux port

↗#

sudo semanage port -a -t http_port_t -p tcp 8080

# Add or modify SELinux port context mapping.

Show AppArmor status

↗#

sudo aa-status

# Display loaded AppArmor profiles.

Inspect recent audit messages

↗#

journalctl -t audit --since '1 hour ago'

# Query audit-related journal entries.

More in Linux

Linux Networking Admin Cheat Sheet

Comprehensive Linux networking administration reference covering iproute2, DNS, HTTP debugging, TLS, SSH tunnels, packet capture, and firewall inspection.

Linux Shell Scripting Cheat Sheet

High-value Linux shell scripting reference covering variables, expansion, conditionals, loops, functions, redirection, pipelines, traps, getopts, and script debugging.

Linux Package Management Cheat Sheet

Comprehensive Linux package management reference for apt, dnf, yum, pacman, zypper, rpm, and dpkg workflows across common distributions.

Linux Command Cheat Sheet

Comprehensive Linux command reference covering navigation, files, text processing, permissions, processes, system information, networking, archives, services, storage, and troubleshooting.

Recommended next

Bash Scripting Patterns and Practical Recipes

BASH

Production-minded Bash script patterns for files, arguments, parsing, temp files, logging, retries, and common automation tasks.

Bash Builtins, Job Control, and Shell Behavior

BASH

Core Bash builtins, shell options, history, aliases, job control, traps, and interactive-shell behavior.

Bash Arrays, Strings, and Text Handling

BASH

Indexed and associative arrays, string handling, read/mapfile, and common Bash text-processing patterns.

Bash Conditionals, Loops, and Functions

BASH

Bash if/elif/case logic, test expressions, loops, functions, return codes, and robust control-flow patterns.

Bash Variables, Quoting, and Expansion

BASH

Bash variables, parameter expansion, quoting rules, command substitution, arithmetic, and shell expansion patterns.

Bash Cheat Sheet

BASH

Comprehensive Bash commands, shell syntax, quoting, variables, redirection, pipelines, and day-to-day scripting patterns.

Browse all sheets →