Why "Permission Denied" Happens

When you try to read, write, or execute a file and the system tells you "Permission denied", it means your current user account does not have the right to perform that action on that particular file or directory.

Every file and directory in Linux and macOS belongs to:

1. An owner — the user who created it.
2. A group — a collection of users who share certain access.
3. Others — everyone else on the system.

The operating system checks these three levels every time you interact with a file. If your user does not match the owner, is not in the group, and the "others" permission is not set, you get Permission denied.

---

What Is `sudo`?

`sudo` stands for Super User Do. Think of it like a master key in a building:

• Normally, you only have the key to your own apartment.
• The master key opens every door — the server room, the roof, the basement, every apartment.
• `sudo` gives you that master key for one command at a time.

When you prefix a command with `sudo`, the system runs it with root (administrator) privileges:

```bash sudo apt update ```

You will be asked for your password (not the root password). The system trusts that if you know your own password and your account is in the sudoers list, you are allowed to escalate.

---

Reading Permissions: `ls -la`

Run `ls -la` in any directory to see detailed file information:

```bash ls -la ```

You will see output like this:

``` -rwxr-xr-x 1 alice staff 2048 Apr 10 09:30 deploy.sh drwxr-x--- 5 alice staff 160 Apr 10 09:30 config/ -rw-r--r-- 1 bob staff 512 Apr 10 09:30 readme.txt ```

Breaking Down `-rwxr-xr-x`

The three permission types are:

• r (read) — view file contents or list directory contents.
• w (write) — modify the file or add/remove files in a directory.
• x (execute) — run the file as a program, or enter (cd into) a directory.

---

Owner, Group, and Others

Every file has exactly one owner and one group:

``` -rw-r--r-- 1 alice staff 512 Apr 10 readme.txt ^ ^ owner group ```

• Owner (alice): The user who created or owns the file.
• Group (staff): All users in the "staff" group share the group permissions.
• Others: Every user who is neither the owner nor in the group.

You can check which groups you belong to:

```bash groups ```

And check who owns a specific file:

```bash ls -la myfile.txt ```

---

`chmod` — Change Permissions

`chmod` lets you change who can read, write, or execute a file.

Numeric (Octal) Mode

Each permission has a numeric value:

You add the values together for each level (owner, group, others):

Common combinations:

```bash chmod 755 deploy.sh # Owner: rwx, Group: r-x, Others: r-x chmod 644 config.json # Owner: rw-, Group: r--, Others: r-- chmod 700 secret.key # Owner: rwx, Group: ---, Others: --- chmod 600 .env # Owner: rw-, Group: ---, Others: --- ```

Symbolic Mode

Instead of numbers, you can use letters:

• `u` = user (owner), `g` = group, `o` = others, `a` = all
• `+` = add, `-` = remove, `=` = set exactly

```bash chmod u+x script.sh # Add execute for the owner chmod g-w config.json # Remove write for the group chmod o-rwx private.key # Remove all permissions for others chmod a+r public.html # Add read for everyone chmod u=rwx,g=rx,o=rx deploy.sh # Equivalent to 755 ```

---

`chown` — Change Ownership

`chown` changes who owns a file or directory. You almost always need `sudo` for this:

```bash sudo chown alice file.txt # Change owner to alice sudo chown alice:staff file.txt # Change owner AND group sudo chown :developers file.txt # Change group only sudo chown -R alice:staff project/ # Recursive — change everything inside ```

---

Common Permission Scenarios

1. Cannot Install a Package Globally

```bash npm install -g typescript

Error: EACCES: permission denied

```

Fix: Use `sudo` or (better) configure npm to use a local directory:

```bash sudo npm install -g typescript ```

2. Cannot Run a Script

```bash ./deploy.sh

bash: ./deploy.sh: Permission denied

```

Fix: Make it executable:

```bash chmod +x deploy.sh ./deploy.sh ```

3. Cannot Edit a System File

```bash nano /etc/hosts

Error: Permission denied

```

Fix: Open it with `sudo`:

```bash sudo nano /etc/hosts ```

4. Cannot Delete a File

```bash rm /var/log/old.log

rm: cannot remove: Permission denied

```

Fix:

```bash sudo rm /var/log/old.log ```

---

Making a Script Executable

This is one of the most common tasks. After writing a shell script:

```bash

1. Create the script

echo '#!/bin/bash' > greet.sh echo 'echo "Hello, world!"' >> greet.sh

2. Try to run it — fails

./greet.sh

Permission denied

3. Make it executable

chmod +x greet.sh

4. Now it works

./greet.sh

Hello, world!

```

The shebang line (`#!/bin/bash`) at the top tells the system which interpreter to use. Common shebangs:

```bash #!/bin/bash # Bash script #!/usr/bin/env python3 # Python script #!/usr/bin/env node # Node.js script ```

---

The Root User

root is the all-powerful administrator account on Unix systems.

• root can read, write, and execute any file.
• root can kill any process.
• root can change any setting.

You can temporarily become root:

```bash sudo su # Switch to root shell whoami # Prints: root exit # Go back to your normal user ```

Or run a single command as root:

```bash sudo whoami # Prints: root ```

---

When to Use `sudo`

Use `sudo` when you need to:

• Install system-wide packages (`apt install`, `brew` on Linux).
• Edit system configuration files (`/etc/hosts`, `/etc/nginx/`).
• Manage system services (`systemctl restart nginx`).
• Change ownership of files (`chown`).
• Access files owned by other users or by root.

Do NOT use `sudo` when:

• Working inside your home directory (`~/projects`).
• Running your own scripts and programs.
• Installing packages locally (`npm install`, `pip install --user`).
• Using Git, editing your code, running tests.

---

Warning: Do Not Run Everything as `sudo`

Using `sudo` carelessly is dangerous:

1. Files get wrong ownership. If you `sudo npm install` inside your project, the `node_modules` folder becomes owned by root. Now you cannot modify it without `sudo` again — a vicious cycle.

2. Security risk. Every `sudo` command runs with full system access. A typo like `sudo rm -rf /` can destroy your entire system.

3. Bad habits. If a command needs `sudo` to work in your project directory, something is misconfigured. Fix the real problem instead.

Rule of thumb: If you are inside `~/` (your home directory), you should almost never need `sudo`. If you do, ask yourself why.

---

Windows Equivalent: Run as Administrator

On Windows, the equivalent of `sudo` is "Run as Administrator":

• Right-click a program and select "Run as Administrator".
• In PowerShell, you can open an elevated prompt from the Start menu.
• Windows uses UAC (User Account Control) instead of the Unix permission model.

Key differences:

---

Quick Reference

---

Practice Exercises

1. Run `ls -la` in your home directory and identify the owner, group, and permissions of five files.

2. Create a file called `test.sh` with `echo '#!/bin/bash' > test.sh` and then `echo 'echo hello' >> test.sh`. Try running it with `./test.sh`. Fix the permission error.

3. Use `chmod 600 secret.txt` on a file and verify with `ls -la` that only the owner can read and write it.

4. Try `sudo whoami` to confirm it prints `root`.

5. Inspect `/etc/hosts` — who owns it? What are its permissions? Can you edit it without `sudo`?