Linux Basics

Permissions & Sudo

Linux enforces strict ownership rules on every file, directory, and device. Understanding permissions is not optional — it is the reason idf.py flash either works or throws a "Permission Denied" error.


The Permission Model

Every object in Linux (file, directory, device) has three access categories:

CategorySymbolWho
Owneru (user)The user who created the file
GroupgOther members of the file's assigned group
OthersoEvery other user on the system

Each category has three independent permission bits:

PermissionSymbolNumericOn a FileOn a Directory
Readr4View file contentsList directory contents
Writew2Modify / delete fileCreate or delete files inside
Executex1Run as a programEnter the directory with cd

Reading ls -l Output

bash
ls -l /dev/ttyUSB0

crw-rw----  1  root  dialout  188, 0  May 9 09:15  /dev/ttyUSB0
↑           ↑  ↑     ↑
│           │  │     └── Group: dialout
│           │  └──────── Owner: root
│           └─────────── Hard link count
└─────────────────────── Type + Permissions

Breaking down crw-rw----:

CharactersMeaning
cFile type: c = character device, d = directory, - = regular file, l = symlink
rw-Owner (root) can read and write
rw-Group (dialout) can read and write
---Others have no access at all

So to talk to the ESP32 serial port, your user account must be in the dialout group.


chmod — Change Permissions

Symbolic Mode (readable)

bash
# Add execute to owner
chmod u+x script.sh

# Remove write from group and others
chmod go-w sensitive.conf

# Set exact permissions: owner=rwx, group=rx, others=nothing
chmod u=rwx,g=rx,o= program

# Add execute for everyone
chmod +x deploy.sh

Octal (Numeric) Mode

Each permission set (owner, group, others) is a 3-bit binary number:

BinaryOctalPermissions
0000---
0011--x
0102-w-
0113-wx
1004r--
1015r-x
1106rw-
1117rwx

Combine three digits for owner, group, others:

bash
chmod 755 script.sh     # rwxr-xr-x  (owner all, group+others read+exec)
chmod 644 config.txt    # rw-r--r--  (owner read+write, others read only)
chmod 600 private.key   # rw-------  (owner only)
chmod 777 public/       # rwxrwxrwx  (everyone has everything — avoid for security)
chmod 000 locked.txt    # ---------- (no one can do anything)

Recursive chmod

bash
chmod -R 755 ./scripts/     # Apply to directory and all contents

chown — Change Ownership

bash
# Change owner
sudo chown rajath file.txt

# Change owner and group
sudo chown rajath:dialout /dev/ttyUSB0

# Recursively change ownership of a directory
sudo chown -R rajath:rajath ~/projects/

sudo — Superuser Do

sudo runs a single command as the root user (or any other user). It prompts for your password (not root's) and logs the action.

bash
sudo apt install git                # Install system software
sudo systemctl restart nginx        # Restart a service
sudo nano /etc/hosts                # Edit a system config file
sudo -u www-data python3 app.py     # Run as a different user (www-data)
sudo -i                             # Open an interactive root shell (use sparingly)
sudo !!                             # Re-run the last command with sudo

The sudoers File

/etc/sudoers controls who is allowed to use sudo and with what restrictions. Never edit it directly — always use:

bash
sudo visudo

Common entry patterns:

text
# Allow rajath to run everything as root without password
rajath ALL=(ALL) NOPASSWD: ALL

# Allow the deploy user to only restart a specific service
deploy ALL=(ALL) NOPASSWD: /bin/systemctl restart myapp.service

Groups — The Right Way to Grant Access

Instead of using sudo for device access, add your user to the appropriate group. This is the professional approach.

Important Groups for Embedded Development

GroupGrants Access To
dialoutSerial ports: /dev/ttyUSB*, /dev/ttyACM*
gpioGPIO pins on Raspberry Pi
i2cI2C bus: /dev/i2c-*
spiSPI bus: /dev/spidev*
videoCamera and video devices
dockerDocker daemon (run Docker without sudo)
sudoFull sudo access

Managing Groups

bash
# Show your current group memberships
groups $USER
id $USER

# Add user to a group (log out and in for changes to take effect)
sudo usermod -aG dialout rajath
sudo usermod -aG docker rajath

# Create a new group
sudo groupadd embedded_devs

# Add multiple users to a group at once
sudo usermod -aG embedded_devs alice
sudo usermod -aG embedded_devs bob

# Remove a user from a group
sudo gpasswd -d rajath plugdev

# View all groups and their members
cat /etc/group | grep dialout

Special Permission Bits

setuid (s on owner execute)

When set on an executable, it runs with the owner's privileges regardless of who executes it. Example: /usr/bin/passwd runs as root so it can write to /etc/shadow.

bash
chmod u+s /usr/bin/some_tool
# Appears as: -rwsr-xr-x

setgid (s on group execute)

When set on a directory, new files created inside inherit the directory's group instead of the creator's default group. Useful for shared project directories.

bash
chmod g+s shared_project/
# Appears as: drwxrwsr-x

Sticky Bit (t on others execute)

When set on a directory, only the file's owner (or root) can delete it — even if others have write access. The classic example is /tmp.

bash
chmod +t /shared/uploads/
# Appears as: drwxrwxrwt

Practical: Fixing the "Permission Denied" on ESP32

This is the most common error new embedded developers hit.

bash
# Error: idf.py flash
# A fatal error occurred: Could not open /dev/ttyUSB0, the port doesn't exist

# Step 1: Check the device exists
ls -la /dev/ttyUSB0
# crw-rw---- 1 root dialout 188, 0 May 9 09:15 /dev/ttyUSB0

# Step 2: Check your groups
groups $USER
# rajath : rajath adm sudo plugdev

# Notice: "dialout" is NOT in the list!

# Step 3: Add yourself to dialout
sudo usermod -aG dialout $USER

# Step 4: IMPORTANT — log out and log back in

# Step 5: Verify
groups $USER
# rajath : rajath adm dialout sudo plugdev

Quick Reference

CommandEffect
ls -l fileView permissions
chmod +x fileAdd execute permission
chmod 644 fileSet rw-r--r--
chmod 755 fileSet rwxr-xr-x
chmod -R 755 dir/Recursive permission change
chown user:group fileChange owner and group
sudo cmdRun one command as root
groups $USERShow group memberships
sudo usermod -aG grp userAdd user to group
sudo visudoEdit sudoers safely
Previous
The File System