🎯 Goal

Understand Linux permission models, user/group identity, ownership management, symbolic links, default permission behavior (umask), and gain foundational mastery of pipes, redirection, and core data-processing tools (grep, cut, sort, awk). Build mental models that connect these topics to cybersecurity use cases.

✅ What I Did

🔐 Linux Permissions Deep Dive

Today focused heavily on understanding how Linux controls access to files and directories.

Permission Types (rwx)

  • r → Read file contents or list directory contents
  • w → Modify file or directory contents
  • x → Execute programs or enter directories

Permission Ownership Structure

Linux permissions apply to:

  • User (Owner)
  • Group
  • Others

Example: -rwxr-xr–

Breakdown:

  • Owner → Full access
  • Group → Read and execute
  • Others → Read only

👤 Ownership Management (chown)

Learned how Linux assigns file ownership and why it matters for security.

Commands practiced:

sudo chown root file.txt
chown username file.txt
chown :groupname file.txt

Understanding ownership is critical because:

  • Root-owned files protect system integrity
  • Misconfigured ownership can enable privilege escalation

👥 User Identity and Group Privileges

Used identity inspection commands:

whoami
id
groups

Key concepts learned:

  • UID = Numeric user identity
  • GID = Primary group identity
  • Secondary groups grant additional privileges

My system groups included:

  • sudo → Administrative privileges
  • adm → Read system logs
  • plugdev → Access removable devices
  • lxd → Container management privileges

Realized that attackers frequently check group membership immediately after gaining access to evaluate privilege escalation paths.

🔗 Symbolic Links

Learned symbolic links act as pointers to files.

Created symlinks using:

ln -s original.txt link.txt

This taught me:

  • Symlinks reference file paths rather than file contents
  • Deleting the original file breaks the symlink
  • Symlink misuse can lead to real-world vulnerabilities

🎁 Default Permissions and umask

Checked my system default permission mask:

umask

Result: 0002

This means:

  • New files default to 664
  • New directories default to 775

Learned that umask removes permissions from Linux base defaults (666 for files, 777 for directories).

Understanding umask clarified why new files automatically receive certain permission sets and how improper values can introduce security risks.

🕵️ Security Enumeration With find

Practiced permission auditing using:

find / -perm -002 2>/dev/null nl > ~/Desktop/world_writable.txt

Breakdown:

  • find / → Search entire filesystem
  • -perm -002 → Identify world-writable files
  • 2>/dev/null → Suppress permission errors
  • | nl → Number results
  • > → Save output to file

This command reinforced concepts of:

  • File permission auditing
  • Output redirection
  • Command pipelines
  • Security enumeration workflows

🔄 Pipes and Redirection (Command Chaining Fundamentals)

Pipes (|)

Pipes allow output from one command to become input for another.

Example:

ls wc -l

Used to:

  • Chain commands together
  • Process large datasets efficiently
  • Build automation workflows

Output Redirection

`> Overwrite output to file

>> Append output to file 2> Redirect error output

Special device learned:

/dev/null

Acts as a data sink used to discard unwanted output.

🧠 Linux Data Processing Toolkit

🔍 grep – Pattern Search

Used for filtering lines containing specific content.

Example: grep Failed auth.log

Common SOC and pentesting usage:

  • Log analysis
  • Searching credentials
  • Detecting suspicious behavior

✂️ cut – Column Extraction

Extracts structured fields from text data.

Example:

cut -d: -f1 /etc/passwd

Used to:

  • Extract usernames
  • Parse configuration data
  • Process log fields

📚 sort – Data Organization

Organizes output alphabetically or numerically.

Example:

sort file.txt
sort -n numbers.txt

Often combined with:

uniq

To remove duplicates.

🧙 awk – Advanced Text Processing

Powerful scripting-style text processor.

Examples:

awk ‘{print $1}’
awk -F: ‘{print $1,$3}’ /etc/passwd

Used to:

  • Extract structured data
  • Perform calculations
  • Analyze logs
  • Build quick automation scripts

💡 Key Cybersecurity Connections

Today reinforced that:

  • Permission misconfiguration often leads to privilege escalation
  • Identity and group membership reveal system privilege boundaries
  • Command chaining enables rapid enumeration and analysis
  • Data processing tools form the backbone of log and forensic analysis

🚧 Challenges

  • find syntax complexity
  • Understanding when to use cut vs awk
  • Memorizing redirection behavior without experimentation
  • Fully internalizing Linux identity model

🧠 What I Learned

  • Linux security heavily depends on ownership and permission models
  • Pipes transform single commands into automation workflows
  • Data-processing tools enable efficient system investigation
  • Enumeration commands are essential offensive and defensive cybersecurity skills

🔜 Next Steps

  • Deep dive into advanced permission bits (SUID, SGID, Sticky Bit)
  • Practice real privilege escalation scenarios
  • Expand pipeline chaining skills
  • Begin structured log analysis exercises
  • Explore additional text manipulation tools (sed, tee, xargs)

📌 Reflection

Today felt like a major foundational milestone. Understanding permissions, identity, and shell data processing revealed how Linux systems enforce trust boundaries and how attackers attempt to bypass them. These skills appear fundamental to both defensive security monitoring and offensive penetration testing.