Session 3: File Permissions & Security

Master Linux security fundamentals and file permission management essential for secure IoT deployments. Understanding permissions is critical for building robust, secure IoT systems that protect sensitive data and maintain system integrity in production environments.

Duration 2 hours

Module Linux Basics

Session 3 of 5

Difficulty Beginner to Intermediate

Session Learning Objectives

By the end of this session, you will be able to:

Master Linux Security Model

Understand and implement Linux file permissions, ownership, and security principles essential for secure IoT device deployment.

Control File Access Professionally

Use chmod, chown, and chgrp commands effectively to manage file access, protect sensitive data, and maintain system security.

Implement IoT Security Best Practices

Apply permission management strategies specific to IoT environments, including certificate security and service isolation.

Troubleshoot Permission Issues

Diagnose and resolve common permission problems that affect IoT applications and system services.

1. Linux Security Model - Your Digital Fortress

Understanding Linux Permission Architecture

Linux permissions form the foundation of system security, especially critical in IoT environments where devices often operate unattended and may be exposed to network attacks. The permission system controls who can read, modify, or execute files and directories, providing multiple layers of protection.

Why This Matters for IoT: IoT devices often contain sensitive data (sensor readings, user information, network credentials) and run critical services. Proper permissions prevent unauthorized access, protect against malware, and ensure system stability. A misconfigured permission can expose your entire IoT network.

# Understanding permission display from ls -l
-rw-r--r-- 1 iot    iot     1024 Jan 15 10:30 sensor_config.json
drwxr-xr-x 2 root   iot     4096 Jan 15 10:30 certificates/
-rwxr-xr-x 1 root   root    2048 Jan 15 10:30 iot_daemon*
-rw------- 1 iot    iot      512 Jan 15 10:30 private_key.pem
lrwxrwxrwx 1 root   root       9 Jan 15 10:30 python -> python3.9

# Breaking down the permission structure:
# Position:  1    234   567   890   (file type + 9 permission bits)
# Example:   -    rwx   r-x   r-x
#    |       |     |     |     |
#    |       |     |     |     └── Other (world) permissions
#    |       |     |     └──── Group permissions  
#    |       |     └──── Owner (user) permissions
#    |       └──── File type indicator
#    └──── Complete permission string

# File type indicators (first character):
# -  = regular file (configuration, data, executable)
# d  = directory (can be navigated with cd)
# l  = symbolic link (shortcut to another file/directory)
# b  = block device (storage devices like SD cards)
# c  = character device (serial ports, GPIO interfaces)
# p  = named pipe (inter-process communication)
# s  = socket (network communication endpoint)

Permission Types and Their IoT Applications

Read (r) - Value: 4

View file contents or list directory. Essential for accessing config files, sensor data, and log analysis

Write (w) - Value: 2

Modify files or create/delete in directory. Critical for data logging, configuration updates, and system maintenance

Execute (x) - Value: 1

Run programs or enter directories. Required for IoT applications, scripts, and accessing system directories

No Permission (-) - Value: 0

Access completely denied. Used to protect sensitive files like private keys and system configurations

Permission Categories - The Three Pillars of Access Control

Linux organizes permissions into three distinct categories, each serving a specific role in system security. Understanding these categories is essential for implementing proper access control in IoT systems.

Owner (User) - First 3 Bits

The file/directory owner

Who: The user account that owns the file
Typical Rights: Full control (rwx)
IoT Context: Application service accounts, developers
Example: iot user owns sensor data files
Security Note: Should have minimal necessary permissions

Group - Second 3 Bits

Users in the file's group

Who: All users belonging to the file's group
Typical Rights: Read and execute (r-x)
IoT Context: Development teams, service groups
Example: 'iot' group can read configuration files
Security Note: Enables controlled collaboration

Other (World) - Last 3 Bits

All other system users

Who: Everyone else on the system
Typical Rights: Read only (r--) or none (---)
IoT Context: Public access, system services
Example: Public documentation files
Security Note: Should be most restrictive

# Real-world IoT permission examples
ls -la /etc/iot/
# -rw-r--r-- 1 root iot    1024 Jan 15 10:30 device_config.json
# -rw------- 1 iot  iot     512 Jan 15 10:30 mqtt_credentials.conf
# -rwxr-xr-x 1 root iot    2048 Jan 15 10:30 startup_script.sh
# drwxrwx--- 2 iot  iot    4096 Jan 15 10:30 data/

# Analyzing these permissions:
# device_config.json: Owner can read/write, group can read, others can read
# mqtt_credentials.conf: Only owner can read/write (secure credentials)
# startup_script.sh: Owner can execute, group and others can read/execute
# data/: Owner and group have full access, others have no access

# Common IoT security patterns
ls -la /var/log/iot/
# -rw-r----- 1 iot iot 10240 Jan 15 10:30 sensor.log    # Group readable logs
# -rw------- 1 iot iot  2048 Jan 15 10:30 error.log     # Private error logs

ls -la /opt/iot/bin/
# -rwxr-xr-x 1 root root 15360 Jan 15 10:30 iot_daemon   # System executable
# -rwx------ 1 iot  iot   4096 Jan 15 10:30 user_script  # User-only script

Numeric Permission System - The Professional's Shorthand

Numeric (octal) permissions provide a precise, efficient way to set file permissions. This system is widely used in professional environments and automation scripts.

# Permission calculation system:
# Read (r)    = 4
# Write (w)   = 2  
# Execute (x) = 1
# No access   = 0

# Calculate permissions by adding values:
# rwx = 4+2+1 = 7 (full access)
# rw- = 4+2+0 = 6 (read and write)
# r-x = 4+0+1 = 5 (read and execute)
# r-- = 4+0+0 = 4 (read only)
# -wx = 0+2+1 = 3 (write and execute, unusual)
# -w- = 0+2+0 = 2 (write only, very unusual)
# --x = 0+0+1 = 1 (execute only)
# --- = 0+0+0 = 0 (no access)

# Common IoT permission patterns:
# 755 = rwxr-xr-x (owner: full, others: read+execute) - executables, scripts
# 644 = rw-r--r-- (owner: read+write, others: read) - configuration files
# 600 = rw------- (owner: read+write only) - private keys, credentials
# 640 = rw-r----- (owner: read+write, group: read) - shared configs
# 700 = rwx------ (owner: full access only) - private directories
# 750 = rwxr-x--- (owner: full, group: read+execute) - shared executables
# 444 = r--r--r-- (read-only for everyone) - static reference files
# 000 = --------- (no access for anyone) - locked files

# IoT security examples with explanations:
chmod 755 /opt/iot/bin/sensor_daemon     # Public executable
chmod 644 /etc/iot/device_config.json    # Readable configuration
chmod 600 /etc/iot/certificates/private.key  # Secure private key
chmod 640 /var/log/iot/application.log   # Group-readable logs
chmod 700 /home/iot/.ssh/                # Private SSH directory
chmod 750 /opt/iot/scripts/               # Shared script directory

2. Permission Management - Your Security Toolkit

Changing Permissions with chmod - The Permission Controller

The chmod (change mode) command is your primary tool for managing file permissions. Mastering chmod is essential for IoT security, as it allows you to protect sensitive data while ensuring applications can access necessary resources.

# Numeric method (absolute permissions) - Professional approach
chmod 755 /opt/iot/bin/sensor_monitor.py    # Standard executable permissions
chmod 644 /etc/iot/device_config.json       # Standard config file permissions
chmod 600 /etc/iot/certificates/device.key  # Secure private key
chmod 700 /var/lib/iot/private_data/         # Private directory
chmod 640 /var/log/iot/sensor.log           # Group-readable log file

# Symbolic method (relative permissions) - Quick modifications
chmod +x startup_script.sh          # Add execute permission for all users
chmod -w readonly_config.json       # Remove write permission for all users
chmod u+x sensor_script.py          # Add execute for user (owner) only
chmod g-w shared_config.json        # Remove write permission for group
chmod o-r sensitive_data.txt        # Remove read permission for others
chmod a+r public_readme.txt         # Add read permission for all (a = all)

# Advanced symbolic combinations for complex scenarios
chmod u+x,g+r,o-rwx private_script.sh       # User execute, group read, others none
chmod ug+rw,o-rwx team_shared_file.conf     # User+group read/write, others none
chmod a-x,u+x admin_only_script.sh          # Remove execute from all, add for user

# IoT-specific permission management examples
# Secure IoT daemon setup
sudo chmod 755 /opt/iot/bin/iot_daemon      # Daemon executable
sudo chmod 644 /etc/systemd/system/iot.service  # Service definition
sudo chmod 600 /etc/iot/daemon.conf         # Daemon configuration (secure)

# Sensor data management
chmod 755 /var/lib/iot/sensors/             # Sensor data directory
chmod 644 /var/lib/iot/sensors/*.json       # Sensor data files
chmod 640 /var/log/iot/sensors.log          # Sensor log (group readable)

# Development environment setup
chmod 755 ~/iot-projects/                   # Project directory
chmod 644 ~/iot-projects/*.py               # Python source files
chmod +x ~/iot-projects/build.sh            # Build script executable
chmod 600 ~/iot-projects/.env               # Environment variables (secure)

# Certificate and key management (critical for IoT security)
chmod 700 /etc/iot/certificates/            # Certificate directory (secure)
chmod 600 /etc/iot/certificates/*.key       # Private keys (owner only)
chmod 644 /etc/iot/certificates/*.crt       # Public certificates (readable)
chmod 644 /etc/iot/certificates/*.pem       # PEM files (readable)

Understanding chmod Symbolic Notation

User Symbols

u (user/owner), g (group), o (others), a (all users)

Operation Symbols

+ (add permission), - (remove permission), = (set exact permission)

Permission Symbols

r (read), w (write), x (execute)

Combination Examples

u+x (user add execute), go-w (group+others remove write), a=r (all set read only)

Ownership Management with chown and chgrp - The Access Controllers

File ownership determines who has ultimate control over files and directories. In IoT systems, proper ownership ensures that services run with appropriate privileges and that sensitive data remains protected.

# Changing file ownership with chown (requires sudo for most operations)
sudo chown iot /var/lib/iot/sensor_data.json        # Change owner to 'iot' user
sudo chown root /opt/iot/bin/system_daemon          # Change owner to root (system service)
sudo chown -R iot:iot /home/iot/projects/           # Recursively change owner and group
sudo chown www-data /var/www/iot-dashboard/         # Web server ownership

# Changing group ownership with chgrp
sudo chgrp iot /etc/iot/shared_config.json          # Change group to 'iot'
sudo chgrp -R developers /opt/iot/development/      # Recursive group change
sudo chgrp dialout /dev/ttyUSB0                     # Serial device group (if needed)

# Combined owner and group changes (most common approach)
sudo chown user:group filename                      # Change both owner and group
sudo chown iot:iot /var/log/iot/application.log    # IoT service owns its logs
sudo chown root:iot /etc/iot/system_config.json    # Root owns, iot group can access
sudo chown -R mqtt:mqtt /var/lib/mosquitto/         # MQTT broker owns its data
sudo chown nobody:nogroup /tmp/iot_temp/            # Temporary files with minimal privileges

# Professional IoT system ownership patterns
# System service files (owned by root, accessible by service group)
sudo chown root:iot /etc/systemd/system/iot-sensor.service
sudo chown root:iot /etc/iot/system_settings.conf

# Application data (owned by service user)
sudo chown -R iot:iot /var/lib/iot/                 # IoT application data
sudo chown -R iot:iot /var/log/iot/                 # IoT application logs
sudo chown -R iot:iot /run/iot/                     # Runtime data

# Web dashboard files (if using web interface)
sudo chown -R www-data:www-data /var/www/iot-dashboard/
sudo chown -R www-data:iot /var/www/iot-dashboard/data/  # Shared data access

# Development environment ownership
sudo chown -R $USER:$USER ~/iot-projects/           # User owns development files
sudo chown -R $USER:iot ~/iot-projects/shared/      # Shared development resources

# Certificate and security file ownership
sudo chown root:iot /etc/iot/certificates/ca.crt   # Root owns, group can read
sudo chown iot:iot /etc/iot/certificates/device.key # Service owns private key
sudo chown root:root /etc/ssl/certs/                # System certificates

IoT Ownership Best Practices

System Services

Root ownership for executables, service user for data and logs

Configuration Files

Root or service user ownership, appropriate group for shared access

Data Files

Service user ownership to prevent privilege escalation

Temporary Files

Minimal privilege users (nobody, nogroup) for security

Special Permissions - Advanced Security Features

Special permissions provide additional security and functionality beyond basic read/write/execute. These are particularly important in IoT systems for managing privileged operations and shared resources.

# Setuid (Set User ID) - Execute with owner's privileges
# Numeric value: 4000 (add to regular permissions)
chmod 4755 /usr/bin/iot_admin_tool          # Runs with owner privileges
ls -l /usr/bin/iot_admin_tool               # Shows: -rwsr-xr-x (note the 's')

# Common setuid examples in IoT systems
ls -l /usr/bin/sudo                         # -rwsr-xr-x (sudo needs root privileges)
ls -l /bin/ping                             # May have setuid for network access

# Setgid (Set Group ID) - Execute with group's privileges  
# Numeric value: 2000 (add to regular permissions)
chmod 2755 /opt/iot/shared/group_tool       # Runs with group privileges
ls -l /opt/iot/shared/group_tool            # Shows: -rwxr-sr-x (note the 's')

# Setgid on directories - New files inherit directory's group
chmod 2775 /opt/iot/shared/                 # New files get 'iot' group
ls -ld /opt/iot/shared/                     # Shows: drwxrwsr-x

# Sticky bit - Only owner can delete files in directory
# Numeric value: 1000 (add to regular permissions)
chmod 1777 /tmp/iot_shared/                 # Shared temp directory
ls -ld /tmp/iot_shared/                     # Shows: drwxrwxrwt (note the 't')
ls -ld /tmp                                 # System /tmp has sticky bit

# Combined special permissions
chmod 6755 special_file                     # Setuid + Setgid (4000 + 2000 + 755)
chmod 7755 ultra_special                    # All special permissions (4000 + 2000 + 1000 + 755)

# IoT security considerations and examples
# Creating secure shared directories for IoT teams
sudo mkdir /opt/iot/team_shared
sudo chown root:iot /opt/iot/team_shared
sudo chmod 2775 /opt/iot/team_shared        # Setgid ensures group ownership

# Secure temporary directory for IoT processes
sudo mkdir /tmp/iot_processing
sudo chown root:iot /tmp/iot_processing
sudo chmod 1770 /tmp/iot_processing         # Sticky bit + group access only

# WARNING: Security implications of special permissions
# - Setuid/setgid can be security risks if misused
# - Only use on trusted executables
# - Regularly audit setuid/setgid files
find / -perm -4000 -type f 2>/dev/null      # Find all setuid files
find / -perm -2000 -type f 2>/dev/null      # Find all setgid files

# IoT-specific special permission use cases
# Sensor access tool that needs hardware privileges
sudo chmod 4755 /opt/iot/bin/sensor_access  # Setuid for hardware access
# Shared data directory for IoT services
sudo chmod 2775 /var/lib/iot/shared/         # Setgid for consistent group ownership
# Temporary processing directory
sudo chmod 1777 /tmp/iot_temp/               # Sticky bit for multi-user temp space

3. Hands-on Practice Exercises - Real-World IoT Security

Professional IoT Security Scenarios

These exercises simulate real IoT deployment scenarios that you'll encounter in professional environments. Each exercise builds practical skills for securing and managing IoT systems.

Exercise 1

Set up secure IoT system directories with proper permissions for team collaboration and system security

Exercise 2

Configure certificate and credential security for IoT device authentication and encrypted communication

Exercise 3

Implement service isolation and secure file sharing for multi-user IoT development environments

Exercise 4

Troubleshoot and resolve common permission issues in IoT deployments

# Exercise 1: Professional IoT System Directory Setup
# Create comprehensive IoT system structure with proper security

# Step 1: Create system directories
sudo mkdir -p /opt/iot/{bin,config,data,logs,scripts,certificates}
sudo mkdir -p /var/lib/iot/{sensors,devices,analytics}
sudo mkdir -p /var/log/iot/{system,sensors,network,security}
sudo mkdir -p /etc/iot/{config,services,certificates}

# Step 2: Create IoT system group and users
sudo groupadd iot                           # Create IoT system group
sudo useradd -r -g iot -d /var/lib/iot -s /bin/bash iot  # IoT service user
sudo usermod -a -G iot $USER                # Add yourself to IoT group

# Step 3: Set ownership and permissions
sudo chown -R root:iot /opt/iot/            # Root owns, iot group access
sudo chown -R iot:iot /var/lib/iot/         # IoT service owns data
sudo chown -R iot:iot /var/log/iot/         # IoT service owns logs
sudo chown -R root:iot /etc/iot/            # Root owns configs, group access

# Step 4: Apply security permissions
sudo chmod 755 /opt/iot/bin/                # Executables directory
sudo chmod 750 /opt/iot/config/             # Config directory (group access)
sudo chmod 775 /opt/iot/data/               # Data directory (group write)
sudo chmod 775 /opt/iot/logs/               # Logs directory (group write)
sudo chmod 700 /opt/iot/certificates/       # Certificates (secure)
sudo chmod 755 /opt/iot/scripts/            # Scripts directory

sudo chmod 750 /var/lib/iot/                # IoT data (group read)
sudo chmod 775 /var/log/iot/                # Log directories (group write)
sudo chmod 750 /etc/iot/                    # System config (group read)
sudo chmod 700 /etc/iot/certificates/       # System certificates (secure)

# Step 5: Verify setup
ls -la /opt/iot/                            # Check directory permissions
ls -la /var/lib/iot/                        # Check data permissions
groups $USER                                # Verify group membership

# Exercise 2: IoT Certificate and Credential Security
# Set up secure credential management for IoT devices

# Step 1: Create certificate structure
sudo mkdir -p /etc/iot/certificates/{ca,devices,servers}
sudo mkdir -p /opt/iot/certificates/{private,public}

# Step 2: Create sample certificates and keys (for practice)
# Generate CA private key
sudo openssl genrsa -out /etc/iot/certificates/ca/ca-private.key 4096
# Generate device private key
sudo openssl genrsa -out /etc/iot/certificates/devices/device01-private.key 2048
# Create sample credential files
sudo tee /etc/iot/certificates/mqtt-credentials.conf > /dev/null << EOF
username=iot_device_001
password=secure_password_here
broker=mqtt.example.com
port=8883
EOF

# Step 3: Apply strict security permissions
sudo chmod 600 /etc/iot/certificates/ca/ca-private.key          # CA key (root only)
sudo chmod 600 /etc/iot/certificates/devices/*-private.key      # Device keys (root only)
sudo chmod 600 /etc/iot/certificates/mqtt-credentials.conf      # Credentials (root only)
sudo chmod 644 /etc/iot/certificates/ca/ca-cert.pem            # CA cert (readable)
sudo chmod 644 /etc/iot/certificates/devices/*-cert.pem        # Device certs (readable)

# Step 4: Set proper ownership
sudo chown root:root /etc/iot/certificates/ca/*                # CA files (root only)
sudo chown iot:iot /etc/iot/certificates/devices/*             # Device files (iot service)
sudo chown iot:iot /etc/iot/certificates/mqtt-credentials.conf # Credentials (iot service)

# Step 5: Verify security
sudo ls -la /etc/iot/certificates/ca/                          # Check CA permissions
sudo ls -la /etc/iot/certificates/devices/                     # Check device permissions
sudo -u iot cat /etc/iot/certificates/mqtt-credentials.conf    # Test iot user access

# Exercise 3: Service Isolation and Secure Sharing
# Implement proper isolation between IoT services

# Step 1: Create service-specific users and groups
sudo groupadd mqtt-service                  # MQTT broker group
sudo groupadd sensor-service               # Sensor service group
sudo useradd -r -g mqtt-service mqtt       # MQTT service user
sudo useradd -r -g sensor-service sensors  # Sensor service user

# Step 2: Create service-specific directories
sudo mkdir -p /var/lib/{mqtt,sensors}
sudo mkdir -p /var/log/{mqtt,sensors}
sudo mkdir -p /etc/{mqtt,sensors}

# Step 3: Set service ownership and permissions
sudo chown -R mqtt:mqtt-service /var/lib/mqtt/
sudo chown -R sensors:sensor-service /var/lib/sensors/
sudo chmod 750 /var/lib/mqtt/               # Service-only access
sudo chmod 750 /var/lib/sensors/            # Service-only access

# Step 4: Create shared data directory with proper permissions
sudo mkdir -p /opt/iot/shared-data
sudo chown root:iot /opt/iot/shared-data
sudo chmod 2775 /opt/iot/shared-data        # Setgid for group inheritance

# Step 5: Test service isolation
sudo -u mqtt touch /var/lib/mqtt/test.log   # Should work
sudo -u sensors touch /var/lib/mqtt/fail.log 2>/dev/null || echo "Access denied (correct)"

# Exercise 4: Troubleshooting Permission Issues
# Common IoT permission problems and solutions

# Scenario 1: Permission denied accessing IoT device files
# Problem: IoT application can't access sensor data
# Solution: Check and fix permissions

# Diagnose the issue
ls -la /dev/ttyUSB0                         # Check device permissions
groups iot                                  # Check user group membership
namei -l /var/lib/iot/sensor_data.json     # Check path permissions

# Fix common permission issues
sudo usermod -a -G dialout iot              # Add to dialout group for serial access
sudo chmod 640 /var/lib/iot/sensor_data.json  # Fix file permissions
sudo chown iot:iot /var/lib/iot/sensor_data.json  # Fix ownership

# Scenario 2: Web dashboard can't access IoT data
# Problem: Web server can't read IoT sensor data
# Solution: Create shared access

# Create shared group and add users
sudo groupadd iot-web                       # Shared group
sudo usermod -a -G iot-web www-data         # Add web server to group
sudo usermod -a -G iot-web iot              # Add IoT service to group

# Fix data permissions for shared access
sudo chgrp -R iot-web /var/lib/iot/sensors/
sudo chmod -R 640 /var/lib/iot/sensors/*.json  # Group readable

# Scenario 3: Log rotation fails due to permissions
# Problem: Log rotation can't compress old IoT logs
# Solution: Fix log directory permissions

sudo chmod 755 /var/log/iot/                # Directory accessible
sudo chmod 644 /var/log/iot/*.log           # Logs readable
sudo chown -R iot:iot /var/log/iot/         # Proper ownership

Advanced Security Scenarios

# Security Audit Script for IoT Systems
#!/bin/bash
echo "=== IoT Security Audit ==="

# Check for world-writable files (security risk)
echo "Checking for world-writable files..."
find /opt/iot /var/lib/iot /etc/iot -type f -perm -002 2>/dev/null

# Check for files with no owner (orphaned files)
echo "Checking for orphaned files..."
find /opt/iot /var/lib/iot -nouser -o -nogroup 2>/dev/null

# Check for setuid/setgid files (potential security risks)
echo "Checking for setuid/setgid files..."
find /opt/iot -type f \( -perm -4000 -o -perm -2000 \) -ls 2>/dev/null

# Check certificate permissions
echo "Checking certificate security..."
find /etc/iot/certificates -name "*.key" ! -perm 600 2>/dev/null

# Verify service user permissions
echo "Checking service user access..."
sudo -u iot test -r /etc/iot/config/device.conf && echo "✓ IoT user can read config" || echo "✗ Config access denied"
sudo -u iot test -w /var/log/iot/ && echo "✓ IoT user can write logs" || echo "✗ Log write access denied"

# Check for proper group memberships
echo "Checking group memberships..."
groups iot | grep -q dialout && echo "✓ IoT user in dialout group" || echo "⚠ IoT user not in dialout group"

echo "=== Audit Complete ==="

Session Summary & Next Steps

What You've Accomplished

Congratulations! You now have a solid foundation in Linux security and permission management. Here's what you can do:

Understand Security Architecture: You know how Linux permissions protect IoT systems and can implement proper access controls
Manage File Permissions: You can use chmod, chown, and chgrp to secure files and directories professionally
Implement IoT Security: You can apply security best practices specific to IoT environments and protect sensitive data
Troubleshoot Issues: You can diagnose and resolve common permission problems that affect IoT applications
Audit Security: You can assess and improve the security posture of IoT systems

Real-World IoT Applications

These skills directly apply to professional IoT development:

Device Security: Protecting IoT devices from unauthorized access and data breaches
Certificate Management: Securing communication channels and device authentication
Service Isolation: Preventing security breaches from spreading between IoT services
Compliance: Meeting security standards and regulations for IoT deployments
Team Collaboration: Enabling secure collaboration while maintaining system security
System Administration: Managing multi-user IoT environments safely and efficiently

Key Commands Mastery Summary

Permission Viewing

ls -la, stat, namei -l

Permission Changes

chmod (numeric and symbolic), umask

Ownership Management

chown, chgrp, sudo chown user:group

Special Permissions

setuid (4000), setgid (2000), sticky bit (1000)

Security Auditing

find with permission tests, groups, id

User Management

useradd, usermod, groupadd, groups

Preparation for Session 4: Process Management

In the next session, we'll explore process management and system monitoring. To prepare and reinforce today's learning:

Practice Permission Management: Set up your own IoT project directories with proper security
Experiment with Ownership: Try different ownership scenarios and understand their implications
Security Mindset: Always think about who should have access to what in IoT systems
Audit Your System: Use the security audit techniques to examine your current system
Read Security Guidelines: Explore IoT security best practices and standards
Join Security Communities: Participate in cybersecurity and IoT security discussions

← Session 2 Session 4 →