Chapter 18: Securing Data and Hardening Linux
In this chapter, you'll learn how Linux file permissions work, how to set SUID, SGID, and sticky bit, how to encrypt data at rest, and how to apply the principle of least privilege at the filesystem level.
In Chapter 17 of the LFCA Certification Course, you learned the essential security steps for a Linux server, such as keeping software updated, securing SSH access, configuring a firewall, managing sudo privileges, disabling unused accounts, and reducing unnecessary software.
In this chapter, you'll build on those basics by learning how Linux file permissions control who can access files and directories, how special permission bits work and why they are important, how to identify and fix risky permission settings, and how to protect stored data using encryption.
These topics are part of the Security Fundamentals domain (14%) of the LFCA exam. Permission-related questions are common because file permissions are used on every Linux system and require both practical knowledge and familiarity with key commands.
All commands in this chapter were tested on Ubuntu 26.04 LTS, but they also work on other major Linux distributions, including Debian, Fedora, Rocky Linux, and RHEL.