M17 - Permissions Lab: Diagnose and Fix

Permissions

Permissions Lab: Diagnose and Fix

Use a safe practice folder to inspect, break, diagnose, and restore access so permission troubleshooting feels systematic instead of scary.

35 min INTERMEDIATE BOTH Curriculum-reviewed

Prerequisites

Module M12 - Who Owns What: Users and Groups Module M14 - Users and Groups: CLI Module M15 - Permissions: NTFS and Linux rwx Module M16 - Elevation: UAC and sudo

What you should be able to do after this

Create a safe permissions sandbox.
Observe how one permission change affects access.
Restore access by reasoning from the permission model instead of guessing.

The Goal

This lab is about calm troubleshooting.

You will create a disposable practice folder, confirm access works, remove one permission on purpose, observe the failure, and restore the correct state.

Boundary

Stay inside the practice folder for this entire lab. Do not apply these commands to your real home directory, work repository, or system folders.

Step 1: Create the Sandbox

cd $env:USERPROFILE mkdir -Force PermSandbox Set-Content -Path .\PermSandbox\notes.txt -Value “permissions practice” Get-Content .\PermSandbox\notes.txt

cd ~ mkdir -p PermSandbox printf “permissions practice\n” > ./PermSandbox/notes.txt cat ./PermSandbox/notes.txt

At this point, reading the file should work.

Step 2: Break Access in a Controlled Way

Windows

Use a practice-only deny rule on the file, then confirm the read fails.

icacls .\PermSandbox\notes.txt /deny “$env:USERNAME:(R)” Get-Content .\PermSandbox\notes.txt

Linux

Remove your read permission from the file, then confirm the read fails.

chmod u-r ./PermSandbox/notes.txt cat ./PermSandbox/notes.txt

The point is to see one permission change produce one clear consequence.

Step 3: Diagnose Before Fixing

Before changing anything else, inspect the current state.

icacls .\PermSandbox\notes.txt

ls -l ./PermSandbox/notes.txt

Ask yourself:

Which identity is affected?
Which right is missing or denied?
What is the smallest change that restores normal access?

Step 4: Restore Access

icacls .\PermSandbox\notes.txt /remove:d $env:USERNAME Get-Content .\PermSandbox\notes.txt

chmod u+r ./PermSandbox/notes.txt cat ./PermSandbox/notes.txt

If the file opens again, you completed the loop correctly.

Optional Extension

Once the basic loop feels comfortable, try a directory-focused version.

on Linux, remove the execute bit from a practice directory and observe how traversal changes
on Windows, inspect a folder ACL instead of a file ACL and compare the inherited entries

Only do this in the sandbox.

Move On When

You are ready for the next section when you can:

create a practice permission problem safely
inspect the current state before guessing
restore access with a targeted fix

That is the real permissions skill: diagnose first, change second.

Study flow

Read for understanding first, practice immediately after, then mark complete only when you can explain the idea back in your own words.

Permission labs Command library

Self-check

When access fails, what should you inspect first before changing anything?
Why is a sandbox the right place to practice permission troubleshooting?

If not yet, do one more practice pass before you move forward.

Move on when

Break and restore access in the practice folder without touching real system files.
Explain which permission change caused the failure and which change fixed it.

Completion matters only if you can do these without leaning on the page.

Review rhythm

After you finish, come back tomorrow for a short no-notes recall pass.

Use spaced recalls around day 1, day 3, day 7.
Try to explain the main idea before reopening the page.
Do one related lab or command lookup from memory, not recognition alone.
Re-read only the parts you could not retrieve cleanly.

Learning context

Best for

Need structureIT / support / sysadminSerious hands-on operatorStarting from zero

Pathways

Career operator pathFoundations firstFoundations with structured review

Study fit

Beginner-safe Prerequisites are strongly recommended Balanced lesson and reference

This lesson is paced to support newer learners without assuming too much prior system experience.

This lesson is meant to teach the idea and still leave you with usable command and workflow recall.

Topics

labpermissionschmodicaclsdiagnosepractice

Use right after this lesson

Lab LAB-PERM-01 - The Permission Trinity (rwx) Lab LAB-PERM-02 - UGO and the chmod Command Lab LAB-PERM-03 - Numeric Permissions (Octal) Lab LAB-PERM-04 - Ownership and chown Library ls Library chmod Library icacls Library Get-ChildItem Library Get-Content Library cat

On this page