Lesson 2: File Permissions & Linux Security Model
Every Linux file is protected by a permission system that defines who can read, write, and execute it. At NVIDIA, understanding permissions is critical — a CUDA application will fail silently if the process user is not in the video group that grants access to /dev/nvidia0. This lesson gives you all
Linux permissions are like keys to rooms in a building: every room (file) has three locks — one for the owner, one for the group, and one for everyone else. chmod decides which key to hand out.
- Permission Bits
- Three bits (r, w, x) for each of three actors: owner, group, others. Together they define who can do what with a file.
- UID (User ID)
- A unique integer the kernel uses to identify a user. root is always UID 0. Every process runs with the UID of the user who launched it.
- GID (Group ID)
- An integer representing a group of users. A user can belong to multiple groups. The video group grants access to /dev/nvidia*.
- setuid bit
- A special bit that causes a process to run with the file owner's UID instead of the invoking user's UID. sudo uses this to grant temporary root privileges.
- Device Node
- A file in /dev that represents a hardware device. /dev/nvidia0 is the device node for the first GPU. You read and write it like a regular file, but operations are forwarded to the driver.