An interactive course on Linux file system security. Four modules, five terminal labs, one certificate. Built as a static Next.js site — no server, no backend, no accounts.
Module 1 — Basics
Users, groups, UID/GID. The rwx model, numeric notation. chmod, chown, chgrp — all three, not just two.
Module 2 — Advanced
umask, SUID, SGID, Sticky Bit. Then ACL: getfacl, setfacl, masks, default entries.
Module 3 — Security
root vs sudo. visudo, sudoers.d, least-privilege sudoers rules.
Module 4 — Practice Five terminal labs. You type real commands into a simulated shell. It checks them, shows output, blocks the Next button until you get it right.
| Lab | Scenario |
|---|---|
chmod 600 |
SSH key rejected — permissions too open |
chown -R |
nginx returns 403, files belong to root |
chmod -R 750 |
App directory readable by everyone |
setfacl |
Auditor needs read access, no group changes allowed |
find -perm -4000 |
SUID audit — there's a backdoor in the output |
Then a certificate. Unique ID, issue date, score, PDF export.
- Next.js 14 — App Router,
'use client'components - TypeScript — strict, no
any - CSS Modules — no Tailwind, no UI library
- Static export —
next build→/outfolder, deployable anywhere - localStorage — progress and language preference persist across sessions
No database. No auth. No external APIs.
npm install
npm run devOpen http://localhost:3000/linux-perms-course.
npm run buildOutput goes to /out. Drop it on GitHub Pages, Vercel, Netlify, or any static host.
The course ships in Russian and English. Toggle in the top bar — the switch is instant, no reload. Progress and answers carry over between languages. Terminal labs stay in English (it's Unix, after all).
MIT