Basically: when I, as non-root user, execute chmod on a file, when do I get "permissions denied" for that command, and when not? Which property of the file allows or forbids me to change permissions of it?
I assume it is the file-owner, asking here as I'm just struggling a bit to learn about the underlying basic concepts.
TL;DR: If you want to run chmod on a file on GNU/Linux, you need to be root or the owner of the file.
From the chmod(2) (chmod system call) manual page:
The effective UID of the calling process must match the owner of the file, or the process must be privileged (Linux: it must have the CAP_FOWNER capability).
From the capabilities(7) manual page:
CAP_FOWNER
- Bypass permission checks on operations that normally require the filesystem UID of the process to match the UID of the file (e.g., chmod(2), utime(2)), excluding those operations covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH; [...]
From the setfacl(1) manual page:
PERMISSIONS
The file owner and processes capable of CAP_FOWNER are granted the right to modify ACLs of a file. This is analogous to the permissions required for accessing the file mode. (On current Linux systems, root is the only user with the CAP_FOWNER capability.)
