Linux

Understanding Linux File Permissions

Understanding Linux File Permissions

In Linux, file permissions, attributes, and ownership control the access level that the system processes and users have to files. This ensures that only authorized users and processes can access specific files and directories.

Linux File Permissions #

The basic Linux permissions model works by associating each system file with an owner and a group and assigning permission access rights for three different classes of users:

File ownership can be changed using the chown and chgrp commands.

Three file permissions types apply to each class of users:

This concept allows you to control which users can read the file, write to the file, or execute the file.

To view the file permissions, use the ls command:

ls -l file_name
-rw-r--r-- 12 linuxize users 12.0K Apr 28 10:10 file_name |[-][-][-]- [------] [---] | | | | | | | | | | | | | +-----------> 7. Group | | | | | +-------------------> 6. Owner | | | | +--------------------------> 5. Alternate Access Method | | | +----------------------------> 4. Others Permissions | | +-------------------------------> 3. Group Permissions | +----------------------------------> 2. Owner Permissions +------------------------------------> 1. File Type 

The first character indicates the file type. It can be a regular file (-), directory (d), a symbolic link (l), or other special types of files. The following nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last triplet shows everybody else permissions.

In the example above (rw-r--r--) means that the file owner has read and write permissions (rw-), the group and others have only read permissions (r--).

File permissions have a different meaning depending on the file type.

Each of the three permission triplets can be constructed of the following characters and have different effects, depending on whether they are set to a file or to a directory:

Effect of Permissions on Files

PermissionCharacterMeaning on File
Read-The file is not readable. You cannot view the file contents.
rThe file is readable.
Write-The file cannot be changed or modified.
wThe file can be changed or modified.
Execute-The file cannot be executed.
xThe file can be executed.
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set.
When the setuid or setgid flags are set on an executable file, the file is executed with the file's owner and/or group privileges.
SSame as s, but the x flag is not set. This flag is rarely used on files.
tIf found in the others triplet, it sets the sticky bit.
It also means that x flag is set. This flag is useless on files.
TSame as, t but the x flag is not set. This flag is useless on files.

Effect of Permissions on Directories (Folders)

Directories are special types of files that can contain other files and directories.

PermissionCharacterMeaning on Directory
Read-The directory's contents cannot be shown.
rThe directory's contents can be shown.
(e.g., You can list files inside the directory with ls.)
Write-The directory's contents cannot be altered.
wThe directory's contents can be altered.
(e.g., You can create new files, delete files… etc.)
Execute-The directory cannot be changed to.
xThe directory can be navigated using cd.
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory, the new files created within it inherits the directory group ID (GID) instead of the primary group ID of the user who created the file.
setuid has no effect on directories.
SSame as s, but the x flag is not set. This flag is useless on directories.
tIf found in the others triplet, it sets the sticky bit.
It also means that x flag is set. When the sticky bit is set on a directory, only the file's owner, the directory's owner, or the administrative user can delete or rename the files within the directory.
TSame as t, but the x flag is not set. This flag is useless on directories.

Changing File permissions #

The File permissions can be changed using the chmod command. Only root, the file owner, or user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when recursively changing the permissions. The command can accept one or more files and/or directories separated by space as arguments.

Permissions can be specified using a symbolic mode, numeric mode, or a reference file.

Symbolic (Text) Method #

The syntax of the chmod command when using the symbolic mode has the following format:

chmod [OPTIONS] [ugoa… ][-+=]perms… [,… ] FILE… 

The first set of flags ([ugoa… ]), users flags, defines the users' classes for which the permissions to the file are changed.

When the users' flag is omitted, it defaults to a.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

The permissions (perms… ) are explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one to another users' class.

When setting permissions for more than one user classes ([,… ]), use commas (without spaces) to separate the symbolic modes.

Here are some examples of how to use the chmod command in symbolic mode:

Numeric Method #

The syntax of the chmod command when using the symbolic mode has the following format:

chmod [OPTIONS] NUMBER FILE… 

When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time.

The permission number can be a 3 or 4-digits number. When 3 digits number is used, the first digit represents the permissions of the file's owner, the second one the file's group, and the last one all other users.

Each write, read, and execute permissions have the following number value:

The permissions number of a specific user class is represented by the sum of the values of the permissions for that group.

To find out the file's permissions in numeric mode, simply calculate the totals for all users' classes. For example, to give read, write and execute permission to the file's owner, read and execute permissions to the file's group and only read permissions to all other users, you would do the following:

Using the method above, we come up to the number 754, which represents the desired permissions.

To set up the setuid, setgid, and sticky bit flags, use four digits number.

When the 4 digits number is used, the first digit has the following meaning:

The next three digits have the same meaning as when using 3 digits number.

If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is the same as 755.

To calculate the numeric mode, you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.

You can check the file's permissions in the numeric notation using the stat command:

stat -c "%a" file_name 

Here are some examples of how to use the chmod command in numeric mode:

Conclusion #

In Linux, access to the files is restricted using file permissions, attributes, and ownership. To change the file's permissions use the chmod command.

If you have any questions or feedback, feel free to leave a comment.

Vulkan for Linux Users
With each new generation of graphics cards, we see game developers push the limits of graphical fidelity and come one step closer to photorealism. But...
OpenTTD vs Simutrans
Creating your own transport simulation can be fun, relaxing and extremely enticing. That's why you need to make sure that you try out as many games as...
OpenTTD Tutorial
OpenTTD is one of the most popular business simulation games out there. In this game, you need to create a wonderful transportation business. However,...