Home » Linux » Understanding Linux File Permissions 2024 [Explained]
Linux

Understanding Linux File Permissions 2024 [Explained]

March 30, 2023
0
Understanding Linux File Permissions

Linux file permissions, attributes, and ownership play a crucial role in regulating access to files and directories by system processes and users. By employing these controls, the operating system ensures that only authorized individuals and processes can access specific files and directories, thereby enhancing security and preventing unauthorized access.

Table of content

Linux File Permissions

The fundamental permissions model in Linux operates by linking every file in the system to an owner and a group, and allotting permission access rights to three distinct categories of users:

  • The file owner.
  • The group members.
  • Others (everybody else).

You can learn How to List Users on Linux System

The chown and chgrp commands can be utilized to alter file ownership. There are three types of file permissions that are applicable to every user class:

  • The read permission.
  • The write permission.
  • The execute permission.

By using this concept, you can manage the accessibility of a file, including the ability to read, write, or execute it, for specific users.

To check the file permissions, utilize the ls command:

ShellScript
ls -l file_name
ShellScript
output

-rw-r--r-- 12 trioguide users 12.0K Jun  28 10:10 file_name
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

The initial symbol in a file’s name denotes its type. This could be a conventional file (), a directory (d), a symbolic link (l), or another specific type. The ensuing nine characters signify the file’s permissions, divided into three groups of three characters each. The first group signifies the owner’s permissions, the second group represents group permissions, and the final triplet signifies everyone else’s permissions.

In the given example (rw-r–r–), the owner has both read and write permissions (rw-), while the group and others have only read permissions (r–).

However, the meaning of file permissions varies based on the type of file.

The effects of the three permission triplets can vary based on whether they are assigned to a file or a directory. These permission triplets consist of specific characters:

Effect of Permissions on Files

PermissionCharacterMeaning on File
Read-The file is not readable. You cannot view the file contents.
rThe file is readable.
Write-The file cannot be changed or modified.
wThe file can be changed or modified.
Execute-The file cannot be executed.
xThe file can be executed.
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set.
When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
SSame as s, but the x flag is not set. This flag is rarely used on files.
tIf found in the others triplet, it sets the sticky bit.
It also means that x flag is set. This flag is useless on files.
TSame as, t but the x flag is not set. This flag is useless on files.

Effect of Permissions on Directories (Folders)

Directories are special types of files that can contain other files and directories.

PermissionCharacterMeaning on Directory
Read-The directory’s contents cannot be shown.
rThe directory’s contents can be shown.
(e.g., You can list files inside the directory with ls .)
Write-The directory’s contents cannot be altered.
wThe directory’s contents can be altered.
(e.g., You can create new files , delete files ..etc.)
Execute-The directory cannot be changed to.
xThe directory can be navigated using cd .
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory, the new files created within it inherits the directory group ID (GID) instead of the primary group ID of the user who created the file.
setuid has no effect on directories.
SSame as s, but the x flag is not set. This flag is useless on directories.
tIf found in the others triplet, it sets the sticky bit.
It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or the administrative user can delete or rename the files within the directory.
TSame as t, but the x flag is not set. This flag is useless on directories.

Changing File permissions

To modify file permissions, use the chmod command. Changing file permissions requires root access, ownership of the file, or sudo privileges. It is crucial to exercise caution when using chmod, particularly when modifying permissions recursively. The command accepts one or more files and directories separated by spaces as arguments.

There are three ways to specify permissions: through a symbolic mode, a numeric mode, or a reference file.

Symbolic or Text Method

When using the symbolic mode, the format of the chmod command’s syntax is as follows:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

The initial group of flags ([ugoa…]), referred to as user flags, determines the categories of users whose file permissions are being altered.

  • u – The file owner.
  • g – The users who are members of the group.
  • o – All other users.
  • a – All users, identical to ugo.

If the flag used by the users is not specified, it will default to a.

The operation flags, represented by the symbols [-+=], form the second set of flags and indicate whether the permissions are intended to be added, removed, or set:

  • - – Removes the specified permissions.
  • + – Adds specified permissions.
  • = – Changes the current permissions to the specified permissions. If no permissions are given after the = symbol, all permissions from the specified user class are removed.

Permissions (perms…) can be explicitly designated by using any combination of the following letters: r, w, x, X, s, and t. When copying permissions from one user class to another, select a single letter from the set u, g, or o.

To assign permissions to multiple user classes ([,…]), separate the symbolic modes using commas (without spaces).

The following are instances of how to utilize the chmod command using the symbolic mode

  • Grant the group members the authorization to run the file while restricting their access to read from and write to it:
ShellScript
 chmod g=x filename
  • Deny writing permission to all users:
ShellScript
 chmod a-w filename
  • Remove execute permission for other users in a recursive manner:
ShellScript
chmod og-rwx filename

The following form is another way to achieve the same thing:

ShellScript
chmod og= filename
  • The file’s owner should be granted read, write, and execute permissions, while the file’s group should be given read permissions. All other users must not be granted any permissions:
ShellScript
chmod u=rwx,g=r,o= filename

Numeric Method

When utilizing the symbolic mode, the syntax for the chmod command follows the subsequent format:

ShellScript
chmod [OPTIONS] NUMBER FILE...

By utilizing the numeric mode, it is possible to establish the permissions for the three user categories, namely the owner, group, and all others, concurrently.

If a 3-digit number is used, the permission number can represent different categories. The first digit signifies the owner’s permissions, the second digit indicates the group permissions, and the third digit represents the permissions granted to all other users.

The number value for each permission, including write, read, and execute, is as follows:

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1
  • no permissions = 0

The authorization level assigned to a particular user group is indicated by adding up the individual permission values allocated to that group.

To determine the file’s permissions in numeric mode, you can compute the sum of the permissions for each user class. To grant the file’s owner the ability to read, write, and execute the file, allow the file’s group to read and execute the file, and permit all other users to only read the file, follow these steps:

  • Owner: rwx=4+2+1=7
  • Group: r-x=4+0+1=5
  • Others: r-x=4+0+0=4

The aforementioned approach yields the desired permissions, denoted by the number 754.

The four-digit number is used to configure the setuid, setgid, and sticky bit flags.

If a 4-digit number is being used, the initial digit holds significance in the following manner:

  • setuid=4
  • setgid=2
  • sticky=1
  • no changes = 0

The significance of the following three digits remains unchanged when using a number comprising of 3 digits.

The mode can be represented with 3 digits, and if the first digit is 0, it can be omitted. For instance, 0755 is equivalent to 755.

Another method to calculate the numeric mode is available called the binary method, but it is more intricate than the previous one. However, understanding how to determine the numeric mode using 4, 2, and 1 should be adequate for the majority of users.

To obtain the numerical representation of a file’s permissions, you may use the stat command:

ShellScript
stat -c "%a" file_name

The following are instances of utilizing the chmod command in numeric mode:

  • Grant the file’s proprietor the ability to read and write, while allowing group members and all other users to have only read privileges:
ShellScript
chmod 644 dirname
  • Grant the owner of the file full permissions, including the ability to read, write, and execute it. Allow group members to read and execute the file, but not to write to it. Finally, ensure that all other users have no access to the file whatsoever:
ShellScript
chmod 750 dirname
  • To grant permissions to a specific directory, you need to provide read, write, and execute access, as well as add a sticky bit:
ShellScript
chmod 1777 dirname
  • The task is to apply read, write, and execute permissions recursively only to the file owner, while denying all permissions to other users, within a specific directory:
ShellScript
chmod -R 700 dirname

Conclusion

In summary, managing file permissions is essential for ensuring the security and integrity of your files in a Linux system. With the chmod command, you can easily adjust file permissions, ownership, and attributes to restrict or grant access to users and groups. It’s important to understand the different types of file permissions and how they interact with ownership and groups to properly manage file security. If you have any further questions or concerns regarding file permissions in Linux, please feel free to leave a comment or seek further resources for guidance.

Alex

Alex

Hey there! My name is Alex and I'm a professional content writer. I'm also lucky enough to be part of an amazing trio team! I absolutely love what I do and I'm passionate about creating content that engages, informs, and entertains. Whether it's writing blog posts, website copy, or social media content, I always strive to deliver high-quality work that exceeds expectations.

Related Articles
We will be happy to hear your thoughts

Leave a reply

TrioGuide – Your trusted source of the content encyclopedia. We aim to provide Tech Tutorials, Articles, and Guidelines on what we need in daily life.

TrioGuide
Logo