Linux file permissions, attributes, and ownership play a crucial role in regulating access to files and directories by system processes and users. By employing these controls, the operating system ensures that only authorized individuals and processes can access specific files and directories, thereby enhancing security and preventing unauthorized access.
Linux File Permissions
The fundamental permissions model in Linux operates by linking every file in the system to an owner and a group, and allotting permission access rights to three distinct categories of users:
- The file owner.
- The group members.
- Others (everybody else).
You can learn How to List Users on Linux System
The chown and chgrp commands can be utilized to alter file ownership. There are three types of file permissions that are applicable to every user class:
- The read permission.
- The write permission.
- The execute permission.
By using this concept, you can manage the accessibility of a file, including the ability to read, write, or execute it, for specific users.
To check the file permissions, utilize the ls command:
ls -l file_name
output -rw-r--r-- 12 trioguide users 12.0K Jun 28 10:10 file_name |[-][-][-]- [------] [---] | | | | | | | | | | | | | +-----------> 7. Group | | | | | +-------------------> 6. Owner | | | | +--------------------------> 5. Alternate Access Method | | | +----------------------------> 4. Others Permissions | | +-------------------------------> 3. Group Permissions | +----------------------------------> 2. Owner Permissions +------------------------------------> 1. File Type
The initial symbol in a file’s name denotes its type. This could be a conventional file (–), a directory (d), a symbolic link (l), or another specific type. The ensuing nine characters signify the file’s permissions, divided into three groups of three characters each. The first group signifies the owner’s permissions, the second group represents group permissions, and the final triplet signifies everyone else’s permissions.
In the given example (rw-r–r–), the owner has both read and write permissions (rw-), while the group and others have only read permissions (r–).
However, the meaning of file permissions varies based on the type of file.
The effects of the three permission triplets can vary based on whether they are assigned to a file or a directory. These permission triplets consist of specific characters:
To modify file permissions, use the chmod command. Changing file permissions requires root access, ownership of the file, or sudo privileges. It is crucial to exercise caution when using chmod, particularly when modifying permissions recursively. The command accepts one or more files and directories separated by spaces as arguments.
There are three ways to specify permissions: through a symbolic mode, a numeric mode, or a reference file.
Symbolic or Text Method
When using the symbolic mode, the format of the chmod command’s syntax is as follows:
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...
The initial group of flags ([ugoa…]), referred to as user flags, determines the categories of users whose file permissions are being altered.
u– The file owner.
g– The users who are members of the group.
o– All other users.
a– All users, identical to
If the flag used by the users is not specified, it will default to a.
The operation flags, represented by the symbols [-+=], form the second set of flags and indicate whether the permissions are intended to be added, removed, or set:
-– Removes the specified permissions.
+– Adds specified permissions.
=– Changes the current permissions to the specified permissions. If no permissions are given after the
=symbol, all permissions from the specified user class are removed.
Permissions (perms…) can be explicitly designated by using any combination of the following letters: r, w, x, X, s, and t. When copying permissions from one user class to another, select a single letter from the set u, g, or o.
To assign permissions to multiple user classes ([,…]), separate the symbolic modes using commas (without spaces).
The following are instances of how to utilize the chmod command using the symbolic mode
- Grant the group members the authorization to run the file while restricting their access to read from and write to it:
chmod g=x filename
- Deny writing permission to all users:
chmod a-w filename
- Remove execute permission for other users in a recursive manner:
chmod og-rwx filename
The following form is another way to achieve the same thing:
chmod og= filename
- The file’s owner should be granted read, write, and execute permissions, while the file’s group should be given read permissions. All other users must not be granted any permissions:
chmod u=rwx,g=r,o= filename
When utilizing the symbolic mode, the syntax for the chmod command follows the subsequent format:
chmod [OPTIONS] NUMBER FILE...
By utilizing the numeric mode, it is possible to establish the permissions for the three user categories, namely the owner, group, and all others, concurrently.
If a 3-digit number is used, the permission number can represent different categories. The first digit signifies the owner’s permissions, the second digit indicates the group permissions, and the third digit represents the permissions granted to all other users.
The number value for each permission, including write, read, and execute, is as follows:
r(read) = 4
w(write) = 2
x(execute) = 1
- no permissions = 0
The authorization level assigned to a particular user group is indicated by adding up the individual permission values allocated to that group.
To determine the file’s permissions in numeric mode, you can compute the sum of the permissions for each user class. To grant the file’s owner the ability to read, write, and execute the file, allow the file’s group to read and execute the file, and permit all other users to only read the file, follow these steps:
- Owner: rwx=4+2+1=7
- Group: r-x=4+0+1=5
- Others: r-x=4+0+0=4
The aforementioned approach yields the desired permissions, denoted by the number 754.
The four-digit number is used to configure the setuid, setgid, and sticky bit flags.
If a 4-digit number is being used, the initial digit holds significance in the following manner:
- no changes = 0
The significance of the following three digits remains unchanged when using a number comprising of 3 digits.
The mode can be represented with 3 digits, and if the first digit is 0, it can be omitted. For instance, 0755 is equivalent to 755.
Another method to calculate the numeric mode is available called the binary method, but it is more intricate than the previous one. However, understanding how to determine the numeric mode using 4, 2, and 1 should be adequate for the majority of users.
To obtain the numerical representation of a file’s permissions, you may use the
stat -c "%a" file_name
The following are instances of utilizing the
chmod command in numeric mode:
- Grant the file’s proprietor the ability to read and write, while allowing group members and all other users to have only read privileges:
chmod 644 dirname
- Grant the owner of the file full permissions, including the ability to read, write, and execute it. Allow group members to read and execute the file, but not to write to it. Finally, ensure that all other users have no access to the file whatsoever:
chmod 750 dirname
- To grant permissions to a specific directory, you need to provide read, write, and execute access, as well as add a sticky bit:
chmod 1777 dirname
- The task is to apply read, write, and execute permissions recursively only to the file owner, while denying all permissions to other users, within a specific directory:
chmod -R 700 dirname
In summary, managing file permissions is essential for ensuring the security and integrity of your files in a Linux system. With the
chmod command, you can easily adjust file permissions, ownership, and attributes to restrict or grant access to users and groups. It’s important to understand the different types of file permissions and how they interact with ownership and groups to properly manage file security. If you have any further questions or concerns regarding file permissions in Linux, please feel free to leave a comment or seek further resources for guidance.