Linux - File Permissions

Linux - File Permissions

Linux file permissions play a crucial role in maintaining the security and integrity of the operating system. Understanding how to manage file permissions allows you to control access to files and directories, ensuring only authorized users can read, write, or execute certain files. In this blog, we’ll dive deep into Linux file permissions, explaining how they work, how to change them, and best practices for managing them.

1. Linux File Permission Structure

In Linux, each file and directory is associated with three types of users and three types of permissions. Let’s break these down:

User Types:

  • Owner: The user who created the file or directory.

  • Group: A set of users who share the same group permissions.

  • Others: All other users on the system who are neither the owner nor in the group.

Permission Types:

  • Read (r): Grants permission to read or view the contents of a file.

  • Write (w): Grants permission to modify or delete the file.

  • Execute (x): Grants permission to run a file if it’s a script or program.

You can view the permissions of a file by using the ls -l command:

ls -l file_name

The output looks like this:

-rw-rw-r--

Let’s break this down:

The file permission string -rw-rw-r-- can be broken down as follows:

  1. First character (-): This indicates the file type. The options include:

    • - for a regular file

    • d for a directory

    • l for a symbolic link

In this case, it is a regular file.

  1. Next three characters (rw-): These represent the Owner (user) permissions:

    • r (read) means the owner can read the file.

    • w (write) means the owner can modify the file.

    • - (no execute) means the owner cannot execute the file as a program.

So, the owner has read and write permissions but no execute permissions.

  1. Next three characters (rw-): These represent the Group permissions:

    • r (read) means users in the group can read the file.

    • w (write) means users in the group can modify the file.

    • - (no execute) means group users cannot execute the file as a program.

So, the group has read and write permissions but no execute permissions.

  1. Last three characters (r--): These represent the Others (everyone else) permissions:

    • r (read) means other users can read the file.

    • - (no write) means they cannot modify the file.

    • - (no execute) means they cannot execute the file.

So, others have read-only access.

Summary:

  • Owner: Read and write permissions

  • Group: Read and write permissions

  • Others: Read-only permission

2. Changing File Permissions: chmod Command

To change the permissions of a file or directory, you use the chmod command. There are two ways to set permissions: symbolic and numeric.

a. Symbolic Mode

In symbolic mode, you modify permissions using letters:

  • u for user/owner

  • g for group

  • o for others

  • a for all (user, group, and others)

You can add (+), remove (-), or set (=) specific permissions:

chmod u+x file_name     # Adds execute permission for the owner
chmod g-w file_name     # Removes write permission for the group
chmod a=r file_name     # Sets read-only permission for everyone

b. Numeric Mode

In numeric mode, permissions are represented by a three-digit octal number, where each digit represents the permission for the user, group, and others respectively. Each permission has a numerical value:

  • Read (r) = 4

  • Write (w) = 2

  • Execute (x) = 1

For example, if you want to give the owner read, write, and execute permissions, the group read and execute, and others read-only, the permissions would be rwxr-xr--, which is equivalent to 754:

chmod 754 file_name

Here’s how the permissions work in numeric form:

PermissionNumeric Value
---0
--x1
-w-2
-wx3
r--4
r-x5
rw-6
rwx7

3. Changing Ownership: chown Command

The chown command changes the owner and group of a file or directory. For example, chown ubuntu:dev filename changes the owner to ubuntu and the group to dev.

sudo chown user:group filename

4. Changing Group Ownership: chgrp Command

The chgrp command changes the group ownership of a file or directory.

sudo chgrp group filename

Conclusion

Understanding and managing Linux file permissions is essential for maintaining the security and proper functioning of a Linux system. With chmod, chown you can fine-tune who can access, modify, or execute files and directories. Mastering these tools ensures your Linux environment stays safe and efficient.