Understanding Linux File Permissions (easy-to-follow thread) π§β
The operating system controls file access in Linux by utilizing file permissions, attributes, and ownership. In Linux, file permissions, attributes, and ownership determine the level of access that system programs and users have to files .
This ensures that only particular directories and files are accessible to authorized users and processes only.
Having knowledge of the Linux file system permissions structure enables you to restrict access to files and directories to only authorized users and processes, hence increasing the level of security of your system.
In Linux, each file is owned by a specific user and a group, and authorization access rights are assigned to three different types of users:
β’ The owner of the file.
β’ The group members.
β’ Others users (everybody else).
β’ The owner of the file.
β’ The group members.
β’ Others users (everybody else).
There are three types of file permissions that apply to each user class and let you determine which users can read, write to, or execute the file.
Here are three types of file permissions that apply to each user class:
β’ The read permission.
β’ The write permission.
β’ The execute permission.
Both files and directories have identical permission properties. However, they have different meanings.
β’ The read permission.
β’ The write permission.
β’ The execute permission.
Both files and directories have identical permission properties. However, they have different meanings.
[+] Read Permission (r)
β’ When the read permission is set, the file can be read; for example, the user can open the file in a text editor (nano, vim, and so on).
β’ The contents of the directory can be viewed. The ls command allows the user to list files within a directory.
β’ When the read permission is set, the file can be read; for example, the user can open the file in a text editor (nano, vim, and so on).
β’ The contents of the directory can be viewed. The ls command allows the user to list files within a directory.
[+] Write Permission (w)
β’ A file that has write permissions can be changed or modified.
β’ If a directory has write permissions, its contents can be modified. The user can create new files, delete existing files, move files, rename files, etc.
β’ A file that has write permissions can be changed or modified.
β’ If a directory has write permissions, its contents can be modified. The user can create new files, delete existing files, move files, rename files, etc.
[+] Execute permission (x)
β’ The file can be run, such as a bash script.
β’ The directory can be entered using the cd command.
β’ The file can be run, such as a bash script.
β’ The directory can be entered using the cd command.
As I have mentioned, file permissions or attributes can be viewed using the ls command. Here is an example:
A breakdown of the ls command output:
The file type is indicated by the first character. It could be a normal file (-), a directory (d), a symbolic link (l), or any other form of file. The file permissions are represented by nine characters, three groups of three characters each.
The first group indicates the owner's permissions, the second group indicates group permissions, and the third is everyone else's permissions.
In the example above, (`-rwxr-xr-x`) means that the file owner has read, write and execute permissions (`rwx`), and the group and others have only read and execute permissions (`r-x`).
[+] File permissions numerical representations:
File permissions can be represented numerically or symbolically. In this thread I will only concentrate on the numerical format.
File permissions can be represented numerically or symbolically. In this thread I will only concentrate on the numerical format.
The permission number might be three or four digits in length, ranging from 0 to 7.
When a three-digit number is used, the first digit denotes the file's owner's permissions, the second the file's group, and the last all other users.
When a three-digit number is used, the first digit denotes the file's owner's permissions, the second the file's group, and the last all other users.
The following numbers represent the write, read, and execute permissions:
β’ r (read) = 4
β’ w (write) = 2
β’ x (execute) = 1
β’ no permissions = 0
β’ r (read) = 4
β’ w (write) = 2
β’ x (execute) = 1
β’ no permissions = 0
The permissions digit of a particular user class is the sum of the permissions values for that class.
Each digit of the permissions number can be an addition of 4, 2, 1, or 0:
Each digit of the permissions number can be an addition of 4, 2, 1, or 0:
β’ 0 (0+0+0) - There is no permission.
β’ 1 (0+0+1) - Execute permission only.
β’ 2 (0+2+0) - Only write access permissions.
β’ 3 (0+2+1) - Permission to write and execute.
β’ 1 (0+0+1) - Execute permission only.
β’ 2 (0+2+0) - Only write access permissions.
β’ 3 (0+2+1) - Permission to write and execute.
β’ 4 (4+0+0) - Read-only permission.
β’ 5 (4+0+1) - Permission to read and execute.
β’ 6 (4+2+0) - Read and write access permissions.
β’ 7 (4+2+1) - Permission to read, write, and execute.
β’ 5 (4+0+1) - Permission to read and execute.
β’ 6 (4+2+0) - Read and write access permissions.
β’ 7 (4+2+1) - Permission to read, write, and execute.
For example, if the permission number is set to 755 it means that the fileβs owner has read, write and execute permission, fileβs group has read and execute permissions, and other users have also read and execute permissions:
Owner: rwx=4+2+1=7
Group: r-x=4+0+1=5
Others: r-x=4+0+1=5
Group: r-x=4+0+1=5
Others: r-x=4+0+1=5
When using a four-digit number, the first digit has the following meaning:
β’ setuid=4
β’ setgid=2
β’ sticky=1
β’ no changes = 0
β’ setuid=4
β’ setgid=2
β’ sticky=1
β’ no changes = 0
If you are having trouble calculating the permissions of your files, here is an online website that can assist you.
Chmod Calculator:
An awesome Chmod Calculator to convert Linux file permissions between different formats.
chmod-calculator.com
Chmod Calculator:
An awesome Chmod Calculator to convert Linux file permissions between different formats.
chmod-calculator.com
That's all! Thank you for getting this far. I hope you find this thread useful.
If you found this thread helpful
1. Toss us a follow for more daily threads on Linux, sysadmin, and DevOpsβ@linuxopsys
2. Like and RT the first tweet so that other Linux users can find it as well.
If you found this thread helpful
1. Toss us a follow for more daily threads on Linux, sysadmin, and DevOpsβ@linuxopsys
2. Like and RT the first tweet so that other Linux users can find it as well.
Loading suggestions...