Linux, like other operating systems, uses file permissions to control who can access, modify files and directories. In this blog post, we’ll take a closer look at Linux file permissions, including what they are, how they work, and how to use them.
File permission categories
File permissions in Linux are represented by a combination of letters and symbols. The permissions are grouped into three categories. Each category has its own set of permissions that determine who can access and modify the file.
- Owner: The owner of a file is the user who created it. This user has the most control over the file, and can set the permissions for the other categories. The owner can have read, write, and execute permissions for the file.
- Group: The group is a collection of users who have access to the file. The group permissions apply to all users who belong to the group associated with the file. The group can have read, write, and execute permissions for the file.
- Others: The others category includes all other users on the system who are not the owner or part of the group associated with the file. These users have the least amount of control over the file, and can have read, write, and execute permissions for the file.
It’s worth noting that some files, such as system files and directories, are owned by the root user and group. The root user has superuser privileges, and can access and modify any file on the system, regardless of the file’s permissions.
By managing file permissions properly, you can ensure that sensitive files are protected and that other users have the appropriate level of access to the files they need. For example, you can set a file to be readable by everyone but writable only by the owner. Or you can set a directory to be executable by everyone so that they can access the files inside it, but not writable, so they can’t modify the files in it.
You can also create a group and add users to it and give them specific permissions to access the files or directories you want to share with them.
Types of permissions
Each category has three types of permissions: read, write, and execute.
- Read (r): The read permission allows a user to view the contents of a file. When a file has read permission, a user can open the file and read its contents, but they cannot make any changes to the file.
- Write (w): The write permission allows a user to modify the contents of a file. When a file has write permission, a user can open the file and make changes to its contents, such as adding or deleting text.
- Execute (x): The execute permission allows a user to run a file as a program. When a file has execute permission, a user can run the file as a command or script. For a directory, execute permission allows the user to access files and directories inside the directory.
You can view the permissions of a file or directory using the
ls -l command. This command will list the files and directories in a directory, along with their permissions, ownership, and other information. For example, the output of
ls -l might look like this:
-rw-r--r-- 1 user1 users 100 Jan 15 14:22 file1.txt
-rwxrwxrwx 1 user1 users 200 Jan 15 14:22 file2.txt
drwxrwxrwx 2 user2 users 4096 Jan 15 14:22 dir1
The output of this command is organized into columns, each of which contains specific information about the files and directories.
- File Type (first column): The first column of the output shows the file type. The first character of the output shows whether the item is a file or directory. A
-indicates a regular file, while a
dindicates a directory.
- Permissions (next nine characters): The next nine characters represent the permissions for the owner, group, and others, respectively. The permissions are represented by a combination of letters and symbols.
rwxindicates read, write and execute permission,
rw-indicates read and write permission,
r-xindicates read and execute permission, and
r--indicates read permission.
- Hard Link count (next column): The next column shows the number of hard links to the file. A hard link is a directory entry that points to the same inode as the original file.
- Ownership (next two columns): The next two columns show the ownership of the file. The first column shows the username of the owner, and the second column shows the name of the group associated with the file.
- Size (next column): The next column shows the size of the file in bytes.
- Modification Time (next column): The next column shows the last modification time of the file. The date and time are displayed in the format
month day timeor
month day time YYYY.
- File/Directory name (last column): The last column shows the name of the file or directory.
chmod command to change file permissions
To set or change the permissions of a file or directory, you can use the
chmod command takes a numerical value, called a mode, that represents the permissions for the file. The mode is composed of three digits, each representing the permissions for the owner, group, and others, respectively.
The digits can be calculated by adding up the value of the permissions you want to set. The values of the permissions are as follows:
rwx(read, write, and execute) = 7
rw-(read and write) = 6
r-x(read and execute) = 5
r--(read only) = 4
-wx(write and execute) = 3
-w-(write only) = 2
--x(execute only) = 1
---(no permission) = 0
NOTE: the values is driven by converting binary representation to octal. e.g. r-x is equivalent to 101 i.e. 5. Similarly rw- is equivalent to 110 i.e. 6.
For example, the command
chmod 755 file1.txt would give the owner full permissions (read, write, and execute) while the group and others would have read and execute permissions.
Another way of setting permissions is using the letters
u for owner,
g for group,
o for others and
a for all, along with
- to add or remove permissions, and
= to set the permissions exactly. For example, the command
chmod u+x file1.txt would add execute permission to the owner of the file1.txt.
You can also use the
chmod command to set permissions recursively on a directory and all its contents. You can use the -R flag to achieve this. For example, the command
chmod -R 755 mydir would give the owner full permissions and others read and execute permission on all the files and subdirectories within mydir.
It’s important to note that the
chmod command can be used by the owner of a file or by the root user. Also, permissions set on a file or directory only affect the user’s ability to access the file, it doesn’t encrypt or protect the file’s content.
You can also change ownership of the file using
chown command. For example,
chown new_owner:new_group file1.txt would change the owner and group of file1.txt to new_owner and new_group respectively.
The file permission is used to control the access, modify files and directories. To read about the “Linux file system and directory structure“, please click here. It explains the directory structure of Linux.