File permissions in Linux are a fundamental aspect of system security and control. They determine who can access and modify files and directories. Understanding these permissions is crucial for managing your Linux system effectively.
Here’s a comprehensive overview of Linux file permissions:
1. The Basics:
- Each file and directory in Linux has a set of permissions that define access rights for three categories of users:
- Owner (User): The user who created the file or directory. Group: A group of users who have shared access to the file or directory. Others (World): All other users on the system.
For each category, three types of permissions can be granted or denied:
- Read (r): Allows the user to view the contents of a file or list the contents of a directory. Write (w): Allows the user to modify the contents of a file or create, delete, or rename files within a directory. Execute (x): Allows the user to run a file as a program or enter a directory (making it the current working directory).
2. Representing Permissions:
- Symbolic Notation: This is the most common and human-readable way to represent permissions. A string of 10 characters describes the permissions:
- The first character indicates the file type:
- -: Regular file d: Directory l: Symbolic link c: Character device b: Block device p: Named pipe (FIFO) s: Socket
The next nine characters are grouped into three sets of three, representing the permissions for the owner, group, and others, respectively:
- rwx: Read, write, and execute permissions granted r-x: Read and execute permissions granted, write denied rw-: Read and write permissions granted, execute denied r—: Read permission granted, write and execute denied — wx: Write and execute permissions granted, read denied — w-: Write permission granted, read and execute denied —x: Execute permission granted, read and write denied —: Read, write, and execute permissions denied
Example: -rwxr-xr—
- -: Regular file rwx: Owner has read, write, and execute permissions r-x: Group has read and execute permissions r—: Others have read permission only
Numeric Notation: This method uses numbers to represent permissions. Each permission is assigned a numeric value:
- Read (r) = 4 Write (w) = 2 Execute (x) = 1
To determine the numeric representation for a category of users, add the values of the permissions granted.
Example:
- rwx = 4 + 2 + 1 = 7 r-x = 4 + 0 + 1 = 5 r— = 4 + 0 + 0 = 4 — = 0 + 0 + 0 = 0
A complete set of permissions is represented by a three-digit number, one digit for each category (owner, group, others).
Example: 754
- 7: Owner has read, write, and execute permissions (rwx) 5: Group has read and execute permissions (r-x) 4: Others have read permission only (r—)
3. Viewing Permissions:
- Ls — l: This command lists files and directories in long format, displaying the permissions along with other information like the file size, owner, group, modification date, and file name.
Example:
Ls — l myfile. txt
Output:
-rw-r—r— 1 user group 1024 Jan 1 12:00 myfile. txt
4. Changing Permissions:
- Chmod (change mode): This command is used to modify file permissions.
- Using Symbolic Notation:
O chmod [who][operator][permission] filename
- who: Specifies the category of users to modify (u=user, g=group, o=others, a=all) operator: Specifies the action to perform (+ adds, — removes, = sets) permission: Specifies the permission to add or remove (r, w, x)
Examples:
Chmod u+x myfile. txt # Add execute permission for the owner
Chmod g-w myfile. txt # Remove write permission for the group
Chmod o=r myfile. txt # Set read permission for others (and remove write and execute)
Chmod a+r myfile. txt # Add read permission for everyone
- Using Numeric Notation:
O chmod mode filename
Where mode is a three-digit number representing the desired permissions.
Examples:
Chmod 755 myfile. txt # Set permissions to rwxr-xr-x
Chmod 644 myfile. txt # Set permissions to rw-r—r—
Chmod 777 myfile. txt # Set permissions to rwxrwxrwx (use with caution!)
5. Changing Ownership:
- Chown (change owner): This command is used to change the owner of a file or directory. Requires superuser privileges (using sudo).
· sudo chown new_owner filename
- Chgrp (change group): This command is used to change the group ownership of a file or directory. Requires superuser privileges (using sudo).
· sudo chgrp new_group filename
- Changing both owner and group:
· sudo chown new_owner:new_group filename
6. Special Permissions:
In addition to the basic read, write, and execute permissions, there are three special permissions that can be applied to files and directories:
- Setuid (SUID): When set on an executable file, the file is executed with the privileges of the owner of the file, rather than the user who is running it. Represented by s in the owner’s execute permission slot. Setgid (SGID): When set on an executable file, the file is executed with the privileges of the group owner of the file, rather than the user who is running it. When set on a directory, all new files and subdirectories created within that directory inherit the group ownership of the directory. Represented by s in the group’s execute permission slot. Sticky Bit: When set on a directory, only the owner of a file, the owner of the directory, or the root user can rename or delete files within that directory. Represented by t in the others’ execute permission slot.
To set these special permissions, use chmod with numeric notation:
- Set SUID: chmod 4xxx filename (e. g., chmod 4755 filename) Set SGID: chmod 2xxx filename (e. g., chmod 2755 filename) Set Sticky Bit: chmod 1xxx directoryname (e. g., chmod 1777 directoryname)
7. Default Permissions (umask):
The umask (user file-creation mode mask) command sets the default permissions for newly created files and directories. It defines which permissions are Removed from the default permissions. The default permissions are typically 666 for files and 777 for directories.
To view the current umask value:
Umask
To set a new umask value (e. g., to create files with default permissions of 644):
Umask 022
The umask is often set in your shell’s startup files (e. g., .bashrc, .zshrc).
Examples in Practice:
- Make a script executable:
· chmod +x myscript. sh
- Give a group write access to a directory:
· chmod g+w mydirectory
- Make a file only readable by the owner:
· chmod 400 myfile. txt
- Create a directory where all new files belong to the directory’s group:
· chmod g+s mydirectory
Understanding and correctly managing file permissions is critical for maintaining the security and integrity of your Linux system. Always be mindful of the permissions you are setting and avoid granting unnecessary privileges. Overly permissive permissions can create security vulnerabilities.
