Understanding Linux File Permissions

Introduction

Before we begin talking about Linux File Permission, let's briefly understand – What is File Permission?

File permissions refer to the settings and attributes that determine who can access, modify, or execute a file in a computer's file system. These permissions help maintain security and control over files by specifying what actions are allowed or restricted for different users or groups.

File permissions, characteristics, and ownership govern the level of access that system programs and users have to files under Linux. This restricts access to certain files and folders to just authorized users and processes.

In this tutorial, you will understand Linux File permission. We will also address a few FAQs on Linux File Permission.

Linux File Permissions

The basic Linux permissions model assigns permission access rights to three separate classes of users by associating each system file with an owner and a group and associating each system file with an owner and a group.

  • The owner of the file.
  • Members of the group.
  • Others are (everybody else).

The chown and chgrp commands can be used to change file ownership.

Each user class has three different sorts of file permissions:

  • The read permission.
  • The write permission
  • The execute permission.

This notion allows you to restrict which users are allowed to access, write, or execute a file.

Use the ls command to see the file permissions:

ls -l file_name
Output

-rw-r--r-- 12 linuxize users 12.0K Apr  28 10:10 file_name
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

The file type is indicated by the first character. It could be a normal file (-), a directory (d), a symbolic link (l), or any other sort of file.

The file permissions are represented by the next nine characters, which are divided into three triplets of three characters each. The first triplet displays owner permissions, the second displays group permissions, and the third triplet displays permissions for everyone else. Depending on the file format, permissions may have different meanings.

(rw-r--r--) signifies that the file owner has read and write permissions (rw-), but the group and others only have read permissions (r--).

Depending on whether they are set to a file or a directory, each of the three permission triplets can be made up of the following characters and have various implications.

Permission Character Meaning on File
Read - The file is not readable. You cannot view the file contents.
r The file is readable.
Write - The file cannot be changed or modified.
w The file can be changed or modified.
Execute - The file cannot be executed.
x The file can be executed.
s If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set. When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
S Same as s but the x flag is not set. This flag is rarely used on files.
t If found in the others triplet it sets the sticky bit. It also means that x flag is set. This flag is useless on files.
T Same as t but the x flag is not set. This flag is useless on files.

Effect of Permissions on Directories (Folders)

Directories on Linux are unique file types that include other files and directories.

Permission Character Meaning on File
Read - The directory’s contents cannot be shown.
r The directory’s contents can be shown. (e.g. You can list files inside the directory with ls.)
Write - The directory’s contents cannot be altered.
w The directory’s contents can be altered. (e.g. You can create new files, delete files ..etc.)
Execute - The directory cannot be changed to.
x The directory can be navigated using cd.
s If found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file. setuid has no effect on directories.
S Same as s but the x flag is not set. This flag is useless on directories.
t If found in the others triplet it sets the sticky bit. It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory.
T Same as t but the x flag is not set. This flag is useless on directories.

Changing File Permissions

The chmod command can be used to modify the permissions of a file. A file's permissions can only be changed by root, the file owner, or a user with sudo access. When using chmod, be extremely cautious, especially if you're modifying permissions recursively. As arguments, the command can take one or more files and/or folders separated by spaces.

A symbolic mode, numeric mode, or a reference file can all be used to specify permissions.

Symbolic (Text) Method

When using the symbolic mode, the syntax of the chmod command is as follows:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

The first set of flags, ([ugoa…]), defines which user's classes have their file permissions altered.

  • u - The owner of the file.
  • g- The users who belong to the group.
  • o - Everyone else.
  • a - All users, the same as ugo.

If the user's flag is not specified, the default value is a, and umask permissions are unaffected.

The operation flags, the second set of flags ([-+=]), determine whether permissions are to be withdrawn, added, or set:

  • = - Changes the existing permissions to the supplied permissions. All rights from the specified user class are removed if no permissions are specified following the = sign.
  • - - Removes the specified permissions.
  • + - Adds the specified permissions.

Permissions (perms...) can be established explicitly by entering zero or one or more of the letters r, w, x, X, s, and t. When copying rights from one user class to another, use a single letter from the set u, g, and o.

Use commas (no spaces) to separate the symbolic modes when defining rights for several user classes ([,…]).

Here are some examples of how to use the symbolic mode of the chmod command:

  • Give group members permission to run the file, but not to read or write to it:
chmod g=x filename
  • Remove all users' write permissions:
chmod a-w filename
  • Remove the execute permission for all other users in a recursive manner:
chmod -R o-x dirname
  • All users except the file's owner should have read, write, and execute permissions removed:
chmod og-rwx filename
  • The following form can also be used to accomplish the same thing:
chmod og= filename
  • Give the file's owner read, write, and execute permissions, read permissions to the file's group, and no permissions to everyone else:
chmod u=rwx,g=r,o= filename

Numeric Method

When using the numeric technique, the chmod command has the following syntax:

chmod [OPTIONS] NUMBER FILE...

You can specify rights for all three user classes (owner, group, and all others) at the same time while utilizing the numeric mode.

The NUMBER can be three or four digits long.

When a three-digit number is used, the first digit represents the file's owner's permissions, the second represents the file's group, and the third represents all other users.

The following number value is assigned to each write, read, and execute permission:

  • r = 4 (read)
  • w (write) = 2
  • x (execute) = 1
  • no permissions = 0

The total of the values of the permissions for a certain user class represents the number of permissions for that group.

Calculate the totals for all user classes to determine the file's permissions in numeric mode. For example, to provide the file's owner read, write, and execute permissions, read and execute permissions to the file's group, and just read permissions to all other users, you'd do the following:

  • Owner: rwx=4+2+1=7
  • Group: r-x=4+0+1=5
  • Others: r-x=4+0+0=4

We arrive at the number 754, which reflects the needed permissions, using the approach outlined above.

Use a four-digit number to set the setuid, setgid, and sticky bit flags.

The first digit of a four-digit number has the following meaning:

  • setuid=4
  • setgid=2
  • sticky=1
  • no changes = 0

The meaning of the next three digits is the same as when using a three-digit number.

If the initial digit is 0, the model can be represented with only three digits. The numeric mode 0755 is the same as the numerical mode 755.

Another method (binary method) can be used to calculate the numeric mode, however, it is a little more involved. For most users, knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient.

The stat command can be used to check the file's permissions in numeric notation:

stat -c "%a" filename
Output

644

In numeric mode, here are some examples of how to use the chmod command:

  • Give the file's owner read and write permissions, but only give group members and other users read permissions:
  • Give the file's owner read, write, and execute permissions, group members read and execute permissions, and all other users no permissions:
  • Give a directory read, write, and execute rights, as well as a sticky bit:
  • Set read, write, and execute permissions for the file owner and none for all other users on a directory recursively:
chmod 644 dirname
chmod 750 dirname
chmod 1777 dirname
chmod -R 700 dirname

FAQs to Linux File Permission

How are Linux file permissions represented? 

Linux file permissions are represented by a combination of letters and symbols, such as r for read, w for write, and x for execute.

How many levels of permissions are there on Linux?

Linux file permissions are divided into three levels: user/owner, group, and other. Each level can have different access rights.

How do I check file permissions on Linux? 

Use the ls -l command in the terminal to display file permissions, which will be shown as a series of letters and symbols.

How can I change file permissions on Linux?

A: The chmod command is used to change file permissions on Linux. It allows you to grant or revoke read, write, and execute permissions.

What is the meaning of numeric file permissions like 755 or 644? 

Numeric file permissions represent the same access rights as the letters and symbols. For example, 755 means read, write, and execute for the owner, and read and execute for others.

How can I change file ownership on Linux?

The chown command is used to change file ownership on Linux. It allows you to assign files to specific users or groups.

How do I give executable permission to a shell script? 

Use the chmod +x command followed by the shell script's filename to grant executable permissions to the script.

Conclusion

Access to files on Linux is controlled by file permissions, attributes, and ownership. Use the chmod command to alter the file's permissions.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.