Linux file and directory permissions
Linux permission is a very interesting topic. It is part of Linux security and mandatory knowledge for Linux administration. Linux permission controls all files and directories in the Linux system. So every Linux user must understand how Linux permission works including end user, who only uses desktop application or x-window.
There are three types of file and directory permissions in Linux; read, write and execute. Those permissions must be assigned to three different types of users; owner (user), group and others. This is a unique permission system derived from Unix file and directory's permission style.
The Linux command used to manipulate file and directory permission is chmod command. In this tutorial, you are going to learn and practice chmod command to change file and directory permissions in the Linux system.
Issue 'su -' command to switch to root environment. Change directory to a normal user's home directory. Create a new file called permission.txt. View the content with 'ls -l'. See step by step example below:
luzar@slackware:~/owner$ su -
Password:
root@slackware:~# cd /home/luzar/
root@slackware:/home/luzar# touch permission.txt
root@slackware:/home/luzar# ls -l
total 4
-rw-r--r-- 1 root root 1 2006-01-16 15:49
permission.txt
root@slackware:/home/luzar#
|
Let's take a closer look at the 'permission.txt' file permissions (-rw-r--r--). The Linux file permission is divided into 3 groups like this:
| ? | Owner | Group | Others |
|---|---|---|---|
| - | r w - | r - - | r - - |
As you can see from the table above, Linux file permission concerns owner (or user), groups and others (or the world). Owner is the user who creates the file. Group is the group name that the owner belongs to or assigned. Others is everybody else, other users in the system whose not in the group or anonymous users. When assigning a file permission or a directory permission, a character is used to represent owner (user), group and others. Each character is shown below:
| Character | Represent |
|---|---|
| u | user |
| g | group |
| o | others |
There are four characters used in the Linux file permission, as you can see from the example above, which are r, w, x, - . The table below shows the meaning of r, w, x, -:
| Symbol | Meaning |
|---|---|
| r | read |
| w | write |
| x | execute |
| - | no permission |
If you have the 'r' permission, you can view the subject (file or directory).
If you have the 'w' permission, you can edit the subject (file or directory).
If you have the 'x' permission, you can run or execute the subject (a program or binary file).
If you have the '-' permission, that means you don't have any permission ;-)
That's it. Did I miss something? Yes, what about the first (-) character right before the owner permission? It has special meaning. It indicates the subject, whether it is a file, directory or symbolic link. Here's the complete list of other characters at the beginning of Linux permissions and what it means:
| Characters | Meaning |
|---|---|
| - | Regular file |
| d | Directory |
| l | Link |
| c | Special file |
| s | Socket |
| p | Named pipe |
Another method used to set Linux file permission is the octal system. The octal system uses numbers to represent permissions. Here is the list of octal system:
- 0 = No permission
- 1 = Execute permission
- 2 = Write permission
- 3 = Write and execute permissions
- 4 = Read permission
- 5 = Read and execute permissions
- 6 = Read and write permissions
- 7 = Read, write and execute permissions
As you can see from the table below, the essential numbers are 1,2 and 4 which represent execute, write and read permissions respectively. Other numbers are just the sum of adding those numbers together.
Sometimes the octal permission is used as a whole permissions for owner, group and others. The example is shown in the table below:
| Octal number | Permission |
|---|---|
| 0000 | No permission |
| 0100 | Execute permission for owner |
| 0200 | Write permission for owner |
| 0400 | Read permission for owner |
| 0010 | Execute permission for group |
| 0020 | Write permission for group |
| 0040 | Read permission for group |
| 0001 | Execute permission for others |
| 0002 | Write permission for others |
| 0004 | Read permission for others |
| 1000 | Sticky bit |
| 2000 | Apply the special permission SETGID bit |
| 4000 | Apply the special permission SETUID bit |
Linux chmod command
Let's try practicing the Linux permission we just learned. We are going to change permission of a file first and followed by changing directory permission. The command to change the Linux file permission is 'chmod'. Let's see the first example below:
root@slackware:/home/luzar# ls -l
total 4
-rw-r--r-- 1 root root 1 2006-01-16 15:49 permission.txt
root@slackware:/home/luzar# chmod ugo+x permission.txt
root@slackware:/home/luzar# ls -l
total 4
-rwxr-xr-x 1 root root 1 2006-01-16 15:49 permission.txt*
root@slackware:/home/luzar#
|
The command 'chmod ugo+x' means we want to give 'x', which is an execute permission to owner(u), group(g) and others(o) for the 'permission.txt' file.
How do we remove a Linux file permission? See example below:
root@slackware:/home/luzar# chmod go-rx permission.txt
root@slackware:/home/luzar# ls -l
total 4
-rwx------ 1 root root 1 2006-01-16 15:49 permission.txt* |
Now we removed read and execute permission from group(g) and others(o) for the permission.txt file.
Our next example is to use octal numbers to change file permissions in Linux. Octal numbers have been used widely to describes file or directory permission in Linux system. It is faster using octal numbers to change Linux file or directory permissions and easier than the first method. Let's see some examples of changing Linux file permission using octal numbers.
The first example is we are going to change 'permission.txt' file using octal numbers and giving owner read and write permission , group a read permission and others a read permission too. This is a normal permission for file in Linux system.
root@slackware:/home/luzar# ls -l -rwx------ 1 root root 0 2009-02-21 07:33 permission.txt* root@slackware:/home/luzar# chmod 644 permission.txt root@slackware:/home/luzar# ls -l -rw-r--r-- 1 root root 0 2009-02-21 07:33 permission.txt |
We can also change permissions for multiple files at once. What I am going to do is to give all the snapshot files a write permission for groups and others.
root@slackware:~# ls -l total 624 drwx------ 2 root root 4096 2008-09-07 00:45 Desktop/ -rw-r--r-- 1 root root 1808 2002-04-17 12:21 loadlin16c.txt -rw-r--r-- 1 root root 97874 2002-04-17 12:20 loadlin16c.zip -rw-r--r-- 1 root root 12962 2008-09-17 01:41 manual.mantxt -rw-r--r-- 1 root root 84669 2008-09-11 01:13 snapshot1.png -rw-r--r-- 1 root root 100439 2008-09-11 01:14 snapshot2.png -rw-r--r-- 1 root root 113450 2008-09-11 01:14 snapshot3.png -rw-r--r-- 1 root root 99071 2008-09-11 01:14 snapshot4.png -rw-r--r-- 1 root root 84640 2008-09-11 01:15 snapshot5.png root@slackware:~# chmod 666 snapshot*.png root@slackware:~# ls -l total 624 drwx------ 2 root root 4096 2008-09-07 00:45 Desktop/ -rw-r--r-- 1 root root 1808 2002-04-17 12:21 loadlin16c.txt -rw-r--r-- 1 root root 97874 2002-04-17 12:20 loadlin16c.zip -rw-r--r-- 1 root root 12962 2008-09-17 01:41 manual.mantxt -rw-rw-rw- 1 root root 84669 2008-09-11 01:13 snapshot1.png -rw-rw-rw- 1 root root 100439 2008-09-11 01:14 snapshot2.png -rw-rw-rw- 1 root root 113450 2008-09-11 01:14 snapshot3.png -rw-rw-rw- 1 root root 99071 2008-09-11 01:14 snapshot4.png -rw-rw-rw- 1 root root 84640 2008-09-11 01:15 snapshot5.png root@slackware:~# |
As you can see, the original Linux file permission for snapshot files are 644 . We use chmod 666, the devil command to give write permission to the groups and others.
That's it. If you want to play around with ownership and permissions, I must remind you to exit root and use a normal user instead. Now, before you exit root, let's change permission.txt file once again:
root@slackware:/home/luzar# chmod 600 permission.txt root@slackware:/home/luzar# ls -l -rw------- 1 root root 0 2009-02-21 07:33 permission.txt |
Now we can exit root and open permission.txt file as a normal user:
luzar@slackware:~$ cat permission.txt cat: permission.txt: Permission denied luzar@slackware:~$ |
Well that's what Linux permission means. Practice hard to get a better understanding of Linux permission concept. Good luck.