Linux file and directory permissions

Linux permission is a very interesting topic. It is part of Linux security and mandatory knowledge for Linux administration. Linux permission controls all files and directories in the Linux system. So every Linux user must understand how Linux permission works including end user, who only uses desktop application or x-window.

There are three types of file and directory permissions in Linux; read, write and execute. Those permissions must be assigned to three different types of users; owner (user), group and others. This is a unique permission system derived from Unix file and directory's permission style.

The Linux command used to manipulate file and directory permission is chmod command. In this tutorial, you are going to learn and practice chmod command to change file and directory permissions in the Linux system.

Issue 'su -' command to switch to root environment. Change directory to a normal user's home directory. Create a new file called permission.txt. View the content with 'ls -l'. See step by step example below:

[email protected]:~/owner$ su -
Password:
[email protected]:~# cd /home/luzar/
[email protected]:/home/luzar# touch permission.txt
[email protected]:/home/luzar# ls -l
total 4
-rw-r--r-- 1 root root 1 2006-01-16 15:49
permission.txt
[email protected]:/home/luzar#

Let's take a closer look at the 'permission.txt' file permissions (-rw-r--r--). The Linux file permission is divided into 3 groups like this:

? Owner Group Others
- r w - r - - r - -

As you can see from the table above, Linux file permission concerns owner (or user), groups and others (or the world). Owner is the user who creates the file. Group is the group name that the owner belongs to or assigned. Others is everybody else, other users in the system whose not in the group or anonymous users. When assigning a file permission or a directory permission, a character is used to represent owner (user), group and others. Each character is shown below:

Character Represent
u user
g group
o others

There are four characters used in the Linux file permission, as you can see from the example above, which are r, w, x, - . The table below shows the meaning of r, w, x, -:

Symbol Meaning
r read
w write
x execute
- no permission

If you have the 'r' permission, you can view the subject (file or directory).

If you have the 'w' permission, you can edit the subject (file or directory).

If you have the 'x' permission, you can run or execute the subject (a program or binary file).

If you have the '-' permission, that means you don't have any permission ;-)

That's it. Did I miss something? Yes, what about the first (-) character right before the owner permission? It has special meaning. It indicates the subject, whether it is a file, directory or symbolic link. Here's the complete list of other characters at the beginning of Linux permissions and what it means:

Characters Meaning
- Regular file
d Directory
l Link
c Special file
s Socket
p Named pipe

Another method used to set Linux file permission is the octal system. The octal system uses numbers to represent permissions. Here is the list of octal system:

  • 0 = No permission
  • 1 = Execute permission
  • 2 = Write permission
  • 3 = Write and execute permissions
  • 4 = Read permission
  • 5 = Read and execute permissions
  • 6 = Read and write permissions
  • 7 = Read, write and execute permissions

As you can see from the table below, the essential numbers are 1,2 and 4 which represent execute, write and read permissions respectively. Other numbers are just the sum of adding those numbers together.

Sometimes the octal permission is used as a whole permissions for owner, group and others. The example is shown in the table below:

Octal number Permission
0000 No permission
0100 Execute permission for owner
0200 Write permission for owner
0400 Read permission for owner
0010 Execute permission for group
0020 Write permission for group
0040 Read permission for group
0001 Execute permission for others
0002 Write permission for others
0004 Read permission for others
1000 Sticky bit
2000 Apply the special permission SETGID bit
4000 Apply the special permission SETUID bit

Linux chmod command

Let's try practicing the Linux permission we just learned. We are going to change permission of a file first and followed by changing directory permission. The command to change the Linux file permission is 'chmod'. Let's see the first example below:


[email protected]:/home/luzar# ls -l
total 4
-rw-r--r-- 1 root root 1 2006-01-16 15:49 permission.txt
[email protected]:/home/luzar# chmod ugo+x permission.txt
[email protected]:/home/luzar# ls -l
total 4
-rwxr-xr-x 1 root root 1 2006-01-16 15:49 permission.txt*
[email protected]:/home/luzar#

The command 'chmod ugo+x' means we want to give 'x', which is an execute permission to owner(u), group(g) and others(o) for the 'permission.txt' file.

How do we remove a Linux file permission? See example below:


[email protected]:/home/luzar# chmod go-rx permission.txt
[email protected]:/home/luzar# ls -l
total 4
-rwx------ 1 root root 1 2006-01-16 15:49 permission.txt*

Now we removed read and execute permission from group(g) and others(o) for the permission.txt file.

Our next example is to use octal numbers to change file permissions in Linux. Octal numbers have been used widely to describes file or directory permission in Linux system. It is faster using octal numbers to change Linux file or directory permissions and easier than the first method. Let's see some examples of changing Linux file permission using octal numbers.

The first example is we are going to change 'permission.txt' file using octal numbers and giving owner read and write permission , group a read permission and others a read permission too. This is a normal permission for file in Linux system.

[email protected]:/home/luzar# ls -l
-rwx------ 1 root root 0 2009-02-21 07:33 permission.txt*
[email protected]:/home/luzar# chmod 644 permission.txt
[email protected]:/home/luzar# ls -l
-rw-r--r-- 1 root root 0 2009-02-21 07:33 permission.txt

We can also change permissions for multiple files at once. What I am going to do is to give all the snapshot files a write permission for groups and others.

[email protected]:~# ls -l
total 624
drwx------ 2 root root 4096 2008-09-07 00:45 Desktop/
-rw-r--r-- 1 root root 1808 2002-04-17 12:21 loadlin16c.txt
-rw-r--r-- 1 root root 97874 2002-04-17 12:20 loadlin16c.zip
-rw-r--r-- 1 root root 12962 2008-09-17 01:41 manual.mantxt
-rw-r--r-- 1 root root 84669 2008-09-11 01:13 snapshot1.png
-rw-r--r-- 1 root root 100439 2008-09-11 01:14 snapshot2.png
-rw-r--r-- 1 root root 113450 2008-09-11 01:14 snapshot3.png
-rw-r--r-- 1 root root 99071 2008-09-11 01:14 snapshot4.png
-rw-r--r-- 1 root root 84640 2008-09-11 01:15 snapshot5.png

[email protected]:~# chmod 666 snapshot*.png
[email protected]:~# ls -l
total 624
drwx------ 2 root root 4096 2008-09-07 00:45 Desktop/
-rw-r--r-- 1 root root 1808 2002-04-17 12:21 loadlin16c.txt
-rw-r--r-- 1 root root 97874 2002-04-17 12:20 loadlin16c.zip
-rw-r--r-- 1 root root 12962 2008-09-17 01:41 manual.mantxt
-rw-rw-rw- 1 root root 84669 2008-09-11 01:13 snapshot1.png
-rw-rw-rw- 1 root root 100439 2008-09-11 01:14 snapshot2.png
-rw-rw-rw- 1 root root 113450 2008-09-11 01:14 snapshot3.png
-rw-rw-rw- 1 root root 99071 2008-09-11 01:14 snapshot4.png
-rw-rw-rw- 1 root root 84640 2008-09-11 01:15 snapshot5.png
[email protected]:~#

As you can see, the original Linux file permission for snapshot files are 644 . We use chmod 666, the devil command to give write permission to the groups and others.

That's it. If you want to play around with ownership and permissions, I must remind you to exit root and use a normal user instead. Now, before you exit root, let's change permission.txt file once again:

[email protected]:/home/luzar# chmod 600 permission.txt
[email protected]:/home/luzar# ls -l
-rw------- 1 root root 0 2009-02-21 07:33 permission.txt

Now we can exit root and open permission.txt file as a normal user:

[email protected]:~$ cat permission.txt
cat: permission.txt: Permission denied
[email protected]:~$

Well that's what Linux permission means. Practice hard to get a better understanding of Linux permission concept. Good luck.

Comments

1

At the end, "Now we can exit root and open permission.txt file as a normal user:" confused me at first. I would change it to "Now exit root and try to open permission.txt file as a normal user:"

Add new comment