Linux Files and Directories Permissions

Each file and directory has three user based permission groups:

  • Owner/User (u)- The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.
  • Group (g)- The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.
  • Others (o)- The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

01. Types of Permissions:

Each file or directory has three basic permission types:

  • read – The Read permission refers to a user’s capability to read the contents of the file, represented as (r) OR binary as (4) to set permissions.
  • write – The Write permissions refer to a user’s capability to write or modify a file or directory, represented as (w) OR binary as (2) to set permissions.
  • execute – The Execute permission affects a user’s capability to execute a file or view the contents of a directory, represented as (x) OR binary as (1) to set permissions.

The permissions written in order of read/write/execute , if (-) sign found in replace of any of them , it means this file doesn’t have that permission , Example : (rwx) = have full permissions , (r-x) = have read and execute but no write permissions.

02. View current permissions :

Every file and directory in Linux have three groups of permissions for User/Group/Others and each group of permissions consist of combination from r/w/x , and every file or directory have Owner User and Owner Group.

To view permissions of files or directories use command “ls -l” , for example:

IT-Systems ~ # ls -l test/
total 0
-rw-r--r-- 1 root root 0 Apr 25 01:17 IT.txt
drwxr-xr-x 1 root akm  0 Apr 25 01:16 linux
drwxr-xr-x 1 akm  root 0 Apr 25 01:16 music
IT-Systems ~ #

as we see the file IT.txt has this permissions (-rw-r–r–) and owned by user root and group root , Directory linux has permissions (drwxr-xr-x) and owned by user root and group akm, let’s analyze that output:

Exclude the first bit and divide the remaining into three groups:
IT.txt : (rw-) , (r–) , (r–) for User , Group , Others in order which means the the owner root has read/write and group root have read only and all others have read only permissions on that file.

linux directory: (rwx) , (r-x) , (r-x) means user root have read/write/execute and group akm have read/execute only and Others have read/execute only.

03. change user and group ownership :

By default who create a file or directory will be the owner user and his primary group will be owner group and it will have default permissions or inherit the parent directory’s permissions, to change that we user chown , chgrp command.

# To change the owner user use this syntax :
chown USER FILE-OR-Directory
# To change the owner group use this syntax :
chgrp GROUP FILE-OR-Directory
# To change the owner user and group at once :
chown USER:GROUP FILE-OR-Directory
# For more options use help or man pages
chown –help / chgrp –help
man chown / man chgrp

use ( ls -ld ) to list a directory permissions.

Th3-Gam3 ~ # ls -ld test/linux
drwxr-xr-x 1 root akm 0 Apr 25 01:16 test/linux

Th3-Gam3 ~ # chown sales test/linux/
Th3-Gam3 ~ # ls -ld test/linux
drwxr-xr-x 1 sales akm 0 Apr 25 01:16 test/linux

Th3-Gam3 ~ # chgrp sales test/linux
Th3-Gam3 ~ # ls -ld test/linux
drwxr-xr-x 1 sales sales 0 Apr 25 01:16 test/linux

Th3-Gam3 ~ # chown akm:akm test/linux
Th3-Gam3 ~ # ls -ld test/linux
drwxr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux

Notice that changing User or group doesn’t change the permissions.
and no more than one user or group by default, to add many users and group with different permissions in Linux it is called File Access List ( facl ) , it is another topic.

04. Changing Permissions using chmod command :

To set and override current permissions you have to provide permissions for the three groups (User/Group/Others) in represented characters (rwx) or corresponding binary format sum (rwx = 4+2+1 = 7) , (r-x = 4+1 = 5) , …
So to set full permissions to all three group:

chmod rwxrwxrwx test/linux  SAME AS chmod 777 test/linux

To edit permissions for only one group you have to specify the corresponding character that represent that group (u/g/o) followed by (+) sign to add permission or (-) sign to remove a permission , followed by permission characters (r/w/x) , you can’t use binary representation here.

For Example:

Th3-Gam3 ~ # ls -ld test/linux
drwxr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ # 
# To remove write permission from user , use ( u-w )
Th3-Gam3 ~ # chmod u-w test/linux
Th3-Gam3 ~ # ls -ld test/linux
dr-xr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ # 
# To add write permission to the group , use ( g+w ) OR ( g+rwx ) , that will add the missing permission
Th3-Gam3 ~ # chmod g+rwx test/linux
Th3-Gam3 ~ # ls -ld test/linux
dr-xrwxr-x 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ # 
# To remove every thing from others , use ( o-rwx )
Th3-Gam3 ~ # chmod o-rwx test/linux
Th3-Gam3 ~ # ls -ld test/linux
dr-xrwx--- 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ # 
# To change more than one permission group, you may use that (ugo+w , uo-w , ug+rwx) , OR use comma separated group and permissions
# Remove all from Others and group owner , and give User full permissions
Th3-Gam3 ~ # chmod og-rwx,u+rwx test/linux
Th3-Gam3 ~ # ls -ld test/linux
drwx------ 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ # 
# To use binary representation , sum the permission you plan to set for every group and provide three digits representing the three groups of User/Group/Others
# rwxr-x--- equals 750
Th3-Gam3 ~ # chmod 750 test/linux
Th3-Gam3 ~ # ls -ld test/linux
drwxr-x--- 1 akm akm 0 Apr 25 01:16 test/linux
Th3-Gam3 ~ #

Notes:
The (d) character before permissions is to present a Directory.
Directory Read/Execute is a must to allow entering to the path, but for files that will allow execute scripts so we use read only by default.

That is it , I hope it was simple.
Enjoy !.

 

Advertisements

One thought on “Linux Files and Directories Permissions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s