Home Linux Administration A Beginners Guide To Understanding Linux File Permissions

A Beginners Guide To Understanding Linux File Permissions

How To View And Change File And Directory Permissions In Linux

By sk
3.6K views

Do you want to secure your Linux system? If so, you need to understand Linux file permissions. File permissions control who can access files and directories on your system. By setting the correct file permissions, you can prevent unauthorized users from accessing sensitive files or directories.

This detailed article offers a comprehensive overview of Linux file and directory permissions, how to view Linux file permissions, and how to change file permissions in Linux.

In this guide, we will explain everything you need to know about Linux file permissions. We will cover the following topics:

  • Types of Permissions in Linux
  • Linux file permissions in Binary, Octal, and String formats
  • Linux file permissions table
  • How to view file and directory permissions using ls, stat, and getfacl commands
  • What is chmod command in Linux
  • How to change Linux file permissions using chmod command
  • Frequently asked questions (FAQ) about file and directory permissions in Linux.

Introduction

Linux is a multi-user system where different users and processes can access and manipulate files and directories. To maintain security and limit unauthorized access, Linux employs a comprehensive permissions system.

Each file and directory in your Linux system is assigned access rights (or permissions) for the owner of the file, the members of a group of related users, and everybody else.

Understanding file permissions is fundamental for the security of your Linux environment. They dictate who can access files and directories, and what users can do with them.

What are Linux File Permissions?

Linux file permissions are a core security feature that control who can access files and directories on a Linux system. They are represented by a set of three letters, one for each of the three user classes: owner, group, and others. Each letter represents one of three permissions: read, write, or execute.

For example, the permissions rwxr-xr-x mean that the owner has read, write, and execute permissions, the group has read and execute permissions, and others have read and execute permissions.

Types of Permissions in Linux

There are three types of permissions (or permission modes) that Linux allows for each file or directory. They are:

  • Read (r): The file can be opened, and its content viewed. For a directory, the read permission allows you to list the contents of the directory.
  • Write (w): The file can be modified; for a directory, the write permission allows you to create, delete, and rename files within the directory.
  • Execute (x): The file can be executed as a program. For a directory, the execute permission allows you to access, or traverse into, the directory, and access any of its contents.

These permissions are defined for the following types of users. These are also known as permission classes.

  • User (u): The owner of the file.
  • Group (g): Users who are members of the file's group.
  • Others (o): Users who are not the owners of the file and do not belong to the group.
  • All (a): Represents all three types of access classes.

Linux File Permissions in Binary, Octal, String Formats

In Linux, file permissions can be expressed in three different ways: Binary, Octal, or a Symbolic string representation. Here's how each works:

1. Binary Representation

Each permission is represented as a bit. Read is 4 (100 in binary), Write is 2 (010 in binary), and Execute is 1 (001 in binary). So, for example, full permissions (read, write, execute) would be 111 in binary, which stands for rwx.

2. Octal Representation

This is the most common way to represent permissions, and it's really just a compact form of binary representation.

Each digit in octal corresponds to three bits in binary, which is perfect for rwx permissions. So, for example, full permissions (read, write, execute) would be 7 in octal (since 4+2+1=7), which also stands for rwx. No permissions would be 0 (---), read-only would be 4 (r--), write-only would be 2 (-w-), execute-only would be 1 (--x), etc.

To put this in simple words, the numeric value 421 in terms of file permissions in a Linux system stands for rwx, where each character corresponds to a different type of access:

  • 4 stands for r (read).
  • 2 stands for w (write).
  • 1 stands for x (execute).

When looking at permissions in the terminal, you'll usually see three octal digits in a row, like 777, which represents the permissions for the owner, the group, and all other users respectively.

3. String (symbolic) Representation

This is the most human-readable form. Each permission is represented by a letter: r for read, w for write, x for execute. So, for example, full permissions would be rwx, read and write would be rw-, and read and execute would be r-x.

Again, when looking at permissions in the terminal, you'll usually see three sets of these permissions in a row, like rwxrwxrwx, which represents the permissions for the owner, the group, and all other users respectively.

So to summarize, if you have full permissions, you could represent it in binary as 111, in octal as 7, or as a string as rwx. Similarly, if you only had read and write permissions, you could represent it in binary as 110, in octal as 6, or as a string as rw-.

Linux File Permissions Table

You can print the following table and put it on your desk to easily recall the Linux file permissions.

Binary RepresentationOctal RepresentationString RepresentationPermission Type
0000---No permission
0011--xExecute only
0102-w-Write only
0113-wxWrite & Execute
1004r--Read only
1015r-xRead & Execute
1106rw-Read & Write
1117rwxAll (Read, Write & Execute)
Table - Linux File Permissions in Binary, Octal and String Formats

Remember, each set of permissions corresponds to a role:

  • The first set (rwx) corresponds to the owner of the file or directory.
  • The second set (rwx) corresponds to the group that owns the file or directory.
  • The third set (rwx) corresponds to all other users on the system.

Hopefully, you now have a basic understanding of Linux file permissions. Let's proceed to learn how to view and change permissions for files and directories in Linux.

View File and Directory Permissions in Linux

In Linux, you can use several commands to view file and directory permissions. In this tutorial, we will see how you can use ls, stat, and getfacl commands to check Linux file permissions.

1. Check File and Directory Permissions using ls Command

You can check the permissions of a file or directory by using the ls -l command.

Let me show you an example.

$ ls -l Documents/

The output will display a list of files and directories along with their permissions, number of links, owner, group, size, and time of last modification.

total 8
drwxr-xr-x 2 ostechnix ostechnix 4096 May 24 13:42 dir1
-rw-r--r-- 1 ostechnix ostechnix   78 May 24 13:35 file.txt
Check File and Directory Permissions using ls Command
Check File and Directory Permissions using ls Command

When you run the above command in your Linux system, the output of this command would look something like this: drwxr-xr-x or -rw-r--r--. This is a sequence of ten characters:

  • The first character indicates the type of the file: a dash (-) means it's a regular file, d stands for a directory, and there are other types as well (l for link, b for block device, c for character device, s for socket, and p for named pipe).
  • The next nine characters represent the permissions for user, group, and others. Each set of three characters (r, w, x) correspond to read, write, and execute permissions. If a dash appears instead of a letter, that permission is not granted. The first set of three applies to the user, the second set applies to the group, and the third set applies to others.

In the case of dir1, it is a directory (d), and the owner (ostechnix) has read, write, and execute permissions (rwx). Both the group and others have read and execute permissions (r-x).

For file.txt, it is a file (-), and the owner (ostechnix) has read and write permissions (rw-). Both the group and others only have read permissions (r--).

2. Check File and Directory Permissions using stat Command

The stat command is used to display more detailed information about a file or directory, including the permissions in numeric (octal) form.

$ stat Documents/

Sample Output:

  File: Documents/
  Size: 4096      	Blocks: 8          IO Block: 4096   directory
Device: 10302h/66306d	Inode: 1572889     Links: 3
Access: (0755/drwxr-xr-x)  Uid: ( 1000/ostechnix)   Gid: ( 1000/ostechnix)
Access: 2023-05-24 13:42:26.669502054 +0530
Modify: 2023-05-24 13:42:16.849490036 +0530
Change: 2023-05-24 13:42:16.849490036 +0530
 Birth: 2022-04-02 15:20:56.520250104 +0530
Check File and Directory Permissions using stat Command
Check File and Directory Permissions using stat Command

Look for the line in the output that begins with Access: (0755/drwxr-xr-x) (the numbers and letters might be different based on the file's permissions). In the example output, the number 0755 is the permission in octal form, and drwxr-xr-x is the permission in symbolic form.

Apart from the permissions, stat command also displays other useful details. Here's what each piece of information means:

  • File: This is the name of the file or directory, in this case, Desktop/.
  • Size: This is the total size of the file or directory in bytes, in this case, 4096 bytes.
  • Blocks: This is the number of file system blocks allocated for this file or directory, in this case, 8.
  • IO Block: This is the size of every block this file or directory occupies. It is 4096 bytes, which is typical for many filesystems.
  • Device: This field represents the device number in hexadecimal form on which the file or directory resides.
  • Inode: This is the inode number, a unique identifier for every file and directory on a Unix-like operating system.
  • Links: This is the number of hard links to the file or directory. Directories will always have at least two links: one for the directory name and one for '.', the alias for the current directory.
  • Access: This line shows the permissions of the file or directory in both numeric and symbolic form, along with the user ID (Uid) and group ID (Gid) in both numeric and symbolic form. In this case, the permissions are 0755 (octal) or drwxr-xr-x (symbolic), and the user and group are both ostechnix.
  • Access, Modify, Change: These lines indicate the last time the file or directory was accessed, modified, and changed respectively. Access refers to when the file or directory was last read, Modify refers to when the file or directory's content was last modified, and Change refers to when the file or directory's metadata (such as permissions or ownership) was last changed.
  • Birth: This is the creation time of the file or directory. However, not all filesystems support the tracking of this information.

3. Check File and Directory Permissions using getfacl Command

The getfacl command is used to get the Access Control List (ACL) for a file or directory. ACL is a more flexible permission mechanism than the traditional Unix permissions system.

$ getfacl Documents/

Sample Output:

# file: Documents/
# owner: ostechnix
# group: ostechnix
user::rwx
group::r-x
other::r-x
Check File and Directory Permissions using getfacl Command
Check File and Directory Permissions using getfacl Command

The above command is used to display the ACL entries for the Documents directory. Here's a breakdown of the output:

  • # file: Documents/: This line indicates the file or directory for which the ACL entries are being displayed. In this case, it is the Documents directory.
  • # owner: ostechnix: This line displays the owner of the file or directory. Here, ostechnix is the owner.
  • # group: ostechnix: This line shows the group owner of the file or directory. The group owner is also ostechnix.
  • user::rwx: This entry shows the permissions of the owner of the file or directory. rwx means the owner (ostechnix) has read (r), write (w), and execute (x) permissions.
  • group::r-x: This entry shows the permissions of the group. r-x means the group members have read (r) and execute (x) permissions, but not write (w) permissions.
  • other::r-x: This entry shows the permissions for others (everyone else who is not the owner or a part of the group). Here, others also have read (r) and execute (x) permissions, but not write (w) permissions.

Change Linux File Permissions using chmod Command

You can change the permissions with the chmod command in Linux.

What is chmod in Linux?

The chmod (stands for "Change Mode") command is used to change the permissions of a file or directory in Linux. It uses either symbolic notation (like rwx) or octal notation (like 755) to represent permissions.

chmod Operators

To set or change permissions, we can use the plus (+) and minus (-) and equal to (=) operators in chmod command.

Here's a brief explanation of how the +, -, and = operators work in the chmod command:

  • The + operator adds permissions to a file or directory without changing the existing permissions. For example, if you want to add execute (x) permission to the user (u) on a file, you would use chmod u+x filename.
  • The - operator removes permissions from a file or directory without changing the remaining permissions. For example, if you want to remove write (w) permission from the group (g) on a file, you would use chmod g-w filename.
  • The = operator sets the permissions exactly as specified, disregarding the current permissions. For example, if you want to set the user (u) permissions to read and write (rw) only, removing execute if it's there, you would use chmod u=rw filename.

Now let us learn some examples of using the chmod command in both symbolic and octal notation.

Warning: Remember, it's important to carefully use the chmod command, as inappropriate permissions can lead to security vulnerabilities.

How to Set or Change Linux File Permissions in Symbolic Notation?

To add read, write, and execute permissions to the owner of the file named 'file.txt':

$ chmod u+rwx file.txt

To remove write permission from the group and others for 'file.txt':

$ chmod go-w file.txt

To add execute permission to the group for 'file.txt':

$ chmod g+x file.txt

To set the permissions so that the user can read/write, the group can read, and others can't access 'file.txt':

$ chmod u=rw,g=r,o= file.txt

To add read permission to all (user, group, others) for 'file.txt':

$ chmod a+r file.txt

How to Set or Change Linux File Permissions in Octal Notation?

To set read, write, and execute permissions to the owner, and read and execute permissions to the group and others for 'file.txt':

$ chmod 755 file.txt

To assign read and write permissions to the owner, and only read permissions to the group and others for 'file.txt':

$ chmod 644 file.txt

To give all permissions (read, write, execute) to the owner, and no permissions to the group and others for 'file.txt':

$ chmod 700 file.txt

To give read and execute permissions to everyone for 'file.txt':

$ chmod 555 file.txt

To give write and execute permissions to the group for 'file.txt':

$ chmod 070 file.txt

For more details, refer chmod manual page by entering the following command:

$ man chmod

Frequently Asked Questions

Here's a FAQ (Frequently Asked Questions) for chmod command.

1. What does chmod stand for in Linux?

Chmod stands for "Change Mode". It's a Linux/Unix command used to change or modify the permissions of files and directories.

2. What are the different types of permissions in Linux?

There are three types of permissions in Linux: read (r), write (w), and execute (x).

3. How do I use the chmod command to change permissions?

You can use the chmod command in two ways: using numeric (octal) representation or symbolic representation. For example, 'chmod 755 filename' or 'chmod u=rwx,g=rx,o=rx filename'.

4. What does 'chmod 777' do?

The command 'chmod 777' gives read, write, and execute permissions to the user, group, and others for a particular file or directory. This is generally not advisable for most files due to security concerns.

5. How do I remove permissions using chmod?

You can remove permissions using the '-' operator. For example, 'chmod u-w filename' removes write permission for the user.

6. What does the 'a' in chmod stand for?

The 'a' in chmod stands for 'all', i.e., all classes of users - the owner, the group, and others.

7. How do I set exact permissions using chmod?

You can set exact permissions using the '=' operator. For example, 'chmod u=rwx filename' sets the user's permissions to exactly read, write, and execute, removing all others.

8. Can I change the permissions of multiple files at once using chmod?

Yes, you can change permissions of multiple files at once by using the chmod command followed by the desired permissions and then the file names, separated by spaces. For example, 'chmod 644 file1 file2 file3'.

9. How do I view the permissions of a file?

You can view the permissions of a file using the 'ls -l' command, which will display the permissions in the leftmost column of the output.

10. I made a mistake while changing permissions with chmod. Can I undo it?

There is no direct 'undo' command for chmod. However, you can manually change the permissions back to their original state if you know what they were. It's a good practice to check permissions (using 'ls -l') before changing them.

Conclusion

Understanding and managing file and directory permissions is critical to securing your Linux environment and controlling access to your data. As a system administrator or a regular Linux user, mastering the chmod command is very important for effectively managing access to your files and directories in Linux.

We hope this article helped you understand Linux file permissions and how to use them to secure your system. If you have any questions, please let us know via the comment section below.

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More