Linux file permission defines who can access, modify or execute a file or directory in Linux System. Every file and directory have 3 types of permission:
Read (r): With this Read permission, you can open and read the content of a file or list the contents of directory.
Write(w): With this Write permission, you can modify or edit the file and Add/Remove the files in directory.
Execute(e): With this Execute permission, you can execute a file as a program or a script or to access the directory.
These permission can be assigned to three categories of users:
Owner: This is the person who owns the file or directory
Group: This is the set of users who belong to same group and share the same permissions.
Others: All other users who are not owner or part of group.
Viewing Permissions:
To view the permission we can use:
ls -l
Lets breakdown this “-rwxr-xr--”
The first character (-) represents the file
The next three characters (rwx) represents the owner’s permission (Read, Write and Execute)
The next three characters (r-x) represents the Group’s permission (Read and Execute)
The final three characters (r- -) represents the Other’s permission (Read Only)
Why Do We Need Linux File Permissions?
Security: Linux permissions ensure that only authorized users or groups can access sensitive files. This protects data from unauthorized access or modification, preventing potential data breaches or misuse.
User Control: Permissions allow system administrators to control who can access or modify files and directories, ensuring that users only have the necessary access to perform their tasks.
System Integrity: By setting the correct permissions, the system maintains stability and prevents accidental or intentional damage to critical system files and directories.
Collaboration: Permissions allow users to collaborate while ensuring that each user has appropriate access to files, enabling shared work without compromising security or privacy.
Changing Permissions
In Linux we use “chmod” (Change Mode) command to change file permission. We can use chmod command to modify the Read, Write and Execute permission for the Owner, Group and Others.
There are two ways to change the permission:
a. Symbolic Method
b. Numeric Method
Symbolic Method
In Symbolic Method , we can modify the permission by using Letters and Operators. Below is the format:
chmod [who][operator][permissions] file
In above example, we can see:
who: Specifies the users whose permissions you want to change. You can use:
ufor user (owner)gfor groupofor othersafor all (user, group, and others)operator: Defines what you want to do with the permission:
+to add permission-to remove permission=to set permission explicitlypermissions: Can be one or more of:
rfor readwfor writexfor execute
For Example:
In Below example, you can see how we have added Execute Permission (x) to Owner (u) for server.log file
- Numeric Mode
In Numeric Mode, we use the numbers which represents the permissions. Each permission is represented by a specific number.
Read (r) = 4
Write (w) = 2
Execute (x) = 1
You can combine these values to set the permission for the Owner, Group and Others.
Below is the format for this:
chmod [owner][group][others] file
Owner = The First digit represents the permission for the file’s Owner
Group = The Second digit represents the permission for Group
Others = The Third digit represents the permissions for Others
Common numeric permissions which we use in our daily life are:
7 = rwx (Read, Write and Execute)
6 = rw- (Read and Write)
5 = r-x (Read and Execute)
4 = r-- (Read)
3 = -wx (Write and Execute)
2 = -w- (Write)
1 = --x ( Execute)
0 = --- ( No Permissions)
For Example:
This sets:
7(user): Read, write, execute.5(group): Read, execute.4(others): Read.
Changing Permissions Recursively
If you want to change the permission of Directory and all the files within that directory, than you can use -R option
chmod 777 -R <directory_name>
Changing Ownership
In Linux, Ownership of file or directory refers to which User or Group has control over it. There are two aspects of ownership
User (Owner): This refers to individual user who owns the file or directory.
Group: This refers to group of users who have access to file or directory based on group permission.
The chown (Change Owner) command is use to change the Owner of file or directory.
Example:
In below picture you can see that root is Owner and Group of logfile.log.
Now if we want to change the Owner of this file to student, we can use chown command to change the Owner as shown below:
Now if we want to change the group, we will use chgrp command.
Example:
Lets take our previous example in which we have change the owner to student and group is still root, now if we want to change the group, it can be done as shown below:
Now, if we want to change Owner and group together in one command, it can be done as shown below:
Now, lets say we have a Directory and it has sub directory and different file, if we run this command only on directory, it will only change the Owner and Group for that particular directory, not it’s contents as shown below:
To change the ownership of a directory and all its contents (subdirectories and files), we will use -R option as shown below:
umask
In Linux, umask (User File Creation Mode Mask) is a mechanism which determines the default permission for newly created files and directories
When we create file or directory , umask automatically assigns default permission to both of them. These default permissions are:
File: 666 (Read and Write for All)
Directory: 777 (Read, Write and Execute for All)
The umask subtracts specific permission from above defaults to calculate actual permission.
To see the umask value, you can use the command umask
Default Permission Calculation for Files:
Default File Permissions: 666
Subtract umask (e.g., 022): 644
Resulting Permissions: -rw-r--r--
The file has read and write for the owner, and read-only for the group and others.
Default Permission Calculation for Directories:
Default Directory Permissions: 777
Subtract umask (e.g., 022): 755
Resulting Permissions: drwxr-xr-x
The directory has read, write, and execute for the owner, and read and execute for the group and others.
