File Permissions


A little break in the exams, so we have some time to discover another topic - which is file permissions on Linux. Let's fully understand how they work.


Permission Types

There are three basic permission types:

  • read - modifiy whether or not user can read the content of the file.
  • write - modifiy whether or not user can write or modify a file/directory.
  • execute - modifiy whether or not user can execute the file or view the content of the directory.

Now we can add these permissions to the three types of people:

  • owner - permissions apply only to the owner of the file or a directory.
  • group - permissions apply only to the group that has been assigned to the file or a directory.
  • others - permissions apply to every other user.

View Permission

In order to view permissions we're going to use ls -l command. Let's take a look at a few examples.

[email protected] ~/P/w/img> ls -l about-header.jpg
-rw-r--r-- 1 w3ndige users 107458 03-11 18:34 about-header.jpg

And a directory.

[email protected] ~/P/w3ndige.github.io> ls -l img
drwxr-xr-x 2 w3ndige users   4096 03-11 18:34 64base/

As you can recon first character identifies, if that's the file (-) or a directory (d). Then we have 3 characters specified for a permissions to an owner, 3 to the group and lastly 3 for all the other users. Presence of permission is presented by a coresspondig letter, lack is shown as a dash.

Change Permission

In order to change permissions, we can use tool called chmod with this syntax chmod PERM FILE. Let's take a look at examples. But firstly, let's think to who are we granting with these permissions? Owner - u, group - g, others - o, or all - a. Are we giving these permissions - +, or revoking - -? And lastly, which permissions?

[email protected] ~> touch example
[email protected] ~> ls -l example
-rw-r--r-- 1 w3ndige users 0 05-13 18:05 example
[email protected] ~> chmod u+x example
[email protected] ~> ls -l example
-rwxr--r-- 1 w3ndige users 0 05-13 18:05 example*

Execute permission for owner? No problem.

[email protected] ~> chmod o+w example
[email protected] ~> ls -l example
-rwxr--rw- 1 w3ndige users 0 05-13 18:05 example*

Or write permission for others? Easy task. We can also assing multiple permissions at once just like this:

[email protected] ~> chmod a+rwx example
[email protected] ~> ls -l example
-rwxrwxrwx 1 w3ndige users 0 05-13 18:05 example*

Numeric Permission

In order to assign specific set of permissions faster, we can assign them as a numbers - in base 8. Firstly, we'll take a look at how to convert character permission into a numerical type.

Octal Binary
0 000
1 001
2 010
3 011
4 100
5 101
6 110
7 111

Looking at that conversion table, we can notice a pattern - it is possible to write combinations of a permission in a single number - for example 7 will stand for read, write and execute, while number 5 will be only read and execute. Each bit in the binary represents the presence of permision. Now we have to only write this number 3 times, to represent each piece of users - owner, group and others.

Parameter Description
777 rwxrwxrwx Full access
755 rwxr-xr-x Owner has full access, everyone else can read and execute the file
700 rwx------ Only owner has full access
644 rw-r--r-- Owner can read and write, everyone else can read
600 rw------- Owner can read and write, otherwise no access

Now we are able to assign multiple permissions at the same time using chmod. Let's take a look at few examples.

[email protected] ~> chmod 777 example
[email protected] ~> ls -l example
-rwxrwxrwx 1 w3ndige users 0 05-13 18:05 example*

Full access to everyone.

[email protected] ~> ls -l example
-rwxrwx--- 1 w3ndige users 0 05-13 18:05 example*

After realizing what a mistake it is, we revoked full access from others. Easy, right? We can also take a look at some useful permissions for directories.

Parameter Description
777 rwxrwxrwx Everyone is able to list files, create new ones and delete them
755 rwxr-xr-x Owner has full access, while all others can only list the directory
700 rwx------ Only owner can do anything, others have no access

Changing ownership

Usually, owner is the one who created the file, but we can change the person using chown command. We can also change the group ownership using chgrp command. Remember that in order to change these, you have to be the superuser.

[email protected] ~> chown USER FILE
[email protected] ~> chgrp GROUP FILE

File permissions are great way to improve security on your system, so it's great to know how they work, and how to apply them. See you in the next one!

Keep learning and stay safe! ~ W3ndige