Linux File Permissions

All you need to know about File Ownership/Permissions. Changing Permissions.

Photo by Mr Cup / Fabien Barral on Unsplash

Security is a bit concern for Linux, which is a clone of UNIX(a multi-user Operating System). Ad Linux is used in Mainframe and Servers, it is vital to keep it safe from maligned users who can corrupt, change and remove crucial data. That’s why Authroziation in Linus is divided into two levels:

• File/Directory Ownership
• File/Directory Permission

Ownership in Linux Files/Directories

Every file or a directory in the Linux system is assigned three types of Owner.

* User

The user is the owner of the file. By default person who creates the file becomes its owner. Hence the user is sometimes called as Owner.

* Group

Every user is a part of some Group and a Group can contain multiple Users. All users belonging to a group will have the same file access permissions.

So you can add many users in the group and assign group permission to the file so that only the group user can read/modify them.

E.g if you have Dev Team, QA Team, System Admin Team accessing the same system. Then you can classify them into groups and can assign permission directly at the group level instead of giving permissions to each and individual person.

Note: Run command groups to check what users groups you belong to.

In the above image, you can see user bandit15 belongs to group bandit15.

* Other

Other is any other user who is having access to a file.

This person neither created a file, neither does he belong to a user group that owns the file. Practically it means everybody else.

So, in general words, a User is a single user, Group is a group of users and Other consists of all users on the system.

Permission In Linux Files

Now the big question arises, how Linux differentiates between these three users types so that UserA cannot affect the file of UserB.

This is where permission set in and they define User behaviour.

Every file and directory in Linux has 3 permissions defines for all 3 users(Owner, Group, Others):

1. Read
2. Write
3. Execute

* Linux Permission for a File

Read Permission: This permission gives you the authority to open/read and copy the contents of a file.

Read Permission on a directory gives you the ability to list its content and copy the files from a directory.

Write Permission: This permission gives you the authority to modify the contents of a file.

Write permission on a directory gives you the authority to add/remove/rename files stored in the directory.

Execute Permission: In Windows, the executable program generally has an extension .exe which you can easily run.

In Linux, you can not run a program on which execute permission is not set.

This permission gives you the authority to execute the file.

This permission gives you the permission to enter into the directory.

Viewing the Permissions

By running ls -l command in the terminal will list all the files and directory with the detailed permission of a file or a directory.

The first ten characters in the format drwxrwxrwx, represents the permissions for all three classes of users.

Characters present in Terminal which represents Permission

• r = read permission
• w = write permission
• x = execute permission
• - = no permission

Here first hyphen(-) implies that adduser.conf is a file.

Here first character d signifies that alternatives is a directory.

Here the highlighted part after the first hyphen signifies the permission of the Owner. This suggests, that owner can read the file, write the file but cannot execute the file, since it does not has execute permissions.

This second part(highlighted) suggests the permission of the group(which is the root in this case). This indicates that group member can only read the file.

The third part is for all the users present in the system. These permissions indicate that users can only read the file.

Changing file/directory permissions

If suppose UserA does not wants to UserB to see his files ,then that can easily do so by changing file permissions.

Command to change file/directory permissions:

chmod <permissions> <filename>

where chmod stands for change mode.

Using this command, we can set permissions(read/write/execute) on a file/directory for owner, group and the world.

Two ways of using the chmod command:

• Absolute Mode
• Symoblic Mode

Absolute(Numeric) Mode

In this mode permissions are not represented by characters but a 3 digit octal representation.

Let’s say we have a directory first_directory.

Currently it’s have permission of 755. Means its owner having all the permissions(r/w/x) and group and world can only perform (r/x) command on this.

Now I am changing it’s permission to 740. Means it’s owner will have all the r/w/x permissions and group users can only read the directory and rest of the users cannot do anything.

Symbolic Mode

In absolute mode, we change permissions for all 3 owners. But in symoblic mode, we have the liberty to change permission of any specific owner as well.

It uses Mathematical operators to modify the permissions of a file or a directory.

The various owners are represented as -

Change Permission

eg. By typing chmod o=rwx first_directory, we have change the permissions of other users.

chmod o=rwx first_directory

Add Permission

To add permissions, use chmod command along with plus sign (+), which means “add these permissions”.

So if you want to add execute permission for all three types of users for a script file, use the following chmod command.

$ chmod +x file.sh
         OR
$ chmod a+x file.sh
// 'a' means all

To add execute permission for owner of the file only, use the following chmod command.

$ chmod u+x file.sh

Similarly, you can use +r to add the read permissions, and +w to add the write permissions.

You may also assign permissions to users, groups and others or by combining them selectively. Just specify the classes of users (u, g, or o) and the permission (r, w, or x) that you want to assign. For example, the following chmod command will add execute and write permission to the owner of the file.

$ chmod u+xw file.sh

To add write permission to both the owners and groups use the following command.

$ chmod ug+w file.sh

You can also add permissions for multiple classes of users at one go. The following example will add read, write and execute permission for owner and for the group and others, permission are sets to read and execute.

$ chmod u=rwx,g=rw,o=rw example.txt

Remove permissions

In some situations, you may need to remove permissions rather than to add them. Just change + to - to remove permissions for any of the three classes of users. Below are the few examples that shows how to remove permissions using chmod.

$ chmod g-w readme.txt
// removes write permission for groups
$ chmod ug-x script.sh
// removes execute permission for both owner and groups
$ chmod -R go-rwx test_directory
// removes read, write and execute permission for groups and other users recursively for test_directory including all files and subdirectories inside it.

Changing Ownership And Group

For changing the ownership of a file/directory, you can use the following command

sudo chown user <fileName>

Initial Owner of below file is root:

Let’s change it’s owner to aakashshinghal.

We will enter the comand sudo chown aakashshinghal first_directory

If you want to change the user as well as group, you can use chown command like this:

chown <new_user_name>:<new_user_group> <filename>

If you want to change group of the file then, use below command:

sudo chgrp <newGroupName> <fileName>

Precedence in File/Directory Permissions

In Linux, the precedence takes from user and then group and then to other. Linux system checks who initiated the process. If the user who initiated the process is also the user owner of the file, the user permission bits are set.

If owner of the file didn’t initiate the process, then the Linux system checks the group. If the user who initiated the process is in the same group as the owner group of the file, group permissions bit are set.

If this process owner is not even in the group as the file’s group owner, then the other permission bits are set.

Optimal Permission Example

• Home directories– The users’ home directories are important because you do not want other users to be able to view and modify the files in another user’s documents of desktop. To remedy this you will want the directory to have the drwx______ (700) permissions, so lets say we want to enforce the correct permissions on the user user1’s home directory that can be done by issuing the command chmod 700 /home/user1.
• System and daemon configuration files– It is very important to restrict rights to system and daemon configuration files to restrict users from editing the contents, it may not be advisable to restrict read permissions, but restricting write permissions is a must. In these cases it may be best to modify the rights to 644.

Summary

• Linux being a multi-user system uses permissions and ownership for security.
• There are three user types on a Linux system viz. User, Group and Other
• Linux divides the file permissions into read, write and execute denoted by r,w, and x
• The permissions on a file can be changed by ‘chmod’ command which can be further divided into Absolute and Symbolic mode
• The ‘chown’ command can change the ownership of a file/directory. Use the following commands: chown user file or chown user:group file
• The ‘chgrp’ command can change the group ownership chrgrp group filename
• What does x — eXecuting a directory mean? A: Being allowed to “enter” a dir and gain possible access to sub-dirs.
• -R means chown or chmod command will apply on current directory as well as all subdirectories recursively.

I hope you enjoyed reading this article, as much as I enjoyed writing it. If you like this article please let me know! But, more importantly if you disagree with this article please, please, please let me know! I made this with the hope of helping the community so if it is off it defeats the purpose! If you have a suggestion or critique please feel free to drop in any comments.