Data Networking Blog
Blog for Admins

Linux File System Permissions – Basics

Standard

I have always admired the way Linux handles permissions and I feel it’s a fool proof system. I was well aware of the User, Group and Other permissions set on files and folders and I had also read about umask, special permissions and ACLs but I never bothered looking too much into details for these topics as I never saw a real need to use them but preparing for RHCSA requires that you fully understand these concepts.

So, let’s look at each of the concept starting with basic permissions. Every file and folder in Linux has three types of permissions

  1. Read – Ability to read a file/folder. This is represented as an octal 4 for ease. For folders, this means you can list the folder contents but you still cannot cd into that folder.
  2. Write – Ability to write to a file/folder. This is represented as an octal 2 for ease of use. Also, on folders having the write permission also means you can delete files inside of that folder.
  3. Execute – Represented as octal 1, it allows to execute a file/folder. This means binary files can be run (think .exe) and on folders this means you can cd into the folder.

There are also three entities that may have these permissions on a file or folder

  1. Owner – This is user who owns the file
  2. Group – These are the permissions of the group that owns the file. Every file/folder has an owner group in Linux
  3. Others – These are permissions for everyone else. So any one who is not the owner of the file or member of a group that owns that file.

Now, let’s see how it works in real. Let’s start by creating a few users. When you create a user in Linux, it will also create a default home directory for that user inside /home/. Let’s add three users and call them user1, user2 and user3.

So, all we have done in the example above is created three users and listed the /home/ folder to ensure home directories have been created. We will now assume the identity of user1 with su – command. and then create a basic file with the touch command.

By default, the new file has the these permissions -rw-rw-r– which are explained below. Ignore the first dash in that line which is just indicating that this is a normal file also ignore the trailing dot (.) which is used for ACL.

The first three permissions rw- are for the owner of the file, which is user1 in this case. The first bit means the owner can read the file, second bit w here means the owner can also write/modify the file and the last  means the owner cannot execute the file. Execute bit is actually not required here as this file is not a binary or a script file so we don’t need x on it.

The next three rw- mean that the owner group can also read and write but not execute. In our example the group name is also user1 because when you add a user in Linux, a default or main group is created for the user which is usually named the same as the user account.

And finally the last three r– means that anyone else, who is not the owner, or a member of the owner group can only read this file.

Changing Permissions

You can easily change permissions on files and folders using the chmod command. You can specify the permissions in as rwx values or use the octal values for each. Let’s see the octal value

You can see I changed the permissions for the owner group from rw to just r. You can also see I used some strange numbers to achieve it. Remember I mentioned the octal values for each permission above? Let me refresh your memory. Read in octal is 4, write is 2 and execute is represented by number 1. So, when I said 644 in the command above, I meant change the user permissions to 6, group permission to 4 and everyone else permissions to 4 as well. You may be thinking there was no number 6 in the octal for these permissions and you are correct. The number 6 is the read and write permissions combined so 4+2=6 so I am telling the system that the owner of the file has read+write permission. Group and everyone else gets 4 and 4 is the octal value for read. If I wanted to make it so that the owner can read+write+execute this file and owner group members could read+write and everyone else could do nothing then the correct command would be as below:

And now the user can read, write and execute. Group can read and write but everyone else has no permissions on this file. Execute permission is not very useful here and also you will notice that the colour of the file name in the command will change to indicate this file is executable. Let’s change permissions back to 664 as they were setup initially.

Now let’s change the permissions using another method.

You can see that I have removed the write permission for Group. You can use this method to achieve the same but personally I like using the octals. Some other examples:

chmod g+w user1-file (Grant the group write permissions. We are using +w as we are adding permissions.)

chmod o-r user1-file (Remove read permission for everyone else. o stands for others.)

chmod u=rwx user1-file (Set the Owner permissions to read, write and execute.)

Pretty cool and easy eh! Have fun.

 

 

 

 

June 23, 2017 Linux, RHCSA Jd
Font Size
Decrease Size Default Size Increase Size
Select Skin
Select Underlay Background
Select Overlay Background
Scheme Switcher Toggle