File permissions are core to the security model used by Linux systems. The file permission in Linux specifies how much power each user has over a given file or directory.
Viewing Permissions
There are two ways of viewing file permissions in Linux:
Using a graphical user interface (GUI) by right-clicking the file/directory -> Properties -> Permissions
Using a command-line interface (CLI) by typing
ls -l
command.The output of this command is explained further.
Permission Groups
Each file and directory in Linux can be accessed or modified by three different classes of users.
User (u): The user who owns the file.
Group : The group that the file belongs to.
Others: All other users.
/Permissions Types
Each file or directory has three basic permission types:
Read (r) - allows to read the contents of the file.
Write (w) - allows to write or modify a file or directory.
Execute (x) - allows to execute a file or view the contents of a directory.
How to Read File Permissions
The permissions are represented as a string of 10 characters, like -rw-rw-r--
.
These characters can be broken down as follows:
The first character indicates the type of file
-
for regular files,d
for directories,l
for symbolic links,
The next three characters indicate the permissions for the user/owner of the file/directory (
rw-
read, write).The following three characters indicate the permissions for the group the file/directory belongs to (
rw-
read, write).The last three characters indicate the permissions for others (
r--
read).
Permission string | directory | file |
read (r) | The user can read the contents of the directory. In other words, he can view the listing of the directory. | The user can read the contents of the file. |
write (w) | The user can add/remove files to/from the directory. | The user can write content to the file. |
execute (x) | The user can go inside the directory. The user cannot read the directory's contents if it is not set. | The user can execute the file as if it were a program/script. |
So, the file above weather-report.service
is owned by the user vagrant
and belongs to the group vagrant
. Its owner vagrant
and all group members vagrant
can read and write to the file while all others can only read the file.
Changing Permissions
Changing permissions in Linux can be done using the chmod
command in 2 ways:
Symbolic mode;
Numeric (Octal) Mode:
Symbolic Mode
Symbolic mode allows to change file and directory permissions using symbolic representations of the
User classes
User (u),
Group (g),
Others (o)
All (user, group, and others) (a)
Permissions types
Read (r),
Write (w),
Execute (x).
Operators
+
: Adds the specified permissions to the existing ones without altering other permissions.-
: Removes the specified permissions.=
: Sets the specified permissions and removes any permissions not listed.
To add read, write, and execute permissions for the user:
chmod u+rwx file
To set read and write permissions for the group:
chmod g=rw file
To remove execute permission for others:
chmod o-x file
Numeric Mode
When chmod
command is used with numerical values three digits are specified. The first digit is for the user, the second is for the group and the third is for others. Each digit represents a different set of permissions. The digits are calculated by adding up the values of:
r (read) =
4
,w (write) =
2
,x (execute) =
1
,no permission =
0
The numbers are summed up and depicted by one number. Therefore, the possibilities are:
7
- for read, write, and execute permission.6
- for read and write privileges.5
- for read and execute privileges.4
- for read privileges.
To give the owner read and write permissions, the group read permissions, and no rights for all others, type.
chmod 640 filename
To change the permission for every file all in one shot:
chmod 640 Download/*
Changing Ownership
Aside from changing file and directory permissions, we can also change user ownership and group ownership of the file and directory. Both of these tasks require superuser privileges.
Changing the Owner
To change the owner of a file or directory:
sudo chown username /Downloads/
Changing the Owner and Group
To change both the owner and the group:
sudo chown username:groupname filename
Changing Only the Group
To change only the group:
sudo chown :groupname filename
Special Permissions
In addition to the standard read, write, and execute permissions, Linux also supports special permissions that provide additional security and functionality features for files and directories.
Setuid (Set User ID) - When set on an executable file, the file runs with the permissions of the file's owner, not the person running it.
In order
setuid
to work, the file should be executable and owned byroot
in order to grant temporary elevated privileges to the person running it.Setgid (Set Group ID) - Similar to
setuid
, thesetgid
permission allows a user to execute a file with the permissions of the file's group, rather than the permissions of the user executing the file.setgid
is often used for directories to ensure that files created within the directory inherit the group ownership of the directory.Sticky Bit: When the sticky bit is set on a directory, it restricts the deletion or renaming of files within that directory to only the file owner, the directory owner, or the root user, even if other users have write permissions on the directory. This is commonly used on directories like
/tmp
, where many users have write access, to prevent users from deleting or renaming each other's files. The sticky bit is more useful in shared directories where multiple users have write access.