Linux File Permissions


In Linux, file permissions control who can read, write, or execute a file or directory. Each file has three sets of permissions for three types of users:

  1. User (Owner): The person who created the file.
  2. Group: A group of users who share access.
  3. Others: All other users.

Understanding the Permission Structure

Permissions are represented as a string of 10 characters, like this:

-rwxr-xr--
  • The first character indicates the type of file:
    • -: Regular file
    • d: Directory
    • l: Symbolic link
  • The next nine characters are divided into three sets, each containing three characters:
    • User (Owner): rwx
    • Group: r-x
    • Others: r--

Each set of three characters indicates:

  • r: Read permission
  • w: Write permission
  • x: Execute permission
  • -: No permission

Example: Checking File Permissions

You can view file permissions with the ls -l command.

Command:

ls -l file1.txt

Output:

-rw-r--r-- 1 user user 1024 Oct 29 10:00 file1.txt
  • -rw-r--r--: File permissions
    • User (Owner): rw- (read and write, but no execute)
    • Group: r-- (read only)
    • Others: r-- (read only)
  • This means that the owner can read and write the file, but cannot execute it. The group and others can only read the file.

Changing File Permissions with chmod

You can modify permissions using the chmod command.

Symbolic Mode

In symbolic mode, chmod changes permissions by specifying u (user), g (group), o (others), and a (all).

Example 1: Adding Execute Permission to User

chmod u+x file1.txt

Output:

ls -l file1.txt
-rwxr--r-- 1 user user 1024 Oct 29 10:00 file1.txt

Now the owner has execute permission (x), so file1.txt is now readable, writable, and executable by the owner.

Example 2: Removing Write Permission from Group

chmod g-w file1.txt

Output:

ls -l file1.txt
-rwxr--r-- 1 user user 1024 Oct 29 10:00 file1.txt

This removes the write permission (w) from the group.

Numeric Mode

In numeric mode, you represent permissions using three digits, where:

  • 4 = read (r)
  • 2 = write (w)
  • 1 = execute (x)

For example, chmod 754 file1.txt gives:

  • 7 (4+2+1) = read, write, execute for the owner
  • 5 (4+1) = read and execute for the group
  • 4 = read only for others

Example 3: Setting Permissions Using Numeric Mode

chmod 754 file1.txt

Output:

ls -l file1.txt
-rwxr-xr-- 1 user user 1024 Oct 29 10:00 file1.txt

Now the owner has full permissions (rwx), the group can read and execute (r-x), and others can only read (r--).

Special Permissions: SUID, SGID, and Sticky Bit

Special permissions modify standard permissions with unique behaviors.

  1. SUID (Set User ID): Allows a file to be run with the permissions of its owner.
  2. SGID (Set Group ID): Allows a file to be run with the permissions of its group.
  3. Sticky Bit: Commonly used on directories, it restricts deletion so only the owner of the file can delete it.

Each permission type helps manage secure access to files, making Linux a highly secure and customizable system for file permissions.