File Permissions
File permissions are the core security mechanism that controls who can do what with a file or directory.
They answer three questions:
- Who can access this?
- What can they do with it?
- How do we change it?
Permission Categories
File permissions in Linux and Unix-like systems are fundamental to controlling who can access files and directories, and what actions they can perform. They are a core component of the traditional Unix access control model.
Purpose and Overview
Every file and directory in Linux possesses a set of permissions that dictate who can access them and how. These permissions limit access in three main ways:
- Restrict access to the owner alone.
- Allow users in a predesignated group to have access.
- Permit anyone on the system to have access (referred to as "others" or "the world").
User Categories
Permissions are defined for three distinct categories of users:
- Owner (u): The user who created the file or directory.
- Group (g): A collection of users assigned to a group.
- Others (o): All other users on the system.
The symbol a represents all categories (owner, group, others).
| Class | Symbol | Description |
|---|---|---|
| User | u |
The owner of the file or directory. |
| Group | g |
Users who belong to the file's group. |
| Other | o |
Everyone else on the system. |
Types of Permissions
Each category can have three types of permissions:
- Read (r)
- Write (w)
- Execute (x)
Permissions for Files
- Read (r): Allows the file to be opened or viewed.
- Write (w): Allows modification of file contents.
- Execute (x): Allows the file to be executed as a program.
Permissions for Directories
- Read (r): Allows listing of directory contents.
- Write (w): Allows creation, deletion, and renaming of files inside the directory.
- Execute (x): Allows entering the directory using commands like
cd.
| Permission | Symbol | On a File | On a Directory |
|---|---|---|---|
| Read | r |
View file contents | List directory contents |
| Write | w |
Modify file | Create, delete, rename files |
| Execute | x |
Run file as program | Enter the directory |
Displaying Permissions
The ls -l command displays detailed file information including permissions.
The first 10 characters represent file attributes.
First Character (File Type)
-Regular filedDirectorylSymbolic linkcCharacter devicebBlock devicesLocal socketpNamed pipe
Next Nine Characters
These represent permissions for owner, group, and others.
rRead permissionwWrite permissionxExecute permission-Permission not granted
Example
-rw-r--r-- 1 chris weather 207 Feb 20 11:55 mydata
- - Regular file
- rw- Owner has read & write
- r-- Group has read
- r-- Others have read
Changing Permissions
The chmod command is used to change file permissions.
Only the file owner or root can change permissions.
1. Symbolic Method
Uses symbols:
uownerggroupoothersaall users
Operators:
+add permission-remove permission=set exact permissions
Examples:
chmod u+x lsc chmod g+rw mydata chmod o+r-wx mydata chmod a-x file chmod u+x,go=rx file
2. Absolute (Octal) Method
Uses a three-digit number representing permissions.
- 4 = Read
- 2 = Write
- 1 = Execute
| Number | Permission |
|---|---|
| 0 | --- |
| 1 | --x |
| 2 | -w- |
| 3 | -wx |
| 4 | r-- |
| 5 | r-x |
| 6 | rw- |
| 7 | rwx |
Examples:
chmod 600 foo.txt chmod 700 myprog chmod 755 myprog
Ownership and Group Ownership
Files and directories are owned by a user and a group.
chown (Change Owner)
chown robert mydata chown tony:tony myfile.txt
chgrp (Change Group)
chgrp forecast today
Default Permissions
The umask command controls the default permissions when files are created.
Examples:
umask umask 0002 umask -S u=rwx,g=rx,o=rx