Linux is a multi-operating system that can be accessed through numerous users concurrently. So, it has to be authenticated to ensure people from accessing other confidential files. Linux can also be used in mainframes and servers without any modifications. It uses the concept of ownership and permissions to enhance the security of the directories and files.
Linux File Permissions
Types of permissions
Every directories and file in Linux have three basic permission types. They are discussed as follows:
#1 Read Permission
The read permission enables you to open and read a file. For a directory, the read permission enables the user to list the contents of the directory.
#2 Write Permission
The write permission allows the user to modify the file and write new data to the file. For a directory, the write permission allows the user to modify the content of the directory. The user can add, remove, or rename files that belong to a particular directory.
#3 Execute Permissions
The execute permission allows the user to execute the file as a shell script or a program. For the directory, the execute permission enables the user to access the files in a directory and enter it by using the cd command but it does not allow to list the content.
Viewing the permissions
The view permission allows the user to check the directory or file in the GUI file manager or by reviewing the output using the command given below.
ls -l
Permissions groups
Every directory and file on Linux is owned by a specific user and group and are defined separately as three user based permission groups. They are as follows:
# User
A user is a person who owns the directory or file. By default, the user who creates the file or directory will be the owner.
# Group
The user group that owns the directory or file will not affect the actions of other users. All the users who belong to the group that owns the directory or file will have the same permission to access the file or directory.
# Other
The user who is not the owner of the directory or file and doesn’t belong to the same group of the directory or file. Simply, if we set the permission for the ‘other’ category, by default it will affect everyone.
If you want to view the users on the system, you can view the user using the command below:
cat /etc/passwd
Similarly, you can view the group on the system by using the command below:
cat /etc/group
-rw-rw-r– is a code that represents the permissions given to the owner, user group, and the world.
Here, the ‘-’ represents the selected file. For the directory, it is denoted as ‘d’.
The characters are simple to remember and understand.
- r- read permission
- w- write permission
- x- execute permission
- _- no permission
The first part of the code ‘rw-’ represents the owner can read the file, write the file, but cannot execute the file since the execute bit is set to ‘-’. Several Linux distributions such as CentOS, Ubuntu, Fedora, etc. will add users to the group of the same group name as the username.
The second part of the code ‘rw-’ represents for the user group and group members can read the file, write the file.
The third part of the code ‘r–’ represents any user and the user can only read the file.
Changing file permission using chmod
With the help of the change mode ‘chmod’ command, we can set the permissions such as read, write, and execute on a directory or file for the owner, user, and the group.
chmod <permission-number> <file-name>
Here, the permission number is calculated by using the assigned values for r, w, and x. The basic permission number includes three digits. Some special cases can use four digits as a permission number.
There are two ways to use the commands. They are as follows:
1. Numeric mode
In a numeric mode, file permissions do not denote as characters but as a three-digit octal number. The following table provides the numbers for all permission types.
Number | Character of Symbol | Permission Type |
0 | — | No permission |
1 | –x | Execute |
2 | -w- | Write |
3 | -wx | Write+Execute |
4 | r– | Read |
5 | r-x | Read+Execute |
6 | rw- | Read+Write |
7 | rwx | Read+Write+Execute |
For example, see the command below.
$ chmod 764 sample
ls -l sample
rwxrw-r-- 1 iExpertify iExpertify 20 June 20 06:00 sample
chmod 764 and checking permission. In the above command, we have changed the file permissions to 764. 764 represents the following:
- The owner can read, write, and execute
- The user group can read and write
- Any user can only read
2. Symbolic mode
In this mode, we can change permissions for all three owners. We can modify the permissions of a specific owner. With the use of mathematical symbols, we can modify the file permissions.
Operator | Description |
+ | Adds permission to access directory or files |
– | Removes permissions |
= | Sets permission and overrides the permissions set earlier |
Let’s see the example:
Current file
ls -l sample
-rw-rw-r-- 1 iExpertify iExpertify 22 2020-06-29 13:45 sample?
Setting permission to other users
$ chmod 0=rwx sample
$ ls -l sample
-rw-rw-rwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample
Adding execute permission to the user group
$ chmod g+x sample
$ ls -l sample
-rw-rwxrwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample?
Removing read permission for the user
$ chmod u-r sample
$ ls -l sample
--w-rwxrwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample
Changing ownership and group
For changing the ownership of a directory or file, use the command below:
chown user
If you want to change the user along with the group for a directory or file, use the command below
chown user: group filename
If you wish to change group owner only, use the command below
chgrp group_name filename
Here, chgrp represents for change group
Advanced permissions
The special permissions that are used to access directories or files are as following:
- _ – It represents there are no special permissions.
- d- It represents the directory.
- l- It represents the symbolic link of a directory or a file.
- t- It represents the sticky bit permissions. It represents ‘t’ in the executable portion of all user permissions.
- s- It indicates the setuid or setgid permissions. It represents ‘s’ in the read portion of the owner or group permissions.
Setuid or setgid special permissions
The setuid or setgid permissions are used to assign the system to run an executable as the owner with the owner’s permissions. We can assign this permission by explicit defining permissions.
The character that represents the setuid or setgid is ‘s’. To set the setuid or setgid bit on file1.sh, use the command below:
chmod g+s file1.sh
Be careful while using setuid or setgid permissions. If you assign the permissions incorrectly, then your system goes to intrusion.
Sticky bit special permissions
The sticky bit can be useful in a shared environment because when it is assigned to the permissions on a directory it sets permissions for the file owner only to rename or delete the file.
The character for the sticky bits is ‘t’. To set the sticky bits on a directory, use the command below:
chmod+t dir1
Tip
- The file /etc/group contains all the groups defined in the system
- You can use the command “groups” to find all the groups you are a member of
- You can use the command newgrp to work as a member a group other than your default group
- You cannot have 2 groups owning the same file.
- You do not have nested groups in Linux. One group cannot be sub-group of other
- x- eXecuting a directory means Being allowed to “enter” a dir and gain possible access to sub-dirs
- There are other permissions that you can set on Files and Directories which will be covered in a later advanced tutorial
Summary:
- Linux being a multi-user system uses permissions and ownership for security.
- There are three user types on a Linux system viz. User, Group and Other
- Linux divides the file permissions into read, write and execute denoted by r,w, and x
- The permissions on a file can be changed by ‘chmod’ command which can be further divided into Absolute and Symbolic mode
- The ‘chown’ command can change the ownership of a file/directory. Use the following commands: chown user file or chown user:group file
- The ‘chgrp’ command can change the group ownership chrgrp group filename
- What does x – eXecuting a directory mean? A: Being allowed to “enter” a dir and gain possible access to sub-dirs.