Linux File Permissions -chmod

Reading Time: 7 minutes

Linux is a multi-operating system that can be accessed through numerous users concurrently. So, it has to be authenticated to ensure people from accessing other confidential files. Linux can also be used in mainframes and servers without any modifications. It uses the concept of ownership and permissions to enhance the security of the directories and files. 

we will cover these topics: hide
1) Linux File Permissions
1.1) Types of permissions
1.1.1) #1 Read Permission
1.1.2) #2 Write Permission
1.1.3) #3 Execute Permissions
2) Viewing the permissions
2.1) Permissions groups
2.1.1) # User
2.1.2) # Group
2.1.3) # Other
3) Changing file permission using chmod
3.1) 1. Numeric mode
3.2) 2. Symbolic mode
4) Changing ownership and group
5) Setuid or setgid special permissions
5.1) Sticky bit special permissions
5.2) Tip
6) Summary:
6.1) What to read next?

Linux File Permissions

Types of permissions

Every directories and file in Linux have three basic permission types. They are discussed as follows:

#1 Read Permission

The read permission enables you to open and read a file. For a directory, the read permission enables the user to list the contents of the directory.

#2 Write Permission

The write permission allows the user to modify the file and write new data to the file. For a directory, the write permission allows the user to modify the content of the directory. The user can add, remove, or rename files that belong to a particular directory. 

#3 Execute Permissions

The execute permission allows the user to execute the file as a shell script or a program. For the directory, the execute permission enables the user to access the files in a directory and enter it by using the cd command but it does not allow to list the content.

Viewing the permissions

The view permission allows the user to check the directory or file in the GUI file manager or by reviewing the output using the command given below.

ls -l

Permissions groups

Every directory and file on Linux is owned by a specific user and group and are defined separately as three user based permission groups. They are as follows:

# User

A user is a person who owns the directory or file. By default, the user who creates the file or directory will be the owner. 

# Group

The user group that owns the directory or file will not affect the actions of other users. All the users who belong to the group that owns the directory or file will have the same permission to access the file or directory.

# Other

The user who is not the owner of the directory or file and doesn’t belong to the same group of the directory or file. Simply, if we set the permission for the ‘other’ category, by default it will affect everyone. 

If you want to view the users on the system, you can view the user using the command below:

cat /etc/passwd

Similarly, you can view the group on the system by using the command below:

cat /etc/group

-rw-rw-r– is a code that represents the permissions given to the owner, user group, and the world.

Here, the ‘-’ represents the selected file. For the directory, it is denoted as ‘d’. 

The characters are simple to remember and understand.

  • r- read permission
  • w- write permission
  • x- execute permission
  • _- no permission

The first part of the code ‘rw-’ represents the owner can read the file, write the file, but cannot execute the file since the execute bit is set to ‘-’. Several Linux distributions such as CentOS, Ubuntu, Fedora, etc. will add users to the group of the same group name as the username. 

The second part of the code ‘rw-’ represents for the user group and group members can read the file, write the file.

The third part of the code ‘r–’ represents any user and the user can only read the file.

Changing file permission using chmod

With the help of the change mode ‘chmod’ command, we can set the permissions such as read, write, and execute on a directory or file for the owner, user, and the group.

chmod <permission-number> <file-name>

Here, the permission number is calculated by using the assigned values for r, w, and x. The basic permission number includes three digits. Some special cases can use four digits as a permission number. 

There are two ways to use the commands. They are as follows: 

1. Numeric mode

In a numeric mode, file permissions do not denote as characters but as a three-digit octal number. The following table provides the numbers for all permission types.

NumberCharacter of SymbolPermission Type
0No permission
1–xExecute
2-w-Write
3-wxWrite+Execute
4r–Read
5r-xRead+Execute
6rw-Read+Write
7rwxRead+Write+Execute

For example, see the command below.

$ chmod 764 sample

ls -l sample

rwxrw-r-- 1 iExpertify iExpertify 20 June 20 06:00 sample

chmod 764 and checking permission. In the above command, we have changed the file permissions to 764. 764 represents the following:

  • The owner can read, write, and execute
  • The user group can read and write
  • Any user can only read

2. Symbolic mode

In this mode, we can change permissions for all three owners. We can modify the permissions of a specific owner. With the use of mathematical symbols, we can modify the file permissions.

OperatorDescription
+Adds permission to access directory or files
Removes permissions
=Sets permission and overrides the permissions set earlier

Let’s see the example:

Current file

ls -l sample

-rw-rw-r-- 1 iExpertify iExpertify 22 2020-06-29 13:45 sample?

Setting permission to other users

$ chmod 0=rwx sample

$ ls -l sample

-rw-rw-rwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample

Adding execute permission to the user group

$ chmod g+x sample

$ ls -l sample

-rw-rwxrwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample?

Removing read permission for the user

$ chmod u-r sample

$ ls -l sample

--w-rwxrwx 1 iExpertify iExpertify 22 2020-06-29 13:45 sample

Changing ownership and group

For changing the ownership of a directory or file, use the command below:

chown user

If you want to change the user along with the group for a directory or file, use the command below

chown user: group filename

If you wish to change group owner only, use the command below

chgrp group_name filename

Here, chgrp represents for change group

Advanced permissions

The special permissions that are used to access directories or files are as following:

  • _ – It represents there are no special permissions.
  • d- It represents the directory.
  • l-  It represents the symbolic link of a directory or a file.
  • t- It represents the sticky bit permissions. It represents ‘t’ in the executable portion of all user permissions.
  • s- It indicates the setuid or setgid permissions. It represents ‘s’ in the read portion of the owner or group permissions.

Setuid or setgid special permissions

The setuid or setgid permissions are used to assign the system to run an executable as the owner with the owner’s permissions. We can assign this permission by explicit defining permissions.

The character that represents the setuid or setgid is ‘s’. To set the setuid or setgid bit on file1.sh, use the command below:

chmod g+s file1.sh

Be careful while using setuid or setgid permissions. If you assign the permissions incorrectly, then your system goes to intrusion.

Sticky bit special permissions

The sticky bit can be useful in a shared environment because when it is assigned to the permissions on a directory it sets permissions for the file owner only to rename or delete the file.

The character for the sticky bits is ‘t’. To set the sticky bits on a directory, use the command below:

chmod+t dir1

Tip

  • The file /etc/group contains all the groups defined in the system
  • You can use the command “groups” to find all the groups you are a member of
  • You can use the command newgrp to work as a member a group other than your default group
  • You cannot have 2 groups owning the same file.
  • You do not have nested groups in Linux. One group cannot be sub-group of other
  • x- eXecuting a directory means Being allowed to “enter” a dir and gain possible access to sub-dirs
  • There are other permissions that you can set on Files and Directories which will be covered in a later advanced tutorial

Summary:

  • Linux being a multi-user system uses permissions and ownership for security.
  • There are three user types on a Linux system viz. User, Group and Other
  • Linux divides the file permissions into read, write and execute denoted by r,w, and x
  • The permissions on a file can be changed by ‘chmod’ command which can be further divided into Absolute and Symbolic mode
  • The ‘chown’ command can change the ownership of a file/directory. Use the following commands: chown user file or chown user:group file
  • The ‘chgrp’ command can change the group ownership chrgrp group filename
  • What does x – eXecuting a directory mean? A: Being allowed to “enter” a dir and gain possible access to sub-dirs.

What to read next?

Nothing to see here. Consider joining one of our full courses..