Introduction
File permissions in Linux are important for keeping files safe. They control who can do what with files and folders.
If you're a Linux user or an administrator, knowing how to handle these permissions is really useful.
Basically, file permissions decide who can do specific things with a file or folder, like reading, writing, or running it.
Owner : This is the person who owns the file or folder.
Group : This includes a bunch of users who have similar permissions.
Others : Everyone else who isn't the owner or part of the group.
When you use the
ls
command, you only see file names by default.To get more details, you can use an "option" which is "flag" with the
ls
command.Options always start with a
-
symbol.For example, if you want a long listing, you type
ls -l
.With the long listing option, each file is shown on a separate line with extra information.
How to check the permission of files
Syntax :
ls -l
There's a lot of info in those lines like,
The first character indicates the type of file: '-' for a regular file, and 'd' for a directory.
The next nine characters (e.g.,
rwxr-xr-x
) show the security settings.The column after that indicates the owner of the file (e.g.,
chandu
).The subsequent column shows the group owner of the file, which often has special access (e.g.,
chandu
).Another column displays the size of the file in bytes.
Following that, you'll find the date and time the file was last modified.
The last column contains the name of the file or directory (e.g., Documents, Downloads, file_name_1.txt).
What are the three file permission
Permission | Description |
Read (r) | View file contents or list directory contents. |
Write (w) | Modify file contents or manage directory files. |
Execute (x) | Run file or access directory contents. |
In Linux file permissions, we can add operators to modify the permission.
Operators | Description |
+ | Add permissions |
- | Remove permissions |
\= | Set the permissions to the specified values |
In Linux file permissions, we can specify which category option should we choose based on our requirements.
Option | Category | Description |
u | User | Permissions apply only to the owner of the file or directory. Changes made here won't impact other users. |
g | Group | Permissions apply only to the group assigned to the file or directory. They don't influence other users. |
o | Others | Permissions in this category affect all users on the system except the owner and the group. Monitoring these permissions is crucial for system security. |
a | All | This option includes all three categories: owner, group, and others. It allows you to specify permissions for everyone at once. |
How to read the permission
Consider the example: "drwxr-xr--"
drwx
: The first four characters,drwx
, denote the permissions for the file type and owner. In this case, it's a directory ("d") with "read", "write", and "execute" permissions for the owner.r-x
: The next three characters,r-x
, represent the permissions for the group. Members of the group have "read" and "execute" permissions but can't modify the directory contents.r--
: Finally, the last three characters,r--
, signify the permissions for others. Any user not in the owner's group or without special permissions can only "read" the directory's contents but can't modify them or execute files within it.
Commands
chmod
This command is used to modify security permissions on files in Linux is called
chmod
.Chmod
stands for "change mode."It refers to altering the access permissions of a file.
These permissions, together called the file's security "mode," are shown using nine characters.
For instance, if you wish to grant "read and write" permission to all users ("others") for the file "file_name_1.txt" .
Syntax :
chmod o+rw file_name_1.txt
As you can see, it will add new permission of "write".
You can change multiple permissions simultaneously.
For instance, if you intend to revoke all permissions from all users, you would enter:
Syntax :
chmod ugo-rwx file_name_1.txt
or you can also use
chmod a-rwx file_name_1.txt
Here is an another example,
This command mentioned grants read (r) and write (w) permissions to both the user (u) and the group (g) for the file "file_name_1.txt" . Additionally, it removes execute (
x
) permission from others (o
).Syntax :
chmod ug+rw,o-x file_name_1.txt
Here, you can set the permissions for the user (u) to read (r), write (w), and execute (x), for the group (g) to read (r) and write (w), and adds read (r) permission for others (o) to the "file_name_2.txt" .
Syntax :
chmod u=rwx,g=rw,o+r file_name_2.txt
Instead of using 'r', 'w', and 'x' to represent permissions, we can use octal notation.
Each digit in octal notation corresponds to the permissions for the user ('u'), group ('g'), or others ('o').
So, both methods achieve the same result.
For instance,
chmod a+rwx file_name_1.txt
chmod 777 file_name_1.txt
Both methods grant full read, write, and execute permissions (represented as code=7) to the entire group.
Here is an another example of octal notation
chmod u=rwx,g=rw,o=r file_name_1.txt
chmod 764 file_name_1.txt
Both methods grant read, write, and execute permissions to user and for group, it will grant read and write permissions and for other, it will grant read permission (represented as code=764).
umask
Umask is a setting in Unix-like operating systems that determines the default permissions for newly created files and directories.
Umask is represented using a numeric value, typically in octal format, which subtracts from the default permissions. For instance, a umask of
022
would remove write permission for group and others.By default, umask subtracts permissions from the maximum allowed permissions for files
666
and directories777
, ensuring a level of security by default.Users can customize their umask setting to control the default permissions for their files and directories based on their preferences and security requirements.
Here is a common umask settings,
- Syntax :
umask
- Syntax :
chown
chown
is a command in Unix-like operating systems used to change the ownership of files and directories.With
chown
, you can specify both the user (owner) and group ownership of the file or directory.For instance,
chown <user_name>:<group_name> <file_name>
changes the ownership of the filefile_name
to the useruser_name
and the groupgroup_name
.Generally, only the superuser (root) can change ownership to other users ensuring proper security measures.
- Syntax :
sudo chown <user_name> <file_name>
- Syntax :
Make sure that user exist.
If you want to know how to create user, please check it out this blog User & Group Management
chgrp
chgrp
is a command in Unix-like systems used to change the group ownership of files and directories.Unlike
chown
, which can change both user and group ownership,chgrp
is specifically focused on modifying group ownership.Usually, only the superuser (root) or the file's current owner can change the group ownership of a file or directory, ensuring proper security measures.
- Syntax :
sudo chgrp <group_name> <file_name>
- Syntax :
Make sure that group exist.
If you want to know how to create group, please check it out this blog User & Group Management
Conclusion
File permissions in Linux help control who can access, modify, or execute files and directories, ensuring data security and privacy.
Permissions are assigned to three main categories of users: the file's owner, the group associated with the file, and all other users on the system.
Permissions are granted through read, write, and execute settings, allowing users to view, edit, and run files as needed.
The
chmod
command is used to change file permissions, allowing users to modify access levels based on their requirements.With file permissions, Linux users can customize to access rights for specific files and directories, ensuring that sensitive information remains protected while assisting collaboration and sharing.