Introduction
In Linux, file permissions are crucial to the security of files. They manage the rights of users to access files and folders.
It's quite helpful to know how to manage these permissions if you're an administrator or Linux user.
In essence, file permissions control who has the ability to read, write, and execute a file or folder.
Owner : This is the person who owns the file or folder.
Group : This includes a bunch of users who have similar permissions.
Others : Everyone else who isn't the owner or part of the group.
By default, the
lscommand displays only file names.You can use the "option" of "flag" with the ls command to obtain extra information.
Options always start with a
-symbol.For example, if you want a long listing, you type
ls -l.Each file is displayed on a separate line with additional information when the long listing option is selected.
How to check the permission of files
Syntax :
ls -l
Many details are contained on those lines, including as
The first character ('-' for an ordinary file and 'd' for a directory) identifies the kind of file.
The next nine characters (e.g.,
rwxr-xr-x) show the security settings.The column after that indicates the owner of the file (e.g.,
chandu).The subsequent column shows the group owner of the file, which often has special access (e.g.,
chandu).Another column displays the size of the file in bytes.
Following that, you'll find the date and time the file was last modified.
The last column contains the name of the file or directory (e.g., Documents, Downloads, file_name_1.txt).
What are the three file permission
| Permission | Description |
| Read (r) | View file contents or list directory contents. |
| Write (w) | Modify file contents or manage directory files. |
| Execute (x) | Run file or access directory contents. |
In Linux file permissions, we can add operators to modify the permission.
| Operators | Description |
| + | Add permissions |
| - | Remove permissions |
| \= | Set the permissions to the specified values |
In Linux file permissions, we can specify which category option should we choose based on our requirements.
| Option | Category | Description |
| u | User | Permissions apply only to the owner of the file or directory. Changes made here won't impact other users. |
| g | Group | Permissions apply only to the group assigned to the file or directory. They don't influence other users. |
| o | Others | Permissions in this category affect all users on the system except the owner and the group. Monitoring these permissions is crucial for system security. |
| a | All | This option includes all three categories: owner, group, and others. It allows you to specify permissions for everyone at once. |
How to read the permission
Consider the example: "drwxr-xr--"
drwx: The first four characters,drwx, denote the permissions for the file type and owner. In this case, it's a directory ("d") with "read", "write", and "execute" permissions for the owner.r-x: The next three characters,r-x, represent the permissions for the group. Members of the group have "read" and "execute" permissions but can't modify the directory contents.r--: Finally, the last three characters,r--, signify the permissions for others. Any user not in the owner's group or without special permissions can only "read" the directory's contents but can't modify them or execute files within it.
Commands
chmod
This command is used to modify security permissions on files in Linux is called
chmod.Chmodstands for "change mode."It refers to changing a file's access permissions.
The combination of these permissions is known as the file's security "mode," and it is shown in nine characters.
For example, let's say you want to allow all users ("others") to "read and write" the file "file_name_1.txt".
Syntax :
chmod o+rw file_name_1.txt
As you can see, it will add new permission of "write".
You can change multiple permissions simultaneously.
For instance, if you intend to revoke all permissions from all users, you would enter:
Syntax :
chmod ugo-rwx file_name_1.txtor you can also use
chmod a-rwx file_name_1.txt
Here is an another example,
This command mentioned grants read (r) and write (w) permissions to both the user (u) and the group (g) for the file "file_name_1.txt" . Additionally, it removes execute (
x) permission from others (o).Syntax :
chmod ug+rw,o-x file_name_1.txt
Here, you can set the permissions for the user (u) to read (r), write (w), and execute (x), for the group (g) to read (r) and write (w), and adds read (r) permission for others (o) to the "file_name_2.txt" .
Syntax :
chmod u=rwx,g=rw,o+r file_name_2.txt
Instead of using 'r', 'w', and 'x' to represent permissions, we can use octal notation.
Each digit in octal notation corresponds to the permissions for the user ('u'), group ('g'), or others ('o').
So, both methods achieve the same result.
For instance,
chmod a+rwx file_name_1.txtchmod 777 file_name_1.txt
Both methods grant full read, write, and execute permissions (represented as code=7) to the entire group.
Here is an another example of octal notation
chmod u=rwx,g=rw,o=r file_name_1.txtchmod 764 file_name_1.txt
Both methods grant read, write, and execute permissions to user and for group, it will grant read and write permissions and for other, it will grant read permission (represented as code=764).
umask
In operating systems like Unix, the Umask setting controls the default permissions for newly created files and directories.
Umask is expressed as a number that deducts from the default permissions; this number is usually expressed in octal format. For example, removing write permission for the group and others would result in an umask of
022.Umask ensures a level of protection by default by deducting rights for files
666and directories777from the maximum allowed permissions.In order to manage the default permissions for their files and directories according to their preferences and security needs, users can adjust the umask parameter.
Here is a common umask settings,
- Syntax :
umask
- Syntax :
chown
In operating systems similar to Unix, the command
chownis used to modify the ownership of files and directories.With
chown, you can specify both the user (owner) and group ownership of the file or directory.For instance,
chown <user_name>:<group_name> <file_name>changes the ownership of the filefile_nameto the useruser_nameand the groupgroup_name.In most cases, ownership can only be transferred to other users by the superuser (root), guaranteeing appropriate security protocols.
- Syntax :
sudo chown <user_name> <file_name>
- Syntax :
Make sure that user exist.
If you want to know how to create user, please check it out this blog User & Group Management
chgrp
On Unix-like systems, the
chgrpcommand modifies the group ownership of files and directories.Chgrpis dedicated to changing group ownership, in opposite ofchown, which can alter both user and group ownership.Usually, only the superuser (root) or the file's current owner can change the group ownership of a file or directory, ensuring proper security measures.
- Syntax :
sudo chgrp <group_name> <file_name>
- Syntax :
Make sure that group exist.
If you want to know how to create group, please check it out this blog User & Group Management
Conclusion
In Linux, file permissions assist in limiting who has the ability to view, alter, or execute files and folders, protecting the security and privacy of data.
Three primary user groups are granted permissions: the owner of the file, the group linked to the file, and every other user on the system.
Users can see, edit, and execute files as needed thanks to permissions that are granted through read, write, and execute settings.
Users can adjust the access levels of a file according to their needs by using the
chmodcommand to update the file permissions.Linux users can use file permissions to customize access privileges for certain files and directories, protecting sensitive data and promoting sharing and cooperation.