Understanding Linux File Permissions
- Linux Tips for Beginners
- Beginners guide to Reading and Finding Files in Linux
- Using Grep to Search for Text in Linux
- Understanding Linux File Permissions
- How to Archive, Compress and Extract files in Linux
- Linux Piping and Redirection
- Linux Hardlinks and Softlinks
- Basic Data Recovery in Linux
- Essential Guide to Working with Files in Linux
- Apache Administration on Linux
- MySql Administration on Linux
Linux File permissions specify three things you can do with a file - read, write and execute. They are referred to in Linux by a single letter code.
- r - read - you may view the contents of the file.
- w - write - you may change the contents of the file.
- x - execute - you may execute or run the file if it is a program or script.
For every file, we define 3 sets of people for whom we may specify permissions.
- owner - a single person who owns the file. (typically the person who created the file but ownership may be granted to some one else by certain users)
- group - every file belongs to a single group.
- others - everyone else who is not in the group or the owner.
Directory permissions are similar, they have the same letters but the meanings are slightly different.
- r - you have the ability to read the contents of the directory (ie do an ls)
- w - you have the ability to write into the directory (ie create files and directories)
- x - you have the ability to enter that directory (ie cd)
You can view permissions using the ls command with long descriptions enabled.
ls -l total 52 drwxr-xr-x 2 timmy timmy 4096 Jun 24 18:01 Desktop drwxr-xr-x 2 timmy timmy 4096 Jul 8 21:08 Documents drwxr-xr-x 2 timmy timmy 12288 Aug 17 17:48 Downloads drwxr-xr-x 2 timmy timmy 4096 Sep 3 2016 Music drwxr-xr-x 2 timmy timmy 4096 Aug 15 21:34 Pictures drwxr-xr-x 2 timmy timmy 4096 Sep 3 2016 Public drwxr-xr-x 3 timmy timmy 4096 May 14 16:38 Software drwxr-xr-x 2 timmy timmy 4096 Sep 3 2016 Templates drwxr-xr-x 2 timmy timmy 4096 May 21 21:49 Videos drwx------ 2 timmy timmy 4096 May 28 11:28 VirtualBox VMs
On each line, we can see the file type (d in this example, for directory) followed by three sets of three letters. A hyphen is used when the permission is not set, so r-- means read only, rw- means read and write, rwx means read, write and execute. The permissions are listed for owner, group and others. Following those permissions, we can see the owner username and the group name.
To change Linux permissions on a file or directory we use a command called chmod which stands for change mode bits.
The command chmod has arguments
- Who are we changing the permission for? [ugoa] - user (or owner), group, others, all
- Are we granting or revoking the permission - indicated with either a plus ( + ) or minus ( - )
- Which permission are we setting? - read ( r ), write ( w ) or execute ( x )
Here are a few examples commands for setting Linux file permissions.
Granting Execute permission on testfile
chmod +x testfile
Removing Write and Execute permissions from testfile
chmod –wx testfile
You'll notice that this only changes the permissions for the owner of the file, not the group or others. To change group or others permissions you have to specify (g)roup or (o)thers on the permission flag.
Set the write permission to the group on testfile
chmod g+w testfile
Remove the write and execite permission from the group on testfile
chmod g-wx testfile
Set the write permission for the others
chmod o+w testfile
Remove the read, write and execute permissions from others
chmod o-rwx workfolder
Another helpful command is changing ownerships of files and directories. The command is "chown" along with "name of new owner" & "name of file."
chown timmy testfile
We can also combine change group and ownership command by:
chown timmy:users testfile
You can also use the -R flag to change ownership and permissions recursivly.
The method outlined above isn't hard for setting permissions, but it can be a little tedious if there are lots of permissions to set. There are shorthand codes which you can use to speed up the process. The codes are based on a decimal number, which is converted to binary. Let's see how these the shorthand permission numbers work.
|0||0 0 0||---|
|1||0 0 1||--x|
|2||0 1 0||-w-|
|3||0 1 1||-wx|
|4||1 0 0||r--|
|5||1 0 1||r-x|
|6||1 1 0||rw-|
|7||1 1 1||rwx|
These octal numbers can be combined in three to form owner, group and others, so a shorthand permission of 700 will give read, write, and execute permission for the user, but nothing to everyone else. A value of 327 will give write and execute (3) permission for the user, w (2) for the group, and read, write, and execute for other users. A value of 777 will grant read, write and execute for owner, group and others and is generally regarded as unsafe.
Some common file permission combinations include
- 644 - readable and writeable by the owner of the file and readable by users in the group owner of that file and readable by everyone else.
- 755 - used for directories and is the same thing as 644, however it has the execute bit set for everyone. The execute bit is needed to be able to change into the directory.
Finally, here is a handy Linux Permissions calculator. Simply tick the boxes to set permissions and the correct octal number will be shown in the text boxes.