Understanding Linux File Permissions

In Linux & Unix operating system, everything is a file. It’s well organized in the form of files and directories.

As per my knowledge, totally 7 types of files are available in Linux with 3 Major categories.

All of the files on a system have permissions that allow or prevent others from viewing, modifying or executing.

Since Linux is a multi-user operating system, so it has a strong file permission security, that allow only authorized users to access a specific file.

Each file in Linux is owned by a user and group. A user is the owner of the file, and group is the one to which the user belongs to.

Some group may contain more than one users and all the users can access the files which is belongs to the group.

Ownership of Linux files

There are three types of ownership is available for files in Linux, each file and directory is assigned to them.

  • User: A user is the owner of the file. The person who has created a file become its owner.
  • Group: Linux groups are a mechanism to manage a collection of Linux system users. Every one in the group will have the same access permissions to the file. It is the foundation of Linux security and access.
  • Others: The others permissions apply to all other users on the system.

File Permissions

Every file and directory in your Linux system has the following three permissions.

  • Read: Read permission allow users to open and read a file. The read permission on a directory allow users to lists its content.
  • Write: Write permission allow users to modify the contents of a file. The write permission on a directory allow users to add, remove and rename files on it.
  • Execute: This permission allow users to execute a file and get a results, it’s typically a bash script file. The execute permission on a directory allow users to navigate to inside the directory.
+------------+--------+---------------+
| Permission | Action | chmod Options |
+------------+--------+---------------+
|     read   |  View  |     r or 4    |
|    write   |  Edit  |     w or 2    |
|  execute   |Execute |     x or 1    |
+------------+--------+---------------+

Use the ls command to check a file and folder permissions.

$ ls -lh

total 244K
drwxr-xr-x 3 daygeek daygeek 4.0K Apr 23 20:50 install-gnome-themes
drwxr-xr-x 2 daygeek daygeek 4.0K Jul  8 11:38 nagios-4.4.3
-rwxr-xr-x 1 daygeek daygeek   98 Jan 11  2019 passwd-up1.sh*
-rwxr-xr-x 1 daygeek daygeek  159 Jan 11  2019 passwd-up.sh*
-rwxr-xr-x 1 daygeek daygeek   41 Jan 15  2019 ovh.sh*
-rw-r--r-- 1 daygeek daygeek   99 Jan 19 23:46 file-copy.sh
-rwxr-xr-x 1 daygeek daygeek 1.4K Feb  9 04:22 cpu-mem-check.sh*
-rwxr-xr-x 1 daygeek daygeek   82 Mar  1 13:24 pass-gen.sh*
-rwxr-xr-x 1 daygeek daygeek  214 Mar 10 22:15 user-add.sh*
-rwxr-xr-x 1 daygeek daygeek  151 Mar 16 02:10 pass-up.sh*
-rwxr-xr-x 1 daygeek daygeek  274 Mar 16 03:14 pass-multi-user.sh*
-rwxr-xr-x 1 daygeek daygeek   76 Mar 17 12:14 port_scan.sh*

The Linux file permissions consist of four parts, which is described below.

+----------------+----------------+
|File Permission | -|rw-|r--|r--  |
|Part            | S  A   B   C   |
+----------------+----------------+

The Linux file permissions totally has 9 dashes "-". The first dash "-" play a major role, which will tell you the file type, and remaining 8 dashes "-" used for file permissions.

+-------+--------------------------------------------+
|Part-S | Special - Filesystem object types          |
|Part-A | User (u): A user is the owner of the file. |
|Part-B | Group (g): Users who are in a group        |
|Part-C | Other (o): Everyone else                   |
+-------+--------------------------------------------+

The following example show you the full file permissions in detail. The Part-5 indicates the number of hard links to the file or directory. For files, it will be usually 1, until you create additional hard links.

For directories, it’s 2+ the number of sub directories. This is because a directory can be referred to either by its name in the parent directory,

$ ls -ld nagios-4.4.3

+--------------------------------------------------------------------+
|d|rwx|r-x|r-x| 2 |daygeek| daygeek| 4.0K| Jul  8 11:38| nagios-4.4.3|
|1| 2 | 3 | 4 | 5 |   6   |    7   |  8  |      9      |       10    |
+--------------------------------------------------------------------+

Part-1 (d) : It indicates a File Type (d - is denote a directory).
Part-2 (rwx) : It indicates a User/Owner permissions. The Owner is having (Read (r), Write (w) and Execute (x) permissions).
part-3 (r-x) : It indicates a Group permissions. The Group is having (Read (r) and Execute (x) permissions).
part-4 (r-x) : It indicates an Others permissions. The Others is having the (Read (r) and Execute (x) permissions).
part-5 (2) : It indicates a level of directories.
part-6 (daygeek) : It indicates a Owner of the file.
part-7 (daygeek) : It indicates a Group name which is belongs to the file.
part-8 (4.0K) : It indicates a File size.
part-9 (Jul 8 11:38) : It indicates a file created or modified Date & Time.
part-10 (nagios-4.4.3) : It indicates a file name.

Types of files in Linux.

  • Regular File
  • Directory File
  • Special Files (This category having five type of files)
  • Link File
  • Character Device File
  • Socket File
  • Named Pipe File
  • Block File

Refer the below table for better understanding of file types in Linux.

+--------+--------------------------------------------------------------------+
| Symbol |	                            Meaning                           |
+--------+--------------------------------------------------------------------+
|   –    | Regular File. It starts with underscore “_”.                       |
|   d    | Directory File. It starts with English alphabet letter “d”.        |
|   l    | Link File. It starts with English alphabet letter “l”.             |
|   c    | Character Device File. It starts with English alphabet letter “c”. |
|   s    | Socket File. It starts with English alphabet letter “s”.           |
|   p    | Named Pipe File. It starts with English alphabet letter “p”.       |
|   b    | Block File. It starts with English alphabet letter “b”.            |
+--------+--------------------------------------------------------------------+

There are two ways that we can use the command to set a file permissions in Linux.

  • Absolute mode
  • Symbolic mode

Absolute(Numeric) Mode

In this mode, we use a three-digit octal number to set a file permissions.

+--------------+--------+-------------------------+
| Octal Number | Symbol |     Permission Type     |
+--------------+--------+-------------------------+
|       0      |   ---  |  No Permission          |
|       1      |   --x  |  Execute                |
|       2      |   -w-  |  Write                  |
|       3      |   -wx  |  Write + Execute        |
|       4      |   r--  |  Read                   |
|       5      |   r-x  |  Read + Execute         |
|       6      |   rw-  |  Read + Write           |
|       7      |   rwx  |  Read + Write + Execute |
+--------------+--------+-------------------------+

Symbolic Mode

In this mode, we use symbols (ugoa and rxw) to set a file permissions.

+---------+------------------------------------------+
|Operator |                 Description              |
+---------+------------------------------------------+
|    +    | Adds a permission to a file or directory |
|    -    | Removes the permission                   |
|    =    | Sets the permission                      |
+---------+------------------------------------------+

The various owners are represented as below.

+------------------+--------------+
| User Denotations | chmod Option |
+------------------+--------------+
|    user/owner    |      u       |
|       group      |      g       |
|       other      |      o       |
|        all       |      a       |
+------------------+--------------+

What’s UMASK in Linux?

User Mask or User file creation MASK is the default permission or base permissions, which will control the permission when a new file is created on a Linux system.

  • The default umask 002 used for normal user.
  • The default umask 022 used for root user.

It can be find in the following file.

# cat /etc/profile | grep -i umask
# By default, we want umask to get set. This sets it for login shell
    umask 002
    umask 022

You can verify the same by running the command in the user’s account.

Normal user umask output.

# umask
0022

root user umask output.

$ umask
0002

What is SUID?

SGID (Set Group ID up on execution) is a special type of file permissions given to a file, for providing elevated privileges temporarily during execution.

This will inherit the file owner’s permissions only when the program/script is being executed. For example, the passwd command allows every user to change their own password even though, if they don’t have a write permission to the /etc/shadow file.

$ ls -lh /bin/passwd
-rwsr-xr-x 1 root root 55K Apr  4 02:03 /bin/passwd*

What is SGID?

SGID (Set Group ID up on execution) is a special type of file permissions given to a file, for providing elevated privileges temporarily during execution.

This will inherit the file group permissions only when the program/script is being executed. For example, the passwd command allows every user to change their own password even though, if it does not have write permission to the /etc/shadow file.

SGID is similar to SUID. The only difference is that the script/file having SGID instead of SUID and rest are same.

What is Sticky Bit?

The sticky bit is primarily used on shared directories. It allows users to a create their own files, read, write and execute files owned by other users, but are not allowed to remove files owned by other users.

How to Set/Change a Permissions to files in Linux Using chmod Command?

There are two ways we can set a file permissions.

Using Absolute Mode:

The below example will set 755 permission to daygeek directory.

$ chmod 755 /home/daygeek/

$ ls -ld /home/daygeek/
drwxr-xr-x 27 daygeek daygeek 4096 Jul 12 22:47

The below example will set 664 permission to magesh.txt file.

$ chmod 664 magesh.txt

$ ls -lh magesh.txt 
-rw-rw-r-- 1 daygeek daygeek 18 Jul 18 06:09 magesh.txt

Using Symbolic Mode:

The below example will set 775 permission to daygeek directory.

$ chmod ug+rwx,o+rx /home/daygeek/
$ chmod u+rwx,g+rwx,o+rx /home/daygeek/

$ ls -ld /home/daygeek/
drwxrwxr-x 27 daygeek daygeek 4096 Jul 18 06:09 /home/daygeek/

The below example will set 641 permission to magesh.txt file.

$ chmod u+rw,g=r,o=x magesh.txt

$ ls -lh magesh.txt 
-rw-r----x 1 daygeek daygeek 18 Jul 18 06:09 magesh.txt

How to Change/Set a User/Group Ownership of a file in Linux Using chown Command?

chown changes the user and/or group ownership of each given file.

It allows you to change the user permission, group permission and both together. The details are described in the below examples.

How to change only user permission?

$ sudo chown u1 magesh.txt 

$ ls -lh magesh.txt 
-rw-r----x 1 u1 daygeek 18 Jul 18 06:09 magesh.txt

How to change only group permission?

$ sudo chown :u1 magesh.txt 

$ ls -lh magesh.txt 
-rw-r----x 1 u1 u1 18 Jul 18 06:09 magesh.txt

How to change both permissions (User & Group)?

$ sudo chown daygeek:daygeek magesh.txt 

$ ls -lh magesh.txt 
-rw-r----x 1 daygeek daygeek 18 Jul 18 06:09 magesh.txt

If you would like to change the permission recursively then use the -R option.

$ sudo chown -R daygeek:daygeek 2gadmin 

How to Change a Group Ownership of a file in Linux Using chgrp Command?

chgrp command change the group ownership of each given file.

The details are described in the below examples.

$ sudo chgrp 2gadmin magesh.txt

$ ls -lh magesh.txt 
-rw-r----x 1 daygeek 2gadmin 18 Jul 18 06:09 magesh.txt

If you would like to change the permission recursively then use the -R option.

$ sudo chgrp -R 2gadmin daygeek

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *