Linux is a multi-operating system that can be accessed through numerous users concurrently. So, it has to be authenticated to ensure people from accessing other confidential files. Linux can also be used in mainframes and servers without any modifications. It uses the concept of ownership and permissions to enhance the security of the directories and files.

In this article, we are going to learn the following topics:

  1. Types of permissions

    1. Read 

    2. Write 

    3. Execute

  2. Permission groups

    1. Owner

    2. Group

    3. Other 

  3. Changing file permission using chmod

  4. Changing ownership or group

  5. Advanced permissions

  6. Setuid/setgid special permissions

  7. Sticky bit special permissions

  8. Conclusion

Types of permissions

Every directories and files in Linux have three basic permission types. They are discussed as follows:

  • Read permission

The read permission enables you to open and read a file. For a directory, the read permission enables the user to list the contents of the directory.

  • Write permission

The write permission allows the user to modify the file and write new data to the file. For a directory, the write permission allows the user to modify the content of the directory. The user can add, remove or rename files that belong to a particular directory. 

  • Execute permissions

The execute permission allows the user to execute the file as a shell script or a program. For the directory, the execute permission enables the user to access the files in a directory and enter it by using the cd command but it does not allow to list the content.

Viewing the permissions

Subscribe to our youtube channel to get new updates..!

The view permission allows the user to check the directory or file in the GUI file manager or by reviewing the output using the command given below.

ls -l 

Permissions groups

Every directory and file on Linux is owned by a specific user and group and are defined separately as three user based permission groups. They are as follows:

User

A user is a person who owns the directory or file. By default, the user who creates the file or directory will be the owner. 

Group

The user group that owns the directory or file they will not affect the actions of other users. All the users who belong to the group that owns the directory or file will have the same permission to access the file or directory.

Other

The user who is not the owner of the directory or file and doesn’t belong to the same group of the directory or file. Simply, if we set the permission for ‘other’ category, by default it will affect everyone. 

If you want to view the users on the system, you can view the user using the command below:

 
cat /etc/passwd

Similarly, you can view the group on the system by using the command below:

cat /etc/group

-rw-rw-r-- is a code that represents the permissions given to the owner, user group, and the world.

Here, the ‘-’ represents the selected file. For the directory, it is denoted as ‘d’. 

The characters are simple to remember and understand.

The first part of the code ‘rw-’ represents the owner can read the file, write the file, but cannot execute the file since the execute bit is set to ‘-’. Several Linux distributions such as CentOS, Ubuntu, Fedora, etc. will add users to the group of the same group name as the username. 

The second part of the code ‘rw-’ represents for the user group and group members can read the file, write the file.

The third part of the code ‘r--’ represents for any user and the user can only read the file.

Changing file permission using chmod

With the help of change mode ‘chmod’ command, we can set the permissions such as read, write, and execute on a directory or file for the owner, user, and the group.

chmod <permission-number> <file-name>

Here, the permission number is calculated by using the assigned values for r, w, and x. The basic permission number includes three digits. Some special cases can use four digits as a permission number. 

There are two ways to use the commands. They are as follows: 

1.Numeric mode

In a numeric mode, file permissions do not denote as characters but as a three-digit octal number. The following table provides the numbers for all permission types.

Number Character of Symbol Permission Type
0 --- No permission
1 --x Execute
2 -w- Write
3 -wx Write+Execute
4 r-- Read
5 r-x Read+Execute
6 rw- Read+Write
7 rwx Read+Write+Execute

 For example, see the command below.

mindmajix@mindmajix:~$ chmod 764 sample

mindmajix@mindmajix: ~ ls -l sample

rwxrw-r-- 1 mindmajix mindmajix 20 June 20 06:00 sample

chmod 764 and checking permission. In the above command, we have changed the file permissions to 764. 764 represents the following:

  • The owner can read, write, and execute

  • Usergroup can read and write

  • Any user can only read

2. Symbolic mode

In this mode, we can change permissions for all three owners. We can modify permissions of a specific owner. With the use of mathematical symbols, we can modify the file permissions.

Operator Description
+ Adds permission to access directory or files
- Removes permissions
= Sets permission and overrides the permissions set earlier

Let’s see the example:

Current file

mindmajix@mindmajix: ~ ls -l sample

-rw-rw-r-- 1 mindmajix mindmajix 22 2020-06-29 13:45 sample?

Setting permission to other users

 
mindmajix@mindmajix:~$ chmod 0=rwx sample

mindmajix@mindmajix:~$ ls -l sample

-rw-rw-rwx 1 mindmajix mindmajix 22 2020-06-29 13:45 sample

Adding execute permission to the usergroup

mindmajix@mindmajix:~$ chmod g+x sample

mindmajix@mindmajix:~$ ls -l sample

-rw-rwxrwx 1 mindmajix mindmajix 22 2020-06-29 13:45 sample?

Removing read permission for the user

 
mindmajix@mindmajix:~$ chmod u-r sample

mindmajix@mindmajix:~$ ls -l sample

--w-rwxrwx 1 mindmajix mindmajix 22 2020-06-29 13:45 sample

Changing ownership and group

For changing the ownership of a directory or file, use the command below:

chown user

If you want to change user along with the group for a directory or file, use the command below

chown user: group filename

If you wish to change group owner only, use the command below

chgrp group_name filename

Here, chgrp represents for change group

Advanced permissions

The special permissions that are used to access directories or files are as following:

  • _ - It represents there are no special permissions.

  • d- It represents the directory.

  • l-  It represents the symbolic link of a directory or a file.

  • t- It represents the sticky bit permissions. It represents ‘t’ in the executable portion of all user permissions.

  • s- It indicates the setuid or setgid permissions. It represents ‘s’ in the read portion of the owner or group permissions.

Setuid or setgid special permissions

The setuid or setgid permissions are used to assign the system to run an executable as the owner with the owner’s permissions. We can assign this permission by explicit defining permissions. The character that represents the setuid or setgid is ‘s’. To set the setuid or setgid bit on file1.sh, use the command below:

chmod g+s file1.sh

Be careful while using setuid or setgid permissions. If you assign the permissions incorrectly, then your system goes to intrusion.

Sticky bit special permissions

The sticky bit can be useful in a shared environment because when it is assigned to the permissions on a directory it sets permissions for the file owner only to rename or delete the file. The character for the sticky bits is ‘t’. To set the sticky bits on a directory, use the command below:

chmod+t dir1

Conclusion

Linux as a multi-operating system sets permissions and ownership to ensure security for a file and directories of the users. And it also allows to change and modify the permissions to a set of people as per the requirements. In this article, we have learned the Linux file permissions, commands, and some examples in brief.