Linux Basic Series: File Permissions (P5)

This article explains what are file permissions, how to change file permissions and special permissions.

This is the 4th part of 7 part series where I explain the Basics of Linux.

What are file permissions?

File permissions are used to control access to files and directories on a Linux system. Three types of permissions can be assigned to files: read, write, and execute. These permissions can be assigned to three categories of users: owner, group, and others. The owner of a file is typically the user who created it, while the group is a collection of users who have been granted similar permissions on the file. The 'others' category includes all other users who are not the owner or a member of the group.


How to view permissions?

The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

ls -l

'-rw-rw-r-' this tells us about the Unix permissions given to the owner, user group and the world.

Here the first '-' implies that we have selected a file.

Else, if it were a directory, d would have been shown.

  • r = read permission

  • w = write permission

  • x = execute permission

  • – = no permission

The first part of the code is ‘rw-‘. This suggests that the owner ‘Home’ can:

  • Read the file

  • Write or edit the file

  • He cannot execute the file since the execute bit is set to ‘-‘.

The second part is ‘rw-‘. It for the user group ‘Home’ and group-members can:

  • Read the file Write or edit the file

The third part is for the world which means any user. It says ‘r–‘. This means the user can only:

  • Read the file


Changing file Permissions

File permissions can be changed using the chmod command. The chmod command allows you to modify the read, write, and execute permissions for a file or directory, as well as assign ownership to a specific user or group.

For example, to give the owner of a file read, write, and execute permissions, and remove all permissions from the group and others, you would use the following command:

chmod 700 myfile.txt

In this command, '7' represents the permissions assigned to the owner, '0' represents the permissions assigned to the group and others, and 'myfile.txt' is the name of the file you want to change permissions on.

There are 2 ways to use the command –

  1. Absolute mode

  2. Symbolic mode

Absolute(Numeric) Mode

In this, the file permissions are represented as a three-digit octal number.

The table below gives numbers for all permissions types.

Let’s see the chmod permissions command in action.

File Permissions in Linux/Unix

In the above-given terminal window, we have changed the permissions of the file ‘sample to ‘764’.

File Permissions in Linux/Unix

‘764’ absolute code says the following:

  • Owner can read, write and execute

  • Usergroup can read and write

  • World can only read

This is shown as "-rwxrw-r–"

Symbolic Mode

In absolute mode you change permissions for all 3 owners. In symbolic mode, you can modify permissions of a specific owner. It uses mathematical symbols to modify unix file permissions.

The various owners are represented as –

We will not be using permissions in numbers like 755 but characters like rwx. Let’s look into an example

File Permissions in Linux/Unix


Special Permissions

Setuid

The 'setuid' permission allows a user to execute a file with the permissions of the owner. This can be useful when you need a user to execute a command that requires elevated privileges, such as running a backup or installing software. To assign setuid permissions to a file, you can use the chmod command and the number '4'.

For example, let's say you have a file called 'backup.sh' that you want a regular user to be able to execute with elevated privileges. You could assign setuid permissions to the file like this:

chmod 4755 backup.sh

In this command, '4' represents the setuid permission, '7' represents read, write, and execute permissions for the owner, '5' represents read and execute permissions for the group, and '5' represents read and execute permissions for others.


Setgid

The 'setgid' permission allows a user to execute a file with the permissions of the group. This can be useful when you have a directory that multiple users need to access and modify. By assigning setgid permissions to the directory, you can ensure that all new files and directories created within it inherit the group ownership of the parent directory. To assign setgid permissions to a file or directory, you can use the 'chmod' command and the number '2'.

For example, let's say you have a directory called 'shared' that you want multiple users to be able to access and modify. You could assign setgid permissions to the directory like this:

chmod 2775 shared

In this command, '2' represents the setgid permission, '7' represents read, write, and execute permissions for the owner, '7' represents read, write, and execute permissions for the group, and '5' represents read and execute permissions for others.

Overall, setuid and setgid permissions can be useful tools for managing access to files and directories on a Linux system. By using these permissions, you can give users the access they need to perform certain tasks without compromising the security or integrity of your system.