Linux File Permissions | Learn Now !!

Ever wondered how Linux controls access to your files and folders? File permissions are the gatekeepers, determining who can view (read), modify (write), or even run (execute) the files. Understanding them is crucial for keeping your Linux system secure.

Seeing is Believing: Using ls -l

The ls -l command is your key to unlocking detailed file information, including permissions. Run it in your terminal, and you might see something like this:

-rw-r--r--  1 your_username users  4096 Jun 13 10:20 important_data

This string might seem like a jumble of letters and dashes but don’t worry, we’ll break the code together!

Decoding the Permission String: A Breakdown with Examples

The first character tells you the file type:

• - for a regular file, like your document named “important_data” in this example.

The next nine characters represent the file permissions. They’re divided into three groups of three, representing different access levels:

1. Owner: Permissions for the file’s owner (the user who created it, in this case, your_username).
2. Group: Permissions for the group the file belongs to (like a group named “users” in this example).
3. Others: Permissions for everyone else on the system.

Within each group of three, you’ll see letters representing specific permissions:

• r (read): Allows viewing the file’s contents. Imagine reading a book.
• w (write): Allows modifying the file’s contents. Think of editing your code.
• x (execute): Allows running the file (if it’s a program) or listing the contents of a directory. Like opening an app.
• - (dash): Means no permission for that specific action.

For example, in the string -rw-r--r--, the owner (you) has read and write access (can view and modify the file), the group “users” can only read the file, and everyone else on the system can also only read the file.

Understanding the Bits

Each permission (r, w, or x) is assigned a binary value:

• r = 4
• w = 2
• x = 1

These values are added together to represent the permission level for each group (owner, group, others). So, in our example:

• Owner (rw-) = 4 (read) + 2 (write) + 0 (no execute) = 6 (read and write)
• Group (r–) = 4 (read) + 0 (no write) + 0 (no execute) = 4 (read-only)
• Others (r–) = 4 (read) + 0 (no write) + 0 (no execute) = 4 (read-only)

The Last Bit

The last character in the permission string is usually a dot (.). It indicates that no alternate access methods (like access control lists) are in place. Think of it as a silent character in the permission bits.

Taking Control Using chmod

Now that you understand the code, you can use the chmod command to change file permissions. Here’s a basic breakdown:

chmod [options] permission_changes file

• options (optional): Flags that modify how permissions are applied.
• permission_changes: How you want to change permissions (e.g., add, remove, or set specific permissions).
• file: The file or directory for which you want to modify permissions.

Adding permissions

Use + (plus sign) before the permission. For instance, let’s say you used ls -l to see the permission for a file named blaaah and you get the output as follows

ls -l blaah

#Output
-rw-r--r--  1 krish krish  4096 Jan 11 10:20 blaah

Now you want to give write permission to the group of the file ( read it again ). You use the command below and the group gets the write permission for the file “blaaah”.

chmod g+w blaah

ls -l

#Output
-rw-rw-r--  1 krish krish  4096 Jan 11 10:20 blaaah

This changes the permissions string to -rw-rw--r--, allowing the group to read and write the file.

Removing permissions

Use - (minus sign) before the permission. Let’s say you want to remove the written permission for the owner of the file blaaah.

First let’s see what permissions we have in the file right now

ls -l blaah

#Output
-rw-rw-r--  1 krish krish  4096 Jan 11 10:20 blaah

Now we remove the written permission of the owner of the file using -

chmod o-w important_data

Now if we again see the file permission using ls-l we would see something like this :

ls -l blaah

#Output
-r--rw-r--  1 krish krish  4096 Jan 11 10:20 blaah

This changes the string to -r--rw----, ensuring only the owner has the written permission.

• Setting specific permissions: Use a numeric value representing the desired permission level. Here’s an example:

Suppose you want to grant everyone read access to a file named “public_info” but restrict write and execute permissions for everyone except the owner. You’d use:

chmod 444 public_info

Here’s the breakdown:

• The number 4 represents read permission (remember, r = 4).
• Since there are three digits, it applies to the owner, group, and others.
• Since all digits are 4, everyone gets read permission only (444 translates to read-only for all).

Special Permissions:

There are two additional permission bits you might encounter:

• s (set user ID/set group ID): This allows the file to be executed with the permissions of the owner (s) or the group (S) that owns the file, even if the user running it doesn’t have those permissions themselves. This is an advanced topic and should be used with caution.
• t (sticky bit): This special permission applies only to directories. When set on a directory, only the owner of a file within the directory or the system administrator can delete or rename the file.

Remember: Changing file permissions can affect security. Make sure you understand the implications before modifying them. It’s always a good practice to start with the most restrictive permissions that meet your needs and gradually increase them if necessary.

Practice Makes Perfect: Scenarios with chmod

Here are some scenarios to help you solidify your understanding of chmod:

1. Scenario: You want a script named “run_script” to be executable by everyone on the system.

chmod +x run_script

This adds execute permission for everyone (owner, group, and others).

2. Scenario: You’re collaborating on a project with a team member named “colleague” and want them to be able to modify a shared file named “project_data”.

chmod g+w project_data  # Grant write permission to the group
chgrp colleague project_data  # Change the group ownership of the file to "colleague"

Explanation:

• First, we give write permission to the group using chmod.
• Then, we use chgrp to change the group ownership of the file to “colleague” so they can leverage the write permission granted to the group.

By understanding file permissions and using chmod effectively, you can manage your Linux system with confidence and ensure your files are accessed by the right people with the appropriate permissions.