Linux File Permissions
In Linux operating system, everything is organized in the form of files and directories. By setting permissions on files and directories, one can make sure that only authorized users are allowed to access a specific data. Each file in Linux is owned by a user and group. The user is the one that creates the file and group is the one to which the user (owner of the file) belongs to.
For example, you can list the files under the directory /home/sam as follows.
ls –l /home/sam
drwxrwxrwx 3 sam admin 80 2012-08-20 21:37 tmp
-rw-rw-r-- 1 sam admin 8187 2012-08-25 13:35 file1
-rwxr-x--- 1 sam admin 10348 2012-08-21 20:31 file2
Here, the first field shows the file permissions, third column shows the owner (user) of the file and the fourth column shows the group of the file. We can check the file permission field in detail.
To understand the file permissions easily, we can divide the permission bits into 4 parts.
The first part can have any of the following value.
d : directory
- : regular file
l : symbolic link
p : named pipe
s : Unix domain socket
c : character device file
b : block device file
The second part shows the allowed permissions for the user (owner of the file/directory). Third part shows the allowed permissions for the users that belong to the group of the file/directory and the fourth part shows the permissions for everybody else (who doesn’t belong to the user or group).
Permissions need to be set for the following modes.
• r : read permission
For a file ‘r’ means you will be able to read the file.
For a directory, the permission ‘r’ means you will be able to list the contents of the directory.
• w: write permission
For a file ‘w’ means you will be able to edit the file.
For a directory, the permission ‘w’ means you will be able to add, delete or rename files in that directory.
• x : execute permission
For a file ‘x’ means you will be able to execute the program or shell script of that file.
For a directory, the permission ‘x’ means you will be able to move to that directory (cd to the directory).
So, the permission “drwxrwxrwx” on ‘tmp’ directory sets read, write and execute permissions for user, group and others. And the permission ‘-rw-rw-r—‘ on file1 permits the user sam to read and edit the file, all users belong to the group admin can also read and write the file and everybody else can just read the file but not write or execute it.
Changing File permissions
The linux command chmod can be used to change the permission of a file or directory. The basic syntax of ‘chmod’ command is as follows.
chmod [option] OCTAL-MODE filename
The value of OCTAL-MODE is basically a 3 digit number where first digit refers to the permissions for the ‘user’, second digit refers to the permissions for the ‘group’ and third digit refers to the permissions for ‘others (anybody other than the user and group)’. Each digit can be calculated using the following table
r (Read) 4
w (write) 2
x (execute) 1
-(no permission) 0
If you want to set the permission of a file such that the user should be able to read, write and execute the file, group and others should only be read and execute the file, the permission should be like ‘-rwxr-xr-x’.
We can now find the OCTAL-MODE need to be used for setting the permission ‘-rwxr-xr-x’.
For user part -> rwx = 4+2+1 = 7
For Group -> r-x = 4+0+1 = 5
For others -> r-x = 4+0+1 = 5
Hence, the command should be,
chmod 755 filename
If you want to set the permission of a file such that the user should be able to read and write the file, the group should be able to read the file and others should not have any access to the file, permission should be like ‘-rw-r-----‘.
For user -> rw- = 4+2 = 6
For group -> r-- = 4+0+0 =4
For others -> --- = 0+0+0 =0
Hence the command should be,
chmod 640 filename
If you want to temporarily disable a file, you need to set the permission of the file such that nobody will be able to access the file. In order to set this permission ‘----------‘, you need to execute the command,
chmod 000 filename
If you want to give full permissions (rwxrwxrwx) to a directory and all sub directories and files in it, you can use chmod recursively as follows.
chmod –R 777 dir_name