Introduction To Linux File And Directory Permissions
The Basic Linux Operating System is a clone of the Unix Operating System. Later it has been improved a lot due to its open source license. It is a multi-user Operating System that can be accessed by multiple users simultaneously. But it can be a possibility of security concerns in the system for file or directory access. That means any kind of unsolicited or malign user can change, delete, or corrupt the important data or file system. The Linux File and Directory Permissions are very important to use for the prevention of unsolicited or malign user access.
In Linux, file and directory permissions are used to control access to files and directories. Each file and directory has three types of permissions: read, write, and execute. These permissions can be assigned to the owner of the file, the group associated with the file, and all other users (referred to as “others”).
To make secure data or any files inside your system, the Linux System provides a method called Authorization. This file authorization divided into two levels. Such as:
- Ownership.
- Permissions.
So each user for a particular system will be having two authorization methods to assign permissions or access rights to specific users and groups of users. These types of permissions can control the ability of a user to view, change, navigate, or execute the contents of the file system. The below image shows the file permissions in Linux with examples of how the Linux File and Directory Permissions are assigned.
Ownership Of Linux File System or Directories
Every directory or file in the Linux/Unix file system is having 3 types of ownership, as given below;
- User: A user is the owner of any file that is created by him. So by default, a file will be the owner of this user who creates it.
- Group: A Group means more than one user. That means when multiple users are having access permissions to a particular file is called Group ownership of a file. Suppose you have a project where multiple users are required to access it, then you can use Group ownership. So here instead of assigning the permissions to each user manually, you can create a Group by adding all users to it and then assign permissions to that group so that nobody else should not able to access it.
- Other: An user who neither created a file nor belongs to a user Group could able to access a file is called Other.
Linux system is having multiple commands to know the file-related information. But a very common command is ‘ls’ that we are gonna use in our example. I have used this “ls -l” command and got the response with the below data as per my system.
root@DESKTOP-O6Q5JJ7:/home/prakashs# ls -l
total 32
-rwxr-xr-x 1 root root 16688 Nov 28 19:13 code
-rw-r--r-- 1 root root 108 Nov 28 19:13 code.cLinux File Type Explanation
If you look at the above command, it gives the details of a file having a file permission string. The first character indicates whether it is a regular file, directory, or a symbolic link.
| Symbol | Type |
|---|---|
| – | Regular File |
| d | Directory |
| l | Symbolyc Link |
Linux File Permissions
In the Linux file system, there are 3 types of file permissions. basically, it is Read type (r), Write type (w), and Execute Type (x). Symbolically, it is represented as r,w, & x. If you want to see the contents of a file only, then you can give that file with reading (r) permissions. If you want to see the contents of a file only, then you can give that file with writing (w) permissions. If you want to see the contents of a file only, then you can give that file with execute (x) permissions. Even if you want to have multiple permissions for a file then also you can use the combinations.
| Symbol | Permission |
|---|---|
| r | Read |
| w | Write |
| x | Execute |
The next string defines the
Linux File Verses Directory Permissions
The permission is a way of a file or a directory access. You can look at below table how it is different.
| Permission | File | Directory |
|---|---|---|
| Read (r) | It allows a file to be read | It allows file names in the directory to be read |
| Write (w) | It allows a file to be modified | It allows file entries or data in the directory that can be modified |
| Execute (x) | It allows a file that can be executed | It allows access to contents and metadata for entries |
Linux File Permission Categories
| Symbol | Category |
|---|---|
| u | User |
| g | Group |
| o | Other |
| a | All |
Groups in Linux System
- Every user in Linux will have at least one group.
- A single user also can belong to many groups.
- Basically, the groups are supposed used to organize the groups.
- The “groups” command displays a user group.
- You also can use the command “id -Gn“.
Linux File Permission Change
There are two types of file notation. One is symbolic notation and the other one is numeric notation. To specify the modes and information’s, you can use the Linux command “chmod”
| File Item | Description |
|---|---|
| chmod | File mode change command |
| ugoa | User, Group, Other, All |
| +-= | Add, Subtract, Ser permissions |
| rwx | Read, Write, Execute |
To specify the modes and permissions
Numeric Based File Or Directory Permissions
| r | w | x | Description |
|---|---|---|---|
| 0 | 0 | 0 | Value for OFF |
| 1 | 1 | 1 | Binary value for ON |
| 4 | 2 | 1 | Base 10 Value for ON |
Linux File Octal Permissions
| Octal | Binary | String | Descriptions |
|---|---|---|---|
| 0 | 0 | — | No permissions |
| 1 | 1 | –x | Execute Only permissions |
| 2 | 10 | -x- | Write Only permissions |
| 3 | 11 | -wx | Write and Execute permissions (2+1) |
| 4 | 100 | r– | Read Only permissions |
| 5 | 101 | r-x | Read and Execute permissions (4+1) |
| 6 | 110 | rw- | Read and Write permissions (4+2) |
| 7 | 111 | rwx | Read, Write and Execute (4+2+1) |
Linux Permission Type Based On Number System
| Number permissions | U | G | O |
|---|---|---|---|
| Symbolic | rwx | r-x | r– |
| Binary | 111 | 101 | 100 |
| Decimal | 7 | 5 | 4 |
Commonly Used Permissions in Linux
| Symbolic | Octal |
|---|---|
| -rwx—— | 700 |
| -rwxr-xr-x | 555 |
| -rw-rw-r– | 664 |
| -rw-rw—- | 660 |
| -rw-r—– | 644 |
Working With Groups
New files are belongs to your primary Group. The chgrp command used to change the group.
Directory Permissions
The permissions on a directory can affect the files in the directory. If the file permissions look correct, start checking directory permissions. You need to work in your way up to the root.
File Creation Mask
File creation mask determines the default permissions. If no mask were used, the permissions would be:
- 777 for directories
- 666 for files.
umask Command
umask [-S] [mode]It sets the file creation mask to mode, if given. Use -S to for symbolic notation.
| umask type | Directory | File |
|---|---|---|
| Base Permission | 777 | 666 |
| substract Umask | -022 | -022 |
| Creations Permissions | 755 | 644 |
Octal Subtraction is an Estimation
| Directory | File | |
|---|---|---|
| Base Permissions | 777 | 666 |
| Subtract Umask | -007 | -007 |
| Creations Permissions | 770 | 660* |
Common umask modes used in Linux System
- 022
- 002
- 077
- 007
| Octal | Binary | Directory Permissions | File Permissions |
|---|---|---|---|
| 0 | 0 | rwx | rw- |
| 1 | 1 | rw- | rw- |
| 2 | 10 | r-x | r– |
| 3 | 11 | r– | r– |
| 4 | 100 | -wx | -w- |
| 5 | 101 | -w- | -w- |
| 6 | 110 | –x | — |
| 7 | 111 | — | — |
Special Modes
- The umask 0022 is same as the umask 022.
- chmod 0644 is same as 644
- The special modes are.
- setuid
- setgid
- sticky
