Do you want to secure your Linux system? If so, you need to understand Linux file permissions. File permissions control who can access files and directories on your system. By setting the correct file permissions, you can prevent unauthorized users from accessing sensitive files or directories.
This detailed article offers a comprehensive overview of Linux file and directory permissions, how to view Linux file permissions, and how to change file permissions in Linux.
In this guide, we will explain everything you need to know about Linux file permissions. We will cover the following topics:
- Types of Permissions in Linux
- Linux file permissions in Binary, Octal, and String formats
- Linux file permissions table
- How to view file and directory permissions using
ls
,stat
, andgetfacl
commands - What is
chmod
command in Linux - How to change Linux file permissions using
chmod
command - Frequently asked questions (FAQ) about file and directory permissions in Linux.
Table of Contents
Introduction
Linux is a multi-user system where different users and processes can access and manipulate files and directories. To maintain security and limit unauthorized access, Linux employs a comprehensive permissions system.
Each file and directory in your Linux system is assigned access rights (or permissions) for the owner of the file, the members of a group of related users, and everybody else.
Understanding file permissions is fundamental for the security of your Linux environment. They dictate who can access files and directories, and what users can do with them.
What are Linux File Permissions?
Linux file permissions are a core security feature that control who can access files and directories on a Linux system. They are represented by a set of three letters, one for each of the three user classes: owner, group, and others. Each letter represents one of three permissions: read, write, or execute.
For example, the permissions rwxr-xr-x
mean that the owner has read, write, and execute permissions, the group has read and execute permissions, and others have read and execute permissions.
Types of Permissions in Linux
There are three types of permissions (or permission modes) that Linux allows for each file or directory. They are:
- Read (r): The file can be opened, and its content viewed. For a directory, the read permission allows you to list the contents of the directory.
- Write (w): The file can be modified; for a directory, the write permission allows you to create, delete, and rename files within the directory.
- Execute (x): The file can be executed as a program. For a directory, the execute permission allows you to access, or traverse into, the directory, and access any of its contents.
These permissions are defined for the following types of users. These are also known as permission classes.
- User (u): The owner of the file.
- Group (g): Users who are members of the file's group.
- Others (o): Users who are not the owners of the file and do not belong to the group.
- All (a): Represents all three types of access classes.
Linux File Permissions in Binary, Octal, String Formats
In Linux, file permissions can be expressed in three different ways: Binary, Octal, or a Symbolic string representation. Here's how each works:
1. Binary Representation
Each permission is represented as a bit. Read is 4 (100
in binary), Write is 2 (010
in binary), and Execute is 1 (001
in binary). So, for example, full permissions (read, write, execute) would be 111
in binary, which stands for rwx
.
2. Octal Representation
This is the most common way to represent permissions, and it's really just a compact form of binary representation.
Each digit in octal corresponds to three bits in binary, which is perfect for rwx
permissions. So, for example, full permissions (read, write, execute) would be 7
in octal (since 4+2+1=7), which also stands for rwx
. No permissions would be 0
(---
), read-only would be 4
(r--)
, write-only would be 2
(-w-
), execute-only would be 1
(--x
), etc.
To put this in simple words, the numeric value 421
in terms of file permissions in a Linux system stands for rwx
, where each character corresponds to a different type of access:
4
stands forr
(read).2
stands forw
(write).1
stands forx
(execute).
When looking at permissions in the terminal, you'll usually see three octal digits in a row, like 777
, which represents the permissions for the owner, the group, and all other users respectively.
3. String (symbolic) Representation
This is the most human-readable form. Each permission is represented by a letter: r
for read, w
for write, x
for execute. So, for example, full permissions would be rwx
, read and write would be rw-
, and read and execute would be r-x
.
Again, when looking at permissions in the terminal, you'll usually see three sets of these permissions in a row, like rwxrwxrwx
, which represents the permissions for the owner, the group, and all other users respectively.
So to summarize, if you have full permissions, you could represent it in binary as 111
, in octal as 7
, or as a string as rwx
. Similarly, if you only had read and write permissions, you could represent it in binary as 110
, in octal as 6
, or as a string as rw-
.
Linux File Permissions Table
You can print the following table and put it on your desk to easily recall the Linux file permissions.
Binary Representation | Octal Representation | String Representation | Permission Type |
---|---|---|---|
000 | 0 | --- | No permission |
001 | 1 | --x | Execute only |
010 | 2 | -w- | Write only |
011 | 3 | -wx | Write & Execute |
100 | 4 | r-- | Read only |
101 | 5 | r-x | Read & Execute |
110 | 6 | rw- | Read & Write |
111 | 7 | rwx | All (Read, Write & Execute) |
Remember, each set of permissions corresponds to a role:
- The first set (
rwx
) corresponds to the owner of the file or directory. - The second set (
rwx
) corresponds to the group that owns the file or directory. - The third set (
rwx
) corresponds to all other users on the system.
Hopefully, you now have a basic understanding of Linux file permissions. Let's proceed to learn how to view and change permissions for files and directories in Linux.
View File and Directory Permissions in Linux
In Linux, you can use several commands to view file and directory permissions. In this tutorial, we will see how you can use ls
, stat
, and getfacl
commands to check Linux file permissions.
1. Check File and Directory Permissions using ls Command
You can check the permissions of a file or directory by using the ls -l
command.
Let me show you an example.
$ ls -l Documents/
The output will display a list of files and directories along with their permissions, number of links, owner, group, size, and time of last modification.
total 8 drwxr-xr-x 2 ostechnix ostechnix 4096 May 24 13:42 dir1 -rw-r--r-- 1 ostechnix ostechnix 78 May 24 13:35 file.txt
When you run the above command in your Linux system, the output of this command would look something like this: drwxr-xr-x
or -rw-r--r--
. This is a sequence of ten characters:
- The first character indicates the type of the file: a dash (
-
) means it's a regular file,d
stands for a directory, and there are other types as well (l
for link,b
for block device,c
for character device,s
for socket, andp
for named pipe). - The next nine characters represent the permissions for user, group, and others. Each set of three characters (
r
,w
,x
) correspond to read, write, and execute permissions. If a dash appears instead of a letter, that permission is not granted. The first set of three applies to the user, the second set applies to the group, and the third set applies to others.
In the case of dir1, it is a directory (d
), and the owner (ostechnix
) has read, write, and execute permissions (rwx
). Both the group and others have read and execute permissions (r-x
).
For file.txt
, it is a file (-
), and the owner (ostechnix
) has read and write permissions (rw-
). Both the group and others only have read permissions (r--
).
2. Check File and Directory Permissions using stat Command
The stat
command is used to display more detailed information about a file or directory, including the permissions in numeric (octal) form.
$ stat Documents/
Sample Output:
File: Documents/ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 10302h/66306d Inode: 1572889 Links: 3 Access: (0755/drwxr-xr-x) Uid: ( 1000/ostechnix) Gid: ( 1000/ostechnix) Access: 2023-05-24 13:42:26.669502054 +0530 Modify: 2023-05-24 13:42:16.849490036 +0530 Change: 2023-05-24 13:42:16.849490036 +0530 Birth: 2022-04-02 15:20:56.520250104 +0530
Look for the line in the output that begins with Access: (0755/drwxr-xr-x)
(the numbers and letters might be different based on the file's permissions). In the example output, the number 0755
is the permission in octal form, and drwxr-xr-x
is the permission in symbolic form.
Apart from the permissions, stat
command also displays other useful details. Here's what each piece of information means:
- File: This is the name of the file or directory, in this case, Desktop/.
- Size: This is the total size of the file or directory in bytes, in this case,
4096
bytes. - Blocks: This is the number of file system blocks allocated for this file or directory, in this case,
8
. - IO Block: This is the size of every block this file or directory occupies. It is
4096
bytes, which is typical for many filesystems. - Device: This field represents the device number in hexadecimal form on which the file or directory resides.
- Inode: This is the inode number, a unique identifier for every file and directory on a Unix-like operating system.
- Links: This is the number of hard links to the file or directory. Directories will always have at least two links: one for the directory name and one for '
.
', the alias for the current directory. - Access: This line shows the permissions of the file or directory in both numeric and symbolic form, along with the user ID (
Uid
) and group ID (Gid
) in both numeric and symbolic form. In this case, the permissions are0755
(octal) ordrwxr-xr-x
(symbolic), and the user and group are both ostechnix. - Access, Modify, Change: These lines indicate the last time the file or directory was accessed, modified, and changed respectively. Access refers to when the file or directory was last read, Modify refers to when the file or directory's content was last modified, and Change refers to when the file or directory's metadata (such as permissions or ownership) was last changed.
- Birth: This is the creation time of the file or directory. However, not all filesystems support the tracking of this information.
3. Check File and Directory Permissions using getfacl Command
The getfacl
command is used to get the Access Control List (ACL) for a file or directory. ACL is a more flexible permission mechanism than the traditional Unix permissions system.
$ getfacl Documents/
Sample Output:
# file: Documents/ # owner: ostechnix # group: ostechnix user::rwx group::r-x other::r-x
The above command is used to display the ACL entries for the Documents
directory. Here's a breakdown of the output:
# file: Documents/
: This line indicates the file or directory for which the ACL entries are being displayed. In this case, it is theDocuments
directory.# owner: ostechnix
: This line displays the owner of the file or directory. Here,ostechnix
is the owner.# group: ostechnix
: This line shows the group owner of the file or directory. The group owner is alsoostechnix
.user::rwx
: This entry shows the permissions of the owner of the file or directory.rwx
means the owner (ostechnix) has read (r
), write (w
), and execute (x
) permissions.group::r-x
: This entry shows the permissions of the group.r-x
means the group members have read (r
) and execute (x
) permissions, but not write (w
) permissions.other::r-x
: This entry shows the permissions for others (everyone else who is not the owner or a part of the group). Here, others also have read (r
) and execute (x
) permissions, but not write (w
) permissions.
Change Linux File Permissions using chmod Command
You can change the permissions with the chmod
command in Linux.
What is chmod in Linux?
The chmod
(stands for "Change Mode") command is used to change the permissions of a file or directory in Linux. It uses either symbolic notation (like rwx
) or octal notation (like 755
) to represent permissions.
chmod Operators
To set or change permissions, we can use the plus (+
) and minus (-
) and equal to (=
) operators in chmod
command.
Here's a brief explanation of how the +
, -
, and =
operators work in the chmod
command:
- The
+
operator adds permissions to a file or directory without changing the existing permissions. For example, if you want to add execute (x
) permission to the user (u
) on a file, you would usechmod u+x filename
. - The
-
operator removes permissions from a file or directory without changing the remaining permissions. For example, if you want to remove write (w
) permission from the group (g
) on a file, you would usechmod g-w filename
. - The
=
operator sets the permissions exactly as specified, disregarding the current permissions. For example, if you want to set the user (u
) permissions to read and write (rw
) only, removing execute if it's there, you would usechmod u=rw filename
.
Now let us learn some examples of using the chmod
command in both symbolic and octal notation.
Warning: Remember, it's important to carefully use the chmod
command, as inappropriate permissions can lead to security vulnerabilities.
How to Set or Change Linux File Permissions in Symbolic Notation?
To add read, write, and execute permissions to the owner of the file named 'file.txt
':
$ chmod u+rwx file.txt
To remove write permission from the group and others for 'file.txt
':
$ chmod go-w file.txt
To add execute permission to the group for 'file.txt
':
$ chmod g+x file.txt
To set the permissions so that the user can read/write, the group can read, and others can't access 'file.txt
':
$ chmod u=rw,g=r,o= file.txt
To add read permission to all (user, group, others) for 'file.txt
':
$ chmod a+r file.txt
How to Set or Change Linux File Permissions in Octal Notation?
To set read, write, and execute permissions to the owner, and read and execute permissions to the group and others for 'file.txt
':
$ chmod 755 file.txt
To assign read and write permissions to the owner, and only read permissions to the group and others for 'file.txt
':
$ chmod 644 file.txt
To give all permissions (read, write, execute) to the owner, and no permissions to the group and others for 'file.txt
':
$ chmod 700 file.txt
To give read and execute permissions to everyone for 'file.txt
':
$ chmod 555 file.txt
To give write and execute permissions to the group for 'file.txt
':
$ chmod 070 file.txt
For more details, refer chmod
manual page by entering the following command:
$ man chmod
Frequently Asked Questions
Here's a FAQ (Frequently Asked Questions) for chmod
command.
Chmod stands for "Change Mode". It's a Linux/Unix command used to change or modify the permissions of files and directories.
There are three types of permissions in Linux: read (r
), write (w
), and execute (x
).
You can use the chmod command in two ways: using numeric (octal) representation or symbolic representation. For example, 'chmod 755 filename
' or 'chmod u=rwx,g=rx,o=rx filename
'.
The command 'chmod 777
' gives read, write, and execute permissions to the user, group, and others for a particular file or directory. This is generally not advisable for most files due to security concerns.
You can remove permissions using the '-
' operator. For example, 'chmod u-w filename
' removes write permission for the user.
The 'a' in chmod stands for 'all', i.e., all classes of users - the owner, the group, and others.
You can set exact permissions using the '=
' operator. For example, 'chmod u=rwx filename
' sets the user's permissions to exactly read, write, and execute, removing all others.
Yes, you can change permissions of multiple files at once by using the chmod
command followed by the desired permissions and then the file names, separated by spaces. For example, 'chmod 644 file1 file2 file3
'.
You can view the permissions of a file using the 'ls -l
' command, which will display the permissions in the leftmost column of the output.
There is no direct 'undo' command for chmod
. However, you can manually change the permissions back to their original state if you know what they were. It's a good practice to check permissions (using 'ls -l
') before changing them.
Conclusion
Understanding and managing file and directory permissions is critical to securing your Linux environment and controlling access to your data. As a system administrator or a regular Linux user, mastering the chmod
command is very important for effectively managing access to your files and directories in Linux.
We hope this article helped you understand Linux file permissions and how to use them to secure your system. If you have any questions, please let us know via the comment section below.