Understanding Linux Permissions
A basic description of linux file permissions
The 3 Permission groups
By now you've been running ls -l
or other commands and writing scripts, and are wondering what exactly are linux permissions. Everything in Linux is considered a file this allows everything to be managed by the same file permissions there are 3 basic groups for permissions.
People
Permissions
Owner (u, for user) - Left Most 3
Read
Group (g, for the group) - Middle set of 3
Write
Other (o, for everyone else) - Right most 3
Execute
So there are three main entities: the Owner
of the file this is typically the original creator. The Group
this is typically the same primary group as the owner. And other
or all this is everyone and thing on the system that is not either the owner or in the approved group. Owner and user will be used interchangeably here.
Further there are three main levels of permissions. Read
which only allows a user/group to read a file. Write
which allows a user/group to make changes a file. And execute
which is required for users/groups to run scripts and enter directories.
Each of these permission levels also has a corresponding number. A user/group with all three permissions would have a value of 7 - the highest. And a user/group with the lowest permission would have a vaule of 1 - the lowest. This may be confusing as there are only 3 permission levels but the break down is as follows.
Permission level
Numeric Value
Read (r)
4
Write (w)
2
Execute (x)
1
So you see if a user/group has read, write, and execute permissions for a file they have a vaule of 7. If they only have read and write for a file they would have a value of 6. Despite having a value of 6 a user would still not be able to execute a script or enter a directory without the execute
permission level.
Changing the permission level. If the numbers confuse you, you can also set a file permission using the corresponding levels.
chmod +rwx myfile # chmod or change mode is the basic command to
# edit file permissions "+rwx" adds read, write, and execute
# But let's say we don't need the execute bit how would we change this?
chmod -x myfile # the "-" subtracts permissions from the file.
# You can also specify the user level
# Let's remove write permission for the group
chmod g-w myfile # the "g" refers to the group the "-w" removes write
# permission for the aforementiond group
# by default without arguments chmod makes changes to the owner (user)
Setting permissions with numbers. Truthfully, I believe this to be simpler. Please utilize the above table to follow along. Try to predict the output!
chmod 777 myfile # Gives all permissions to all user levels
# However, doing this especially on all files is poor security
# let's make our permissions more restrictive.
# output is: rwxrwxrwx <- this is the output that `ls -l` displays
chmod 700 myfile # that's better now only the user can do things.
# But does the user need to execute the file? Is it a script?
# If not this is unnecessary. Let's follow the rule of least privilege
# output is: rwx------ dashes mean no permission allowed
# rember this is split in threes, user, group, and other
# you can look at these permissions as: rwx,---,---
chmod 600 myfile # Perfect!
# However, what if "myfile" is actually a directory? At that it's a
# directory we want everyone to be able to access
# ouput rw-------
chmod 711 myfile # this allows everyone to access the directory
# but with only a the executable bit no one can read the contents
# of the directory. Let's change that
# output rwx--x--x
chmod 755 myfile # Now everyone can read and enter the directory
# But what if we want the user and group to be able to enter, read,
# and change files, but no one else? Let's see:
# output rwxrw-rw-
chmod 770 myfile
# output rwxrwx---
To learn more about linux permissions ask RedHat! After all they taught me. And as always refer to the man pages they are your best friend in the terminal. Type man chmod
to get the full list of possible uses and configuration.
Last updated
Was this helpful?