Linux Permissions

Priya Srinivasan

One of the most common issues faced while working with linux-based systems is having to handle file permission-based issues. This happens when a user does not assign the right permissions to files or directories. Therefore it is important to understand the need for proper permissions and know how to set permissions on files and directories. This blog introduces to the ways in which permissions of a file/directory can be viewed/changed. The blog also talks about ways to specify shorthand for permissions.

Understanding the various permission groups

Each set of file or directory has a specific set of group for whom we can allot a specific permission. The different permission groups are:

Owner
Group
Others

Owner - Owner denotes the single person who owns the file. Group - These permissions apply to a particular group which has been assigned to the file. Others - These permissions apply to all the other users except for the owner and the group of the file.

The three different permissions that can be assigned to a file or directory are:

read
write
execute

read - When the user is allocated this permission, he or she can read the contents of the file. write - This permission gives the user the capability to write to the file or even modify the contents of the file. execute - With this permission, the user has the ability to execute the file if the file having a script/ a program.

Viewing Permissions

One can easily view the permissions for the file by checking for the file or the directory permissions in the file manager. With linux, we can make use of the long-listing option to view the permissions for a file.

While inside the directory, with the file or folder, type:

ls -l

The output in the terminal shows the permissions and the permission groups for the file or the folder.

The output is displayed in the form of: _rwxrwxrwx 1 owner:group

The above output can be delineated as:

underscore denotes the special permission flag that can vary.
The next 3 characters (rwx) denotes the permissions for the owner.
The following set of three characters (rwx) denotes the permissions for the users.
The last set of 3 characters is for denoting the permissions for other users and others in the system.

The integer or number after these characters denotes the number of hardlinks that are connected to the file.

The final owner:group assignment indicates if the user is given owner permissions or the group permission.

Modifying Permissions

Once can easily modify the permissions of a file using chmod.

The syntax goes like this:

chmod [permissions][path]

Permission arguments of chmod include 3 different components.

The first component indicates the person for whom the permissions are being changed for: owner, group, all or others.
The second component indicates if we are granting the permission or revoking the permission. This is indicated by a (+) or (-) symbol.
The third component is the variable that indicates the permission that we are setting(r,w or x).

Example 1

chmod g+x blogpost.md

The above statement gives the permission to the group for executing the markdown file blogpost.md

Example 2

chmod u-w blogpost.md

The above statement revokes the writing capability or permission from the user or the owner. The owner can de-allocate this capability to himself incase he doesn’t accidentally want to modify anything in the file.

Setting Permissions using Shorthand or Binary References

One can also use binary references to set permissions for a file. Apart from using the methods shown above, this particular approach of setting permissions using shorthand would be really handy.

One can use octal to binary mapping to set shorthand permissions. For example, the Octal number 7 maps to 111 in binary. The three digits indicate permissions for three types of permissions: read, write and execute.

Example 3

chmod 560 blogpost.md

The three digits after chmod indicate permissions for the owner, group and others. The integer 5 indicates(101) that owner has permissions for reading and executing the file, the second digit 6(110) indicates that the group has permissions for read and writing the file. The third digit 0(000) indicates that the other users have no permission to read, write or execute the file at all.

Setting Permissions for Directories

Setting permissions for directories is much similar to this, but with the slightest change.

r - setting this permission to 1 gives the ability to read the contents of the directory
w - setting this permission to 1 gives the ability to create files and folders within this particular directory
x - one can enter the directory only if this permission is set to 1

Example 4

chmod 645 myDirectory

The above example states that the owner has all the permissions to read, write and execute the directory(6=111), the group has permissions only to read the contents of the directory(4=100), and the other users have permissions only to read the contents of the directory or enter into the directory(5 = 101).

Changing Assignments of groups/owners

One can use the following command to set an owner or to set a group too. Chown command is used to assign or change the owner or group that has been assigned to a file or directory.

The syntax is:

chown owner:group filename

Example 5

chown userXYZ:school blogpost.md

This syntax indicates that the owner has been changed to userXYZ, and the group has been changed to school for the file blogpost.md

Advanced Permissions

Special Permission Flags at the beginning of the output string of file/directory permissions can be set to any of the following:

_ - underscore at the beginning of the permissions indicates that there are no special permissions associated with this file or directory.

l - the file or directory is a link

t - denotes sticky bit permissions. When this sticky bit has been set, only the owner will be able to rename or delete the file. To set sticky bit for a directory, the syntax goes like:

chmod +t myDirectory

d - indicates the directory

s - this bit is initialized to set setuid/setgid special permissions. These permissions tell the system to run an executable with owner’s permissions as the owner.