Linux is a multi-user operating system, which means that multiple users can access the same system and resources. To manage the access and use of files and directories by multiple users, Linux uses a set of permissions and ownership management rules.
NUMBER | PERMISSION TYPE | SYMBOL |
---|---|---|
0 | No Permission | — |
1 | Execute | –x |
2 | Write | -w- |
3 | Execute + Write | -wx |
4 | Read | r– |
5 | Read + Execute | r-x |
6 | Read + Write | rw |
7 | Read + Write + Execute | rwx |
File permissions determine who can access a file and what they can do with it (e.g., read, write, execute). Ownership determines which user and group own the file and have control over the permissions.
In Linux, every file and directory is assigned with a set of permissions and ownership information that defines who can access and use the file, and what they can do with it. This information is stored in the inode (index node) of the file, which is a data structure that contains information about the file, including its permissions and ownership.
In this article, we will explain the basics of Linux file permissions and ownership management.
File Permissions
File permissions in Linux are represented by a set of nine characters, which are grouped into three sets of three characters each. The first set represents the permissions for the owner of the file, the second set represents the permissions for the members of the group that the file belongs to, and the third set represents the permissions for all other users.
Each set of three characters represents the read (r), write (w), and execute (x) permissions for the file. The characters are either a dash (-), which means no permission, or the corresponding letter (r, w, or x) to indicate the permission. For example, if a file has the permissions set to “rwxrwxrwx”, it means that the owner, members of the group, and all other users have full permissions to read, write, and execute the file.
File permissions can be changed using the chmod (change mode) command, which allows you to specify the permissions for the owner, group, and other users. For example, to grant the owner of a file full permissions and restrict the group and other users to read-only access, you could use the following command:
chmod 700 file.txt
Ownership
Each file and directory in Linux is assigned an owner and a group. The owner is the user who created the file, and the group is a collection of users that the owner can share the file with.
Ownership information can be changed using the chown (change owner) and chgrp (change group) commands. For example, to change the owner of a file to the user “john” and the group to “users”, you could use the following commands:
chown john file.txt
chgrp users file.txt
It’s important to note that only the root user and users with superuser privileges can change the ownership of a file.
Symbolic Notation
COMMAND IN SYMBOLIC NOTATION | CHANGE IN USER (U) PERMISSIONS | CHANGE IN GROUP (G) PERMISSIONS | CHANGE IN WORLD (O) PERMISSIONS |
---|---|---|---|
chmod +x foo | ✓ Execute | ✓ Execute | ✓ Execute |
chmod a=x foo | ☐ Read ☐ Write ✓ Execute | ☐ Read ☐ Write ✓ Execute | ☐ Read ☐ Write ✓ Execute |
chmod u-w foo | ☐ Write | (No change) | (No change) |
chmod u+wx,g-x,o=rx foo | ✓ Write ✓ Execute | ☐ Execute | ✓ Read ☐ Write ✓ Execute |
Octal Notation
OCTAL dgt | PERMISSION(S) GRANTED | SYMBOLIC |
---|---|---|
0 | None | [u/g/o]-rwx |
1 | Execute permission only | [u/g/o]=x |
2 | Write permission only | [u/g/o]=w |
3 | Write and execute permissions only: 2 + 1 = 3 | [u/g/o]=wx |
4 | Read permission only | [u/g/o]=r |
5 | Read and execute permissions only: 4 + 1 = 5 | [u/g/o]=rx |
6 | Read and write permissions only: 4 + 2 = 6 | [u/g/o]=rw |
7 | All permissions: 4 + 2 + 1 = 7 | [u/g/o]=rwx |
Here are some examples of chmod
usage with octal notation:
COMMAND IN OCTAL NOTATION | CHANGE IN USER (U) PERMISSIONS | CHANGE IN GROUP (G) PERMISSIONS | CHANGE IN WORLD (O) PERMISSIONS |
---|---|---|---|
chmod 777 foo | ✓ Read ✓ Write ✓ Execute | ✓ Read ✓ Write ✓ Execute | ✓ Read ✓ Write ✓ Execute |
chmod 501 foo | ✓ Read ☐ Write ✓ Execute | ☐ Read ☐ Write ☐ Execute | ☐ Read ☐ Write ✓ Execute |
chmod 365 foo | ☐ Read ✓ Write ✓ Execute | ✓ Read ✓ Write ☐ Execute | ✓ Read ☐ Write ✓ Execute |
chmod 177 foo | ☐ Read ☐ Write ✓ Execute | ✓ Read ✓ Write ✓ Execute | ✓ Read ✓ Write ✓ Execute |
Conversion Between Symbolic and Octal Notations
r
↔ 1002 ⇔ 48,w
↔ 0102 ⇔ 28, andx
↔ 0012 ⇔ 18.
Therefore, each combination of r
, w
, and x
corresponds to the unique sum of their numerical representations, such as full rwx
permissions ↔ 111 111 1112 ⇔ 7778, as follows:
SYMBOLIC NOTATION (LS -L) | BINARY REPRESENTATION | OCTAL NOTATION |
---|---|---|
rwxr-xr-x | 111 101 101 | 755 |
rw-r--r-- | 110 100 100 | 644 |
rwx------ | 111 000 000 | 700 |
r-xr-xr-x | 101 101 101 | 555 |
Superuser
COMMAND (INCLUDES SHELL SYMBOL) | SYMBOL) DESCRIPTION OF COMMAND | OUTPUT PROMPT AND (NEW) SHELL SYMBOL |
---|---|---|
$ su | Invoke superuser shell | Password: # |
$ sudo some_command | Invoke superuser privilege in running some_command | Password: $ |
$ sudo -i | Invoke superuser shell if su is disabled | Password: # |
Changing File Ownership
COMMAND | DESCRIPTION |
---|---|
sudo chown user2 foo | Transfer user ownership of foo to user2 |
sudo chown 102 foo | Transfer user ownership of foo to the user with uid=102 |
Changing Group Ownership
COMMAND | DESCRIPTION |
---|---|
chgrp group2 foo | Transfer the ownership of file/directory foo to group group2 |
chgrp 2 foo | Transfer the ownership of file/directory foo to group with gid=2 |
sudo chown user2:group2 foo | (Superuser privileges required) Change the user and group ownership simultaneously to user2 and group2 respectively |
Linux File/Directory Permissions cheat sheet
Here is a complete Linux file/directory permissions cheat sheet:
- r (read) permission: Allows the user to read the contents of the file or list the contents of a directory.
- w (write) permission: Allows the user to modify the contents of the file or add/remove files from a directory.
- x (execute) permission: Allows the user to execute a file as a program or access the contents of a directory.
- u (user) identifier: Represents the owner of the file/directory.
- g (group) identifier: Represents the group associated with the file/directory.
- o (other) identifier: Represents all users who are not the owner or part of the group associated with the file/directory.
- (add) operator: Adds the specified permission to the existing permissions.
- (remove) operator: Removes the specified permission from the existing permissions.
- = (assign) operator: Assigns the specified permission, overwriting any existing permissions.
- chmod (change mode) command: Allows you to modify the permissions of a file/directory.
- chown (change owner) command: Allows you to change the owner of a file/directory.
- chgrp (change group) command: Allows you to change the group associated with a file/directory.
- umask (user file-creation mask) command: Specifies the default permissions for newly created files and directories.
- sticky bit: A special permission bit that prevents users from deleting or renaming a file/directory that they do not own.
- setuid (set user ID) bit: A special permission bit that allows the owner to execute a file with the permissions of the file’s owner, rather than the user’s own permissions.
- setgid (set group ID) bit: A special permission bit that allows files within a directory to inherit the group ownership of the directory.
- suid (set user ID) and sgid (set group ID) flags: The alternate representation of the setuid and setgid bits in the symbolic representation of file permissions.
It’s important to note that the permissions listed above are the basic permissions and can be combined in various ways to create complex permissions. Understanding how to use these permissions and commands can help you effectively manage the security and access of your files and directories in Linux.
Linux file permissions and ownership management are important concepts to understand when working with files and directories in a multi-user environment. The permissions and ownership information determine who can access a file and what they can do with it, and they provide a way to manage and control the access to the files. Understanding how to use the chmod, chown, and chgrp commands can help you effectively manage the permissions and ownership of your files and directories.