Linux file permissions are very well documented in many places throughout the internet. In fact, it’s one of the first things one learns when first learning Linux. Linux permissions are the first layer of security when it comes to your personal files and folders, as they control who can access and/or change them (and in Linux, technically everything is a file, but that’s a discussion for another day).
Due to the wide availability of documentation available for Linux permissions, we won’t be going into the full-depth explanation here. Rather, this will be more of a layman’s explanation to those who may be brand-new to Linux and may not understand the official documentation available in other places. For the everyday home Linux user, you may not be changing permissions very often. However, for the power user or system administrator, permissions are a vital part of one’s security strategy. Let’s begin!
Linux File Permissions
For the everyday home Linux user, there are two branches to Linux permissions: access restrictions and user restrictions.
Access restrictions are pretty straightforward: read, write, and execute. The read permission grants visibility of the file or folder contents, meaning that if you don’t have read permissions, the file or folder contents will not be visible to you. Write grants the ability to modify the file or folder. Execute actually has some common misconceptions. When it comes to files, execute allows you to “run” the file, like if it was a .deb package installation file, or perhaps a bash script. When it comes to folders, execute allows you to cd (change directory) into the folder. While you can use the ls command to view the contents of a folder with read permissions, you cannot actually cd into a folder without execute permissions.
You may not be changing permissions very often. However, for the power user or system administrator, permissions are a vital part of one’s security strategy. Let’s begin!
Basics Of Linux Permissions | Linux Chown
Similar to access restrictions, there are also three types of user restrictions: owner, group, and all/other users. Owner is pretty obvious, it’s whoever owns the file. This can be changed with the Linux chown command. Group pertains to the owner’s group(s). For the typical home user running a preconfigured distro like Ubuntu or Mint, your user account is likely already in several groups by default. If you are the only user on your system then groups may not really be a concern for you. However, let’s take an office setting as an example. Users in Accounting may have their own Accounting group, so if someone from HR wants to view one of Accounting’s files, they will be unable to do so unless they are also in the Accounting group. The last user restriction is all/other users. You could also think of this as “world” permissions, meaning everyone that is neither the owner of the file nor is in the proper group for the file.
The combination of both the access restrictions and the user restrictions gives us the full permissions for any given file or folder. But you may be asking, how do we know which files/folders have what permissions?
How To Check File/Folder Set Permissions?
The best way to check current permissions of any file or folder is via the ls -l command. This lists all of the files in the current working directory (/home/user by default). Upon doing this, you may see several lines of output, each beginning with something like this:
drwxrwxrwx drwxr–r– -r-xr-xr-x
These values are what tell us the permissions for each given file/folder. But if you’re new to this, this probably looks like borderline gibberish, so let’s break this down a bit further. Does this look a bit more readable? You’ll notice that after the d flag at the beginning, there are three groups of rwx. As you can probably guess, rwx means read, write, execute. The three groups are the user restrictions, i.e. owner, group, and all, in that order. The d flag at the beginning indicates whether not the file is a directory (folder).
So with the first listing, the file is a directory, and owner, group, and all have read, write, and execute permissions, i.e. full access. On the second listing, the owner has read, write, execute, but group and all have read only.
How To Change Linux File Or Folder Permissions?
This is done with the chmod (change mode) command. chmod can be used with either numerical or alphabetical values.
Each group of permissions in the above examples has numerical values assigned to them. The read (r) permission has a value of 4, write (w) has a value of 2, and execute (x) has a value of 1, all of which add up to 7. So if we were to view the permissions for the above files based on the numerical values, it would look something like this:
d | 7 | 7 | 6 d | 7 | 4 | 4 – | 5 | 5 | 5
You won’t see this actual output anywhere, but you can change permissions with these numerical values. For example:
chmod 755 [file/folder name]
will grant rwx for owner, r-x for a group, and r-x for all.You can also change permissions alphabetically. Refer to the man pages for chmod or the aforementioned documentation for a more detailed explanation, but instead of using the above numerical values, you can use values like o+w which gives the owner write permissions or g-x which removes execute permissions from the group.
Hopefully, this gives you a general overview of Linux permissions, especially if you’ve never encountered them before. Linux File permissions are a great way to start your Linux exploration. It strengthens the system security and allows you to have more control over your Linux machine.