×

Search anything:

Linux file permissions (chmod)

Binary Tree book by OpenGenus

Open-Source Internship opportunity by OpenGenus for programmers. Apply now.

Linux is a multiuser operating system however this raises security issues, in this article we cover users, permissions, and changing permissions.

Table of contents.

  1. Introduction.
  2. Classes of users.
  3. Permissions.
  4. Changing file permissions.
  5. Changing file permissions(numeric).
  6. Changing file and group ownership.
  7. Special permissions.
  8. Summary.
  9. References.

Introduction.

Just like the UNIX operating system, linux is a multi-user operating system, that is, it can be accessed and used by multiple users concurrently and hence the the wide use in mainframes and servers.

However, this access brings about security concerns in that a malicious user can change, corrupt or delete crucial files holding important data.
To handle this concern unix introduced file permissions which specify how much power each user has over any given file or directory.

Classes of users.

Owners: This is the owner of the file, might or might not be the creator of it.
Group: This is the group to which the owner belongs to.
Others: This is everyone else who has access to the system.

Permissions.

Read: This involves reading, opening, viewing or copying a file.
Write: This will involve writing, changing, deleting or saving a file.
Execute: This involves execution or invoking of a file.

To view file permissions we execute the following command.

ls -lah

We can also write,

ls -l

The output is as follows.

-rwxr-xr-x 3 user group1  935 May 28  2021  zrsv.exe
drwxr-xr-x 2 user group2   74 Jan 16 12:42  dir0
-rwxr-xr-x 5 user group3 1.6K Jul 21  2018  file7.sh
drwxr-xr-x 1 user group1   55 Nov  3  12:42  directory1
-rw-r--r-- 1 user group1  13K Jun  5  2021  fileXYZ.docx

Directories are indicated by d and other regular files are represented by -.
r, w, x represent read, write and execute permissions respectively.

The first left column(drwxr-xr-x) is grouped into three parts, these represent the different levels of ownership(classes of users) namely the owners, groups and others respectively.

Changing file permissions.

In linux chmod command is used for changing file permissions.
The syntax is as follows;

chmod [options] permission filename/directory

Only the owner of a file is allowed to change its permissions.
Therefore to change the permissions, we can use the u to change permissions for the owner, g to change permissions for the group, o for others and a for changing all classes of users.

These characters are accompanied by either + or - used for either adding or subtracting the read, write or execute permissions.

An example

Given a file with the following permissions,

-rw-r--r-- 1 user group1  13K Jun  5  2021  fileXYZ.docx

We can add execute permissions for all classes of user by writing the following,

sudo chmod a+x fileXYZ.docx

Conversely we can remove all execute permissions by writing,

sudo chmod a-x fileXYZ.docx

To add the execute permission for others we write,

sudo chmod o+x fileXYZ.docx

We can also specify multiple classes as follows,

sudo chmod uo+x fileXYZ.docx

The command will add execute permissions for both owners(users) and others.

We can also use the = sign to explicitly assign permissions to user groups as follows.

sudo chmod uo=x directory1

The above command adds execute permissions to directory1 directory.

Changing file permissions(numeric).

We can also use number representations to change file permissions.
The syntax is as follows;

chmod [options] numericPermission filename

For the numericPermission part we can either use a 3 or 4-digit numerical value. When using 3-digit values, they represent the file owner, file group and other users respectively.

The permissions have the following values;
read (r): = 4.
write (w): = 2.
execute (x): = 1.

Permissions numeric value for a user class are represented by the sum of values of the permissions of the group.

An example
Assuming we want to give a file the following permissions,

-rwx-rx--r-- 1 user group1  13K Jun  5  2021  fileXYZ.docx

We can write,

sudo chmod 754 fileXYZ.docx

That is,
Owner: rwx = 4 + 2 + 1 = 7.
Group: rx = 4 + 0 + 1 = 5.
Others: r = 4 + 0 + 0 = 4

To check file a file permissions in a numeric form we write,

stat -c "%a% filename

These possible numeric values can be summarized as follows,
7: read, write and execute permissions
6: read and write permissions
5: read and execute permissions
4: read permissions.

Changing file and group ownership.

We can also change a file ownership, this action however can only be performed by a sudoer - sudo user.

We use the chown for changing file ownership and chgrp for changing group ownership.

Given a file as follows,

-rwx-rx--r-- 1 user1 group1  13K Jun  5  2021  fileXYZ.docx

We can change the user who owns it by writing.

sudo chown user2 fileXYZ.docx

We can also change the group it belongs to by writing.

sudo chgrp group2 fileXYZ.docx

Note that both users and groups we intend to give ownership to must exist.

Special permissions.

These include,
- - as can be seen from the output from ls -l command, they specify nothing.
d - specify a directory, refer from the permissions section.
l - specifies the file or directory as a symbolic link.
s - Specifies setuid/setgid permissions.
t - Specify sticky bit permissions.

Setuid/Setgid permissions.

These permissions are used to inform the system to run executables as the owner with the owners permission.

An example

sudo chmod +t directory1

The above command sets the setuid/setgid bit on file1.sh

Sticky bit permissions.

When assigned to the permissions on a directory, it is set so that only the file owner can rename a file. This is very useful especially in a shared environment.

An example

sudo chmod +t directory1

The above command sets the sticky bit on directory1.

Summary.

Implementing file permissions finds its applications in many areas such as securing configuration files from being changed, preventing execution of executables by certain users and much more.

Think of file permissions as keys, once you give a key for access to the whole house, then you cannot prevent the guest from accessing rooms you don't want accessed, in technical terms, once you assign permissions for the whole directory, you may also need to secure files or subdirectories which need not be accessed.

References.

  1. You can execute the 'command --help' in a linux system.
Linux file permissions (chmod)
Share this