Unix/Linux file permission
Linux file systems allow to assign permissions to files for certain users and user groups.
This way, you can restrict or allow access to a particular user to a file for viewing content, modification and/or execute.
Permissions on Linux are managed in three distinct scopes or classes.
These scopes are:
- Owner of the file or directory.
- Group to which the file belongs.
- Users who are not the owner of the file or members of the group.
Effective permissions applied to a particular user in relation to a file are determined in a logical order of precedence.
The user who owns the file will have the effective permissions given to the user class, regardless of the class assigned to the group or class of others.
Each file or directory has three basic permission types:
- 1. read
- The Read permission refers to a user's capability to read the contents of the file.
For directories, this means permission to list the contents of the directory.
- 2. write
- The Write permissions refer to a user's capability to write or modify file.
For directories, this means permission to create and remove files in the directory.
- 3. execute
- The Execute permission affects a user's capability to execute file.
For directories, this means permission to access files in the directory.
Checking the permissions
You can check the permissions of file
by reviewing the output of the
-rwxrwxrwx 1 owner group 4096 Sep 14 19:38 fileName
Let see what this means:
- File Permissions Section:
- The first character indicates the type of the file.
When the first character is "-" it's indicates that it is regular file.
- The first set of three characters (rwx) denotes the Read, Write and Execute permissions for the owner of the file.
- The second set of three characters (rwx) denotes the Read, Write and Execute permissions for the members of the group owing the file.
- The third set of three characters (rwx) denotes the Read, Write and Execute permissions for all other users.
- Number of hard links to the file.
- Owner and Group information assigned with the file.
- Size of the file in bytes.
- Last modified date.
- The name of the file
chmod command can set permissions using octal numbers.
Using numbers is method which allows you to edit the permissions for all class at the same time.
This basic structure of the command is this:
chmod xxx file/directory
Where xxx is at last 3 digit number where each digit can be anything from 0 to 7.
- The first digit applies to permissions for owner.
- The second digit applies to permissions for group.
- And the third digit applies to permissions for others.
The following table describes what permissions are represented by any number.
chmod 644 file.txt
- Allow read and write owner, and only reading to the the group and other.
chmod 755 file.txt
- Provides full access to the owner, and set the group and other with just read and execute.
chmod 750 file.txt
- Allow read, write and execute to owner. read and execute to group, and no access at all to other.
Linux employ three additional modes. These are actually attributes, but are referred to as permissions or modes. These special modes are for a file or directory overall, not by a class.
Setting special modes with
chmod command using octal numbers require four digits:
- First digit is the number of mode to set: setuid, setgid, or sticky bit.
- Each remain digit set permission for the owner, group, and others as mention above.
- The set user ID, setuid mode
- When a file with setuid is executed, the resulting process will assume the effective user ID given to the owner class.
This enables users to be treated temporarily as root (or another user).
- The set group ID, setgid permission
- When a file with setgid is executed, the resulting process will assume the group ID given to the group class.
When setgid is applied to a directory, new files and directories created under that directory will inherit their group from that directory.
- The sticky mode
- For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory.
For regular files on some older systems, the bit saves the program's text image on the swap device so it will load more quickly when run; this is called the sticky bit.
The Linux kernel ignores the sticky bit on files.