Unix/Linux file permission

Linux file systems allow to assign permissions to files for certain users and user groups.
This way, you can restrict or allow access to a particular user to a file for viewing content, modification and/or execute.

Permissions on Linux are managed in three distinct scopes or classes.
These scopes are:

Owner of the file or directory.
Group to which the file belongs.
Users who are not the owner of the file or members of the group.

Effective permissions applied to a particular user in relation to a file are determined in a logical order of precedence.
For example:

The user who owns the file will have the effective permissions given to the user class, regardless of the class assigned to the group or class of others.

Each file or directory has three basic permission types:
1. read
The Read permission refers to a user's capability to read the contents of the file.
For directories, this means permission to list the contents of the directory.
2. write
The Write permissions refer to a user's capability to write or modify file.
For directories, this means permission to create and remove files in the directory.
3. execute
The Execute permission affects a user's capability to execute file.
For directories, this means permission to access files in the directory.

Checking the permissions

You can check the permissions of file by reviewing the output of the ls -l command.
The permission displayed as:
-rwxrwxrwx 1 owner group 4096 Sep 14 19:38 fileName
Let see what this means:

Octal Mode

chmod command can set permissions using octal numbers.
Using numbers is method which allows you to edit the permissions for all class at the same time.
This basic structure of the command is this:

chmod xxx file/directory
Where xxx is at last 3 digit number where each digit can be anything from 0 to 7.

The following table describes what permissions are represented by any number.


For example:

chmod 644 file.txt
Allow read and write owner, and only reading to the the group and other.
chmod 755 file.txt
Provides full access to the owner, and set the group and other with just read and execute.
chmod 750 file.txt
Allow read, write and execute to owner. read and execute to group, and no access at all to other.

Additional Permissions

Linux employ three additional modes. These are actually attributes, but are referred to as permissions or modes. These special modes are for a file or directory overall, not by a class.

Setting special modes with chmod command using octal numbers require four digits:

Special Modes

The set user ID, setuid mode
When a file with setuid is executed, the resulting process will assume the effective user ID given to the owner class.
This enables users to be treated temporarily as root (or another user).
The set group ID, setgid permission
When a file with setgid is executed, the resulting process will assume the group ID given to the group class.
When setgid is applied to a directory, new files and directories created under that directory will inherit their group from that directory.
The sticky mode
For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory.
For regular files on some older systems, the bit saves the program's text image on the swap device so it will load more quickly when run; this is called the sticky bit.
The Linux kernel ignores the sticky bit on files.