Linux - Basic File and Directory Permission/Ownership

Subscribe to my newsletter and never miss my upcoming articles

Linux is a multi-user operating system, which can be accessed by many users simultaneously. Linux OS is widely using in computers, embedded systems, and also virtually all supercomputers, and has secured a place in server installations such as the popular LAMP (LINUX, APACHE, MySQL, PHP) application stack. This fact can raise security concerns because any malicious user can corrupt, change, or remove data. To keep effective security, Linux divides authorization into two levels:

  • Ownership
  • Permission


Join me in this blog to learn more about the basics of permission and ownership in Linux OS, before dive in, this blog assumed that you are familiar with the basics of the Linux command line.


Overview

  1. Basic commands
    • chmod
    • su
    • sudo
    • chown
    • chrgp
  2. Ownership
    • User
    • Group
    • Other
  3. Permission
    • Basic Linux file permission
    • Chmod with permissions bits and shorthand notations
    • Remove permissions
    • List file permissions
    • Reset all file permission (especially case)
    • Change the ownership with chown
  4. Conclusion


  1. Basic commands

    One of the most powerful Linux OS characteristics is it can be accessed locally or remotely (this makes Linux a favorite OS to group projects for developers to learn more here). For such reason and more, we must set permissions and ownership for files/directories, to enable specific users to access data, In order to protect delicate information and interdicts unwanted changes to happen. For this purpose, Linux OS has its own command line and tools.

    • chmod

      This command allows us to change files or directories permissions. To use it, we specify the desired permission settings and the file or files that we wish to modify.

    • su

      This command enables us to have privileges to perform some number of tasks.

    • sudo

      This is the main command to execute tasks as the superuser, to use it we precede the desired command with the sudo one. After the command is entered, the user is prompted for the own password rather than the superuser's

    • chown

      This command allows us to change the owner of a file and directory. Notice that you must have superuser privileges or sudo user privileges.

    • chrgp

      This command allows us to change the group ownership of a file or directory. Notice we have to be the owner of the file or directory to execute successfully this command. The purpose here is instead of giving each user access permission, we create a group of users and we give them one and only access permission.

  2. Ownership

    In Linux OS, every file and directory is assigned to 3 types of owners: user, group, and other. Let's check these types below.

    • User

      By default, the person who created a file becomes its owner. Therefore, a user is called sometimes an owner too.

    • Group

      A group can contain several users, and all these users have access permission to a given file or directory. The purpose here is instead of giving access permission for each user we create a group and give them access permission only once.

    • Other

      Basically, it means everybody else other than the owner or the group of owners of a file or directory.

      To be able to distinguish between these three types of users, Linux OS set in permissions that define user behavior, in order to define what user "X" can do and can not do.

  3. Permission

    First, let's see in action how we can distinguish and read the user's permissions.

    I had present and explain the basic Linux commands line, where "ls" is a command to list the directory's subdirectories and files. Hence, in order to go further and display in details more information, we can use the option called "-l", preceded with the "ls" command, check the output below:

    
    moez@moez:~/Moez$ ls -l
    total 8
    drwxr-xr-x 2 root root 4096 Nov 29 08:00 bar
    -rw-r--r-- 1 root root    0 Nov 29 08:01 file1.txt
    -rw-r--r-- 1 root root    0 Nov 29 08:01 file2.txt
    drwxr-xr-x 2 root root 4096 Nov 29 08:00 foo
    

    Let's break this output:

    
    moez@moez:~/Moez$ ls -l
    total 8
     d      (rw-)         (r--)      (r--) 2 root root 4096 Nov 29 08:00 bar
     |        |             |          |
    type    owner         group       other
    

    To understand the output above, let's say that in addition of displaying the filename/directory name with the -l option the "ls" will displays: the file type, access permissions, number of hard links, owner and group name, size in bytes, and timestamp (the timestamp presented is that of the last modification of the file/directory).

    • Basic Linux file permission

      Every owner has its owner permissions, there are 3 types:

      read: read permission gives the authority to open and read files, and list directory's content.

      write: write permission gives the authority to modify the contents of a file, and gives the authority to add, remove and rename files stored in the directory.

      execute: In Linux OS, execute permission gives the authority to run a program, otherwise you can just read and write.

      Notice: in "rw-", the "-" means there is no permission.

    • Chmod with permissions bits and shorthand notations
      1. bits

        When we set a “Read” permission, it adds 4-bit to the data, making it “100” (in binary format) and a “4” in the usual decimal format. Setting a “Write” permission will add 2-bit to the data, making it “010” and “2” in decimal form. Lastly, setting an “Execute” permission adds 1-bit to the data, which will result in “001,” and “1” in decimal form.

        The command line syntax is like below:

        
        moez@moez:~ chmod permissions filename
        

        The example below show that we set the previleges of readinf=g, writing, and executing permissions to the "owner" and the " group", for "other" we set only the "read" permission of a given file:

        
        moez@moez:~ chmod 774 filename
        
      2. shorthand notations

        There is another way to set permission for user, group, and other. Below the meaning of each shorthand:

        Owner:
        shorthand indentity
        u owner
        g group
        o other
        a everybody (owner + group + other)
        permission:
        shorthand permission
        r read
        w write
        x execute
        example:
        
        moez@moez:~ chmod u+x file1.txt
        

        Notice: the "+" is meant to add/chnage permissions.

    • Remove permissions

      As discussed above we can add or change permissions, also we can remove permissions. The table below represent add, remove, and set the only permission

      symbol action
      + add permission
      - remove permission
      = make it the only permission

      Let's take some examples:

      
      moez@moez:~ chmod g-x filename
      

      The example above shows how removing execute permission from the group.

      
      moez@moez:~ chmod o-rwx filename
      

      The example above shows how removing all permission from the other.

      
      moez@moez:~ chmod g=rx filename
      

      The example above shows how allow only the group to read and execute permissions but not the write one.

    • List file permission

      
      moez@moez:~/Moez$ stat -c "%a %n" *
      755 bar
      644 file1.txt
      644 file2.txt
      755 foo
      

      Notice: the "*" option is meant to list permissions for all the directory.

      We can also specify the path of a given file/directory in order to list its permissions.

    • Reset all file permission

      To set all permissions to the defaults ones, we can ran the command below:

      
      moez@moez:~/Moez$ rpm -a --setperms
      
    • Change the ownership with chown

      The "shown" command allows us to change the owner and/or the group of a file/directory, to execute this command we use the syntax below:

      
      moez@moez:~ chown owner:group   file/directory name
      

      In the example above, we changed the owner and the group.

      
      moez@moez:~ chown owner   file/directory name
      

      In the example above, we changed only the owner.

      
      moez@moez:~ chown :group   file/directory name
      

      In the example above, we changed only the group.

  4. Conclusion

    Files and directories' permissions and ownership are a must known task for every developer, the above article is just a nutshell from the DevOps field, so don't stop here and continue to dive into it.

    Finally, I hope that my blog help you to know more about permissions and ownership and Linux OS.

No Comments Yet