Linux file permissions can be applied to files and directories, and using
ls -l we can quickly get an overview of file properties.
-rw-r--r-- 1 root root 236 Aug 1 2017 install.log
The example shows (from left to right):
- Whether the file is a file or directory (
- for file,
l for link or
d for directory, in this case it is a file therefore
rw-r--r-- Permissions (represented here as a set of three triplets, see below)
1 Number of links or directories inside this directory (1 if a file)
root root Owners (user = root, group = root)
236 File size
Aug 1 2017 Last modified date
install.log File name
Assigning to a user or group
Permissions can be applied to files and directories within the filesystem, and mapped against different categories:
- User (u) - the user that owns the file
- Group (g) - the group that owns the file (the group may contain multiple users)
- Other (o) - users who are not the owner or in the owning group
- All (a) - all users
Users are always members of at least one group, and can be members of many groups. Permissions on a file are mapped, in order, against the first three categories above.
As permissions are set in the format <owning_user><owning_group><everyone_else>, the following is provided for each category:
- Files: Allows a file to be read
- Directories: Allows file names in the directory to be read
- Files: Allows a file to be modified
- Directories: Allows entries to be modified within the directory
- Files: Allows the execution of a file
- Directories: Allows access to contents and metadata for entries
rw- Owner user can read and write
r-- Owner group can read
r-- Everyone else can read
The chmod command is used to set permissions, and can be used in two modes - numeric or symbolic mode. For numeric mode, we use a digit per category, and in symbolic we state the category and then alter the permission.
For example, to set the permission example above to a new file called my.file:
chmod 644 my.file
chmod u+rw, g+r, o+r my.file
Both have the same result.
In a 3 digit binary value, the first value (reading right to left, not left to right) will be 1, followed by 2, then 4 as it doubles each time.
We use binary to set r/w/x on a category:
rwx = 111 = 421 = 4+2+1 = 7
rw- = 110 = 420 = 4+2+0 = 6
r-x = 101 = 401 = 4+0+1 = 5
r-- = 100 = 400 = 4+0+0 = 4
Therefore, we need 644 for encode for owner user, owner group and other respectively.
This is arguably more straightforward, with the syntax (in order of use):
ugoa (user category - user, group, other, all)
+-= (operator - add, subtract or set permissions)
Here we don't have to se the full file state at once, we can add or subtract single permissions one at a time if we need to, and from specific categories.