Linux file permissions can be applied to files and directories, and using ls -l
we can quickly get an overview of file properties.
-rw-r--r-- 1 root root 236 Aug 1 2017 install.log
The example shows (from left to right):
1) -
Whether the file is a file or directory (-
for file, l
for link or d
for directory, in this case it is a file therefore -
)
2) rw-r--r--
Permissions (represented here as a set of three triplets, see below)
3) 1
Number of links or directories inside this directory (1 if a file)
4) root root
Owners (user = root, group = root)
5) 236
File size
6) Aug 1 2017
Last modified date
7) install.log
File name
Assigning to a user or group
Permissions can be applied to files and directories within the filesystem, and mapped against different categories:
- User (u) - the user that owns the file
- Group (g) - the group that owns the file (the group may contain multiple users)
- Other (o) - users who are not the owner or in the owning group
- All (a) - all users
Users are always members of at least one group, and can be members of many groups. Permissions on a file are mapped, in order, against the first three categories above.
Reading permissions
As permissions are set in the format <owning_user><owning_group><everyone_else>, the following is provided for each category:
Read (r)
- Files: Allows a file to be read
- Directories: Allows file names in the directory to be read
Write (w)
- Files: Allows a file to be modified
- Directories: Allows entries to be modified within the directory
Execute (x)
- Files: Allows the execution of a file
- Directories: Allows access to contents and metadata for entries
So rw-r--r--
means:
- rw-
Owner user can read and write
- r--
Owner group can read
- r--
Everyone else can read
Setting permissions
The chmod command is used to set permissions, and can be used in two modes - numeric or symbolic mode. For numeric mode, we use a digit per category, and in symbolic we state the category and then alter the permission.
For example, to set the permission example above to a new file called my.file:
- Numeric: chmod 644 my.file
- Symbolic: chmod u+rw, g+r, o+r my.file
Both have the same result.
Numeric
In a 3 digit binary value, the first value (reading right to left, not left to right) will be 1, followed by 2, then 4 as it doubles each time.
We use binary to set r/w/x on a category:
- rwx
= 111 = 421 = 4+2+1 = 7
- rw-
= 110 = 420 = 4+2+0 = 6
- r-x
= 101 = 401 = 4+0+1 = 5
- r--
= 100 = 400 = 4+0+0 = 4
Therefore, we need 644 for encode for owner user, owner group and other respectively.
Symbolic
This is arguably more straightforward, with the syntax (in order of use):
- ugoa
(user category - user, group, other, all)
- +-=
(operator - add, subtract or set permissions)
- rwx
(permissions)
Here we don't have to se the full file state at once, we can add or subtract single permissions one at a time if we need to, and from specific categories.