Linux file permissions can be applied to files and directories, and using ls -l
we can quickly get an overview of file properties.
-rw-r--r-- 1 root root 236 Aug 1 2017 install.log
The example shows (from left to right):
1) -
Whether the file is a file or directory (-
for file, l
for link or d
for directory, in this case it is a file therefore -
)
2) rw-r--r--
Permissions (represented here as a set of three triplets, see below)
3) 1
Number of links or directories inside this directory (1 if a file)
4) root root
Owners (user = root, group = root)
5) 236
File size
6) Aug 1 2017
Last modified date
7) install.log
File name
Assigning to a user or group
Permissions can be applied to files and directories within the filesystem, and mapped against different categories:
– User (u) – the user that owns the file
– Group (g) – the group that owns the file (the group may contain multiple users)
– Other (o) – users who are not the owner or in the owning group
– All (a) – all users
Users are always members of at least one group, and can be members of many groups. Permissions on a file are mapped, in order, against the first three categories above.
Reading permissions
As permissions are set in the format <owning_user><owning_group><everyone_else>, the following is provided for each category:
Read (r)
– Files: Allows a file to be read
– Directories: Allows file names in the directory to be read
Write (w)
– Files: Allows a file to be modified
– Directories: Allows entries to be modified within the directory
Execute (x)
– Files: Allows the execution of a file
– Directories: Allows access to contents and metadata for entries
So rw-r--r--
means:
– rw-
Owner user can read and write
– r--
Owner group can read
– r--
Everyone else can read
Setting permissions
The chmod command is used to set permissions, and can be used in two modes – numeric or symbolic mode. For numeric mode, we use a digit per category, and in symbolic we state the category and then alter the permission.
For example, to set the permission example above to a new file called my.file:
– Numeric: chmod 644 my.file
– Symbolic: chmod u+rw, g+r, o+r my.file
Both have the same result.
Numeric
In a 3 digit binary value, the first value (reading right to left, not left to right) will be 1, followed by 2, then 4 as it doubles each time.
We use binary to set r/w/x on a category:
– rwx
= 111 = 421 = 4+2+1 = 7
– rw-
= 110 = 420 = 4+2+0 = 6
– r-x
= 101 = 401 = 4+0+1 = 5
– r--
= 100 = 400 = 4+0+0 = 4
Therefore, we need 644 for encode for owner user, owner group and other respectively.
Symbolic
This is arguably more straightforward, with the syntax (in order of use):
– ugoa
(user category – user, group, other, all)
– +-=
(operator – add, subtract or set permissions)
– rwx
(permissions)
Here we don’t have to se the full file state at once, we can add or subtract single permissions one at a time if we need to, and from specific categories.