Linux Permissions
In Linux, file permissions are divided into three areas: permissions for the file’s owner, permissions for the group, and permissions for all other users. The permissions for the owner, group, and other users can be set individually for each file to ensure system security and prevent unauthorized access to sensitive data.
Structure
In Linux, file permissions can be displayed using the ls -l
command.
drwxrwxrwx 3 owner group 4096 Nov 12 13:56 home
The first column of this output provides information about the set rights. This output can be divided into four groups or blocks:
The first block indicates whether the current entry is a file or a directory. If there’s a d at this position, it means that the current entry is a directory. If it’s a file, there will be a – in its place.
The next three blocks define the rights for the owner, the group, and other users. Here, a letter permits a type of access, while a – denies it.
The letters represent the respective functions:
- w = Write access
- r = Read access
- x = Executable
Example
The following permissions are given for the entry test:
-rwxr-x--- michael admin test
Based on the first entry, one can determine whether it’s a file or directory. The – indicates that the “test” entry is a file. The next block for the owner (michael) with the content rwx shows that the owner of the file, in this case, michael, can read (r), edit (w), and execute (x) the file. Following this are permissions for all users in the admin group. Members of this group can read (r) and execute (x) the file but can’t edit it. Finally, permissions for all users who are neither the owner nor belong to the admin group are displayed. This block consists of —, indicating they cannot read, write, or execute the file.
Changing Permissions
Permissions can be changed using various tools. Below, we’ll use the chmod (change Mode) command to modify permissions. Only the root user or the file’s owner can change its permissions.
The command can be used symbolically or numerically. The syntax is as follows:
chmod [options] mode file
Using the chmod -h
command will display the help page for the command.
Symbolic Use
The symbolic use of the command is an easier way to assign permissions, especially if you’ve never worked with the command before or don’t feel confident converting permissions to octal (numeric use). Symbols are used for assigning permissions.
The MODE is composed as follows:
- u = Owner
- g = Group
- o = Others
- a = Apply to all
Operator (Add, Remove, or Set):
- + = Add rights
- – = Remove rights
- = = Set rights
Rights to be modified:
- r = Read rights
- w = Write rights
- x = Execution rights
By combining steps 1 + 2 + 3, the MODE is determined. Here are some examples:
chmod g+w file
Add writing permission for the group.
chmod o-r file
Remove reading permission for other users.
chmod a+x file
Make the file executable for all users. Note: If no block is specified, the permissions apply to all blocks. The command chmod +x file
functions the same as chmod a+x file
.
chmod g=rw file
The group is allowed to read and write the file, but not execute it.
Numeric Use
For numeric use, the desired permission must be converted to an octal number. For this, the technique mentioned above is used, where a letter represents a 1 and a – represents a 0:
The three 3-bit binary values are converted to decimal values:
This results in the number 764, which corresponds to the permission rwxrw-r–. More examples:
chmod 660 file
Owner and group can read and write; other users have no permissions.
chmod 755 file
Owner can read, write, and execute; the group and other users only have reading permissions.
chmod 777 file
All users can read, write, and execute the file.
Although mode 777 solves many permission issues and is therefore frequently used, it’s not recommended for production systems and poses a significant security risk.
0 Comments