DEV Community

Cover image for Sys-Admin for Web Devs (File Permissions)
Angus Allman
Angus Allman

Posted on • Updated on • Originally published at angusallman.com

Sys-Admin for Web Devs (File Permissions)

Sysadmin can be a tough nut to crack

It's something that we all come across at one point or another so I thought why not try to de-mystify the basics a little bit.

Fundamentals

When it comes down to it, all files and directories on a server have a few things in common:

  • They belong to a user
  • They belong to a group
  • They have access permissions

There are 3 types of permission which a user can have for a file/directory.

  • Read - The file can be read
  • Write - The file can be written to
  • Execute - The user can execute the file

There are also 3 different groups of users in terms of their relationship to the file.

  • The owner of the file
  • The group of users who can access the file
  • The rest of the world

 What this actually means

Typing ls -la in almost any directory will show you all of this information. It will look something like this:

-rwxrwx--- 2 admin dev-team 4096 Apr 23 06:22 file-for-my-group
drwx------ 2 admin admin    4096 Apr 23 06:21 my-private-files
drwxrwxr-x 2 admin admin    4096 Apr 23 06:21 public-files
Enter fullscreen mode Exit fullscreen mode

I've set up this example to show file/directory permissions and users/groups.

That long sequence of letters breaks down the permissions which each user has for (in this case) that directory.

This breaks down into 4 groups of file permissions. As an example, let's take a look at the permissions of the public-files directory and break it down:

drwxrwxr-x

  • d shows that the file is a directory (a normal file will just have a dash in this first spot)
  • The following 3 letters (rwx) shows that the user who owns the file can read from, write to, and execute the file
  • The second set of 3 letters (again rwx) shows that all users in the same group as the file can read from, write to, and execute the file
  • The final 3 characters (r-x) shows that all other users (those who aren't the owner or in the group) can only read from and execute that file.

In short, it looks like:

File Permissions Breakdown Diagram

Changing Permissions

Now that we know how the server knows what we can and can't access, let's look at changing it.

Remember the example from before?

-rwxrwx--- 2 admin dev-team 4096 Apr 23 06:22 file-for-my-group
drwx------ 2 admin admin    4096 Apr 23 06:21 my-private-files
drwxrwxr-x 2 admin admin    4096 Apr 23 06:21 public-files
Enter fullscreen mode Exit fullscreen mode

Let's say that I now want anyone who's not in the correct group to access the file-for-my-group document. At the moment, you can see that people outside of the group cannot read, write, or execute this file, but I now want to allow anyone to be able to read it.

I would use the chmod command to do this. This command takes several arguments which looks as follows:

chmod [options] [permission] [file to change]
Enter fullscreen mode Exit fullscreen mode

By permission I mean a sequence of 3 numbers which denotes the access levels and the information that we've been through above. We make this code by assigning each of the different permissions (read, write and execute) a number

  • read - 4
  • write - 2
  • execute - 1

If I want to read, write and execute the file, the number used will be7
(4 + 2 + 1). If I only want to allow reading and execution, the number will be 5 (4 + 1) and, logically, if I don't want to allow any of the above the number will be 0.

Knowing this, we can now assemble the three numbers we need in order to denote these new permissions. If I want the owner to have full access (7), the group to have full access (7) and the rest of the world to only have read access (4) then the number will be 774.

To use this in the case of the chmod command it will look like this:

chmod 774 file-for-my-group
Enter fullscreen mode Exit fullscreen mode

Conclusion

And there we have it! A brief rundown of how server permissions work on Linux systems. There is much more depth to go into (security risks, making entire directories inaccessible, and changing the permissions of an entire directory of files etc.) but this was just meant to be an introduction to get you up and running with Linux and how its files work. Any questions or comments at all leave them down below!

Top comments (0)