DEV Community

K-Sato
K-Sato

Posted on • Updated on

Understanding Linux Permissions

Table of contents

Introduction

The multi-user capability of Unix-like systems is a feature that is deeply ingrained into the design of the operating system.

File Permissions

On a Linux system, each file and directory is assigned access rights for the owner of the file.

You can check the permission settings with ls -l.

$ ls -l 
drwxr-xr-x. 13 root  root  1027 Jan  3 12:32 bin/cat
Enter fullscreen mode Exit fullscreen mode

Let's explore what drwxr-xr-x. 13 root root 1077 Jan 3 12:32 bin/cat means one by one.

Command Meaning
d File Type
rwxr-xr-x. File Mode
13 Number of links
root The owner of the file
root The group the file belongs to
1027 Size of the file
Jan 3 12:32 Time Stamp
bin/cat The name of the file/directory

File Type

Command File Type
- File
d Directory
l Symbolic Link

File Mode

The r letter means the user has permission to read the file/directory. The w letter means the user has permission to write the file/directory. And the x letter means the user has permission to execute the file/directory.

Command Meaning
r read
w write
x execute
- not allowed

Let's take a look at the 9 letters in the command.
The first 3 letters show the permissions for the file owner, the second 3 letters show the permissions for the group owner and the last 3 letters show the permissions for other users.

rwx/ r-x/ r-x/

Owner: rwx
Group: r-x
Users: r-x
Enter fullscreen mode Exit fullscreen mode

Change File Modes

The chmod command is used to change the permissions of a file or directory.

Octal Mode

Each permission may be specified with an octal number: read = 4; write = 2; execute = 1; no permission = 0.

Meaning  Number
read(r) 4
write(w) 2
execute(x) 1

Example

The command below means giving permissions to read(4), write(2) and execute(1) to the owner and permissions to read(4) and execute(1) to the group user and permissions to read(4) to other users.

chmod 754 myfile
Enter fullscreen mode Exit fullscreen mode

Symbolic Mode

The below is the basic syntax of chmod.

% chmod who operator permission filename
Enter fullscreen mode Exit fullscreen mode

You can use the following commands to change modes.

Command Meaning
u(user) user access
g(group) group access
o(other) other access
a(all) user, group, and other access
Command Meaning
+ add specified permissions
- remove specified permissions
= set the specified permissions

Example

In the following example, read permission are taken away from others.

% chmod o-r filea
Enter fullscreen mode Exit fullscreen mode

In the following example, read and execute permissions are added for user, group, and others.

$ chmod a+rx fileb
Enter fullscreen mode Exit fullscreen mode

In the following example, read, write, and execute permissions are assigned to the group.

$ chmod g=rwx filec
Enter fullscreen mode Exit fullscreen mode

References

Top comments (62)

Collapse
 
david_j_eddy profile image
David J Eddy

When it comes to Linux I make it a point to read even intro level articles like this one. Why? 'cause I am constantly learning new things, like I did here.

Thank you for this. Keep up the good posting!

Collapse
 
k_penguin_sato profile image
K-Sato

Thank you for your kind words!

Collapse
 
ferricoxide profile image
Thomas H Jones II

If you really want to get into powerful permissioning systems, take a look at extended filesystem access control lists (via the setfacl and getfacl utilities), extended attributes (xattrs managed via the chattr and lsattr commands) and, the ultimate cause of headaches, SELinux.

If you're running an Internet-facing system, these are all security-extensions that you want to be reasonably well versed in.

Collapse
 
aghost7 profile image
Jonathan Boudreau

There's also suid/sgid permissions. Normally, when you execute a program, it will run as the user which called it. suid will instead run the program as the owner of the file. For example, if you are logged in as user developer and try to execute a suid program owned by root, it will execute as root instead of developer.

su, sudo, passwd rely on suid to work.

Collapse
 
ferricoxide profile image
Thomas H Jones II

The extension to suid-/sgid-enabled operations being that, when you run auditing services on a system, actions are logged both by actual executing-user and effective executing user.

Collapse
 
gambinozeyda profile image
GambinoZeyda

Buca escort, bulmak için Buca Eskort adresine gir buca bayan eskort, escort, buca escortlar, buca escort kızlar seninle.
buca escort escort buca

Collapse
 
daisp profile image
Danny Priymak • Edited

This article did not introduce anything brand new to me, but nonetheless very concise and well written!
Thank you for sharing.

Collapse
 
k_penguin_sato profile image
K-Sato

Thank you for taking the time to read it!!

Collapse
 
victoriyaalmeida profile image
Victoria Almeida

what matters the most is the frequency in terms of reviews from several online platform like irelandessay. It is essential that other platforms from same IP may cause some unpleasant affects and you wish not to experience of ugly situation for that regard

Collapse
 
djassam profile image
Mike Boro

This concise guide on Linux permissions provides essential insights for users. Demystifying the intricacies, it empowers individuals to navigate and control their system effectively. A valuable resource for anyone seeking clarity on the nuanced world of Linux permissions. TC Lottery MOD APK

Collapse
 
arunschirps profile image
Arun

From what I know, I guess you can forgo "a" in the "a+rx".

Collapse
 
k_penguin_sato profile image
K-Sato

Thank you for sharing your knowledge:)!

Collapse
 
tomcrui65197048 profile image
Tom Cruise

Thank you very much for your post; I fixed it. I also hope you continue to write great posts and that we can continue the conversation; Thank you very much, dear. io games wordle website

Collapse
 
phuongle22 profile image
Phuong Le • Edited

After reading this article, I also have a better understanding of Linux permissions. This is a great article and I'm looking into some more Linux articles. wordle game free Wordle

Collapse
 
djassam profile image
Mike Boro

This post offers a concise breakdown of Linux permissions, providing a clear understanding of file access rights, including file types, modes, and commands like chmod. It's a helpful resource for navigating and managing files on Unix-like systems.
Pokedoku

Collapse
 
owennnn profile image
Owennnn

I really loved reading your blog. It was very well authored and easy to understand. Unlike additional blogs I have read which are really not that good. I also found your posts very interesting. In fact after reading, I had to go show it to my friend and he enjoyed it as well! gamma.app/public/Divine-Dialogue-R...
메이저토토추천

Collapse
 
andyyyy profile image
Andyyyy

In the wake of perusing your article I was stunned. I realize that you clarify it exceptionally well. What's more, I trust that different perusers will likewise encounter
메이저놀이터순위

Collapse
 
owennnn profile image
Owennnn

메이저놀이터Your writing very well and provide a lot of useful information. But if you tap water more than half as compared to another article, I would definitely be great

Collapse
 
andyyyy profile image
Andyyyy

mph club® offers a wide variety of exotic car rentals in Miami ready to be driven around the beautiful sea side. Other services that we offer include chauffeur service for major events, business trips, or exciting vacation. Drive the cars you see in these pictures today 
먹튀검증업체

Collapse
 
andyyyy profile image
Andyyyy

Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work
สล็อตออนไลน์

Collapse
 
owennnn profile image
Owennnn

토토사이트There is so much in this article that I would never have thought of on my own.  Your content gives readers things to think about in an interesting way.  Thank you for your clear information.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.