In this chapter, we’ll cover:
- Understanding file permissions and ownership.
- Viewing permissions with ls -l.
- Changing permissions with chmod.
- Changing ownership with chown.
- Special permissions like setuid, setgid, and the sticky bit.
Permissions control who can read, write, and execute files and directories. Whether you’re protecting sensitive data, sharing files with others, or running scripts, understanding permissions is essential for maintaining security and functionality.
Every file and directory in Linux has three types of permissions:
1. Read (r): Allows viewing the contents of a file or listing the contents of a directory. 2. Write (w): Allows modifying a file or adding/removing files in a directory.
3. Execute (x): Allows running a file as a program or entering a directory.
These permissions are assigned to three categories of users:
1. Owner: The user who owns the file.
2. Group: The group that owns the file.
3. Others: Everyone else.
Use the ls -l command to view permissions:
$ ls -l
-rw-r--r-- 1 user group 4096 Oct 4 12:34 example.txt
drwxr-xr-x 2 user group 4096 Oct 4 12:34 my_folderHere’s how to interpret the output:
- File Type: The first character (- for files, d for directories).
- Permissions: The next 9 characters (e.g., rw-r--r--).
- The first 3 characters: Owner permissions.
The next 3 characters: Group permissions.
- The last 3 characters: Others permissions.
- Owner: The user who owns the file (e.g., user).
- Group: The group that owns the file (e.g., group).
chmodThe chmod command is used to change file permissions. You can use either symbolic or numericmode.
Symbolic mode uses letters to represent users and permissions:
- u: Owner
- g: Group
- o: Others
- a: All (owner, group, and others)
- +: Add a permission - -: Remove a permission
- =: Set permissions explicitly
Examples: - Add execute permission for the owner:$ chmod u+x example.txt - Remove write permission for others: $ chmod o-w example.txt
- Set read and write permissions for the owner and group: $ chmod ug=rw example.txt
Numeric mode uses a three-digit number to represent permissions: - 4: Read (r) - 2: Write (w) - 1: Execute (x)
Add the numbers to set permissions: - 7: Read + Write + Execute (4 + 2 + 1) - 6: Read + Write (4 + 2) - 5: Read + Execute (4 + 1) - 4: Read - 0: No permissions
Examples: - Set read, write, and execute permissions for the owner, and read-only for others:$ chmod 744 example.txt - Set read and write for the owner, and read-only for the group and others: $ chmod 644 example.txt
chownThe chown command is used to change the owner and group of a file or directory.
$ sudo chown new_owner example.txt
$ sudo chown :new_group example.txt$ sudo chown new_owner:new_group example.txtLinux also has special permissions for advanced use cases:
The setuid bit allows a file to be executed with the permissions of its owner, rather than the user running it. This is often used for system programs like passwd.
$ sudo chmod u+s /usr/bin/passwdThe setgid bit ensures that files created in a directory inherit the group ownership of the directory, rather than the user’s default group.
$ sudo chmod g+s /shared_directoryThe sticky bit restricts file deletion in a directory. Only the file owner, directory owner, or root can delete files.
$ sudo chmod +t /shared_directoryAdvanced permission management techniques like Access Control Lists (ACLs) and umask settings provide more granular control over file security. ACLs allow you to set permissions for specific users or groups beyond the standard owner-group-others model, while umask dictates the default permissions for newly created files and directories.
By mastering these techniques, you can ensure proper access control in multi-user environments and establish sensible defaults for your system.
Set fine-grained permissions with ACL:
# Example usage:
$ setfacl -m u:user:rwx file.txtSet default file permissions with umask:
$ umask 022Let’s put your new skills to the test:
1. Use ls -l to view the permissions of files in your home directory.
2. Change the permissions of a file to rw-r--r-- using both symbolic and numeric modes.
3. Change the owner of a file to another user (requires sudo).
4. Set the sticky bit on a directory and test its behavior.
That’s it for Chapter 9! You’ve now learned how to manage file permissions and ownership in Linux. In the next chapter, we’ll dive into processes—understanding and managing running programs. Until then, practice working with permissions to secure and organize your files.