Changing file and directory permissions in a Linux system is crucial for controlling access to resources. Properly managing permissions is a fundamental aspect of securing your system and ensuring that files and directories are only accessible to authorized users. This article will guide you through the process of changing permissions using command-line tools in a Linux environment.
How we can view Linux file permissions
ls -l (List Files): We can use this command to display the current permissions of files and directories in a directory. The output will show the file’s permissions, owner, group, file size, modification date, and filename.
[root@ervintest home]# ls -l file1
-rw-r--r-- 1 root root 0 Oct 30 00:59 file1
The first field of the ls -l output is a group of metadata that includes the permissions on each file.
- File type: –
- Permission settings: rw-r–r–
- User owner: root
- Group owner: root
How to read file permissions
The first character ‘-‘ indicates that it’s a regular file. Then first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as “others.” All Linux files belong to an owner and a group.
When permissions and users are represented by letters, that is called symbolic mode. For users, u stands for user owner, g for group owner, and o for others. For permissions, r stands for read, w for write, and x for execute.
When Linux file permissions are represented by numbers, it’s called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:
- r (read): 4
- w (write): 2
- x (execute): 1
In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions.
For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:
- Owner: rwx = 4+2+1 = 7
- Group: r– = 4+0+0 = 4
- Others: r– = 4+0+0 = 4
The results produce the three-digit value 744.
What do these permissions actually do in practice
Read (r)
Read permission is used to access the file’s contents. You can use a tool like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file’s contents to make a duplicate of it.
Write (w)
Write permission allows you to modify or change the contents of a file, also allows you to use the redirect or append operators in the shell (> or >>) to change the contents of a file. Without write permission, changes to the file’s contents are not permitted.
Execute (x)
Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts, Python programs, and a variety of interpreted languages.
How to modify Linux file permissions
We can change permissions by running the chmod command. There are two ways to set permissions using chmod.
- Numeric Mode
- Named Mode
Numeric Mode
Using the numeric mode, you can assign numbers to each permission. For example:
4 = r (read)
2 = w (write)
1 = x (execute)
Then, you would add all three together for each owner to get the full value
[root@ervintest home]# Chmod 644 file1
Named Mode
To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:
[root@ervintest home]# chmod ug+rwx file1
[root@ervintest home]# chmod o+r file1
This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file’s group, chmod o represents other users not in the file’s group. For all users, use chmod a.
Maybe you want to change the user owner itself. You can do that with the chown command. Similarly, the chgrp command can be used to change the group ownership of a file.
Special Permissions
Special permissions, also known as “special modes” or “set permissions,” are additional file permissions in Unix-like operating systems, such as Linux. These permissions add specific functionality or restrict access to certain files and directories.There are three primary special permissions:
1. Set User ID (SUID):
When you set the SUID permission on an executable file, the program executes with the permissions of the file’s owner, not the permissions of the user running the program. This is a common practice for system utilities and programs that require elevated privileges to perform specific tasks.. For example, the passwd program needs to change the password file, which is typically only writable by the superuser (root). Therefore, it has the SUID permission so that it can temporarily escalate its privileges to perform this task.
chmod u+s /path/to/executable-file
2 Set Group ID (SGID):
When the SGID permission is set on an executable file, the program is executed with the permissions of the group owner of the file, rather than the permissions of the user running it. This is commonly used to allow multiple users to collaborate on a project by ensuring that newly created files within a directory inherit the group ownership of that directory.
chmod g+s /path/to/executable-file
3 Sticky Bit:
- Symbolic Representation: T or t
The sticky bit is typically used on directories to ensure that only the owner of a file can delete or rename that file within the directory, even if other users have write permissions on the directory. This is especially important for system directories like /tmp, where many users have write access, and it’s essential to prevent accidental or malicious deletion of files by other users.
chmod +t /path/to/directory