Home Linux Linux File Permissions Explained

Linux File Permissions Explained

Linux February 24, 2024 0 Comment

Linux File Permissions

File permissions are a fundamental aspect of Linux system security. They control user access to files and directories, ensuring that only authorized users can interact with them. Mastering permissions is essential for Linux administrators and power users to properly secure their systems.

This comprehensive guide explains Linux file permissions in detail. It covers permission types, viewing and modifying permissions, special permissions, and practical examples. Follow along to gain a solid understanding of this critical component of Linux.

File Ownership and Groups

In Linux, every file and directory has an associated owner and group. The owner is generally the Linux user that originally created the file or folder. The group can contain multiple users who share common permissions to that resource. There are three categories of users that relate to file permissions:

Owner

The owner is the Linux user that created the file or directory. By default, owners have full read, write, and execute permissions to resources they create. Owners can modify permissions on resources they own.

Group

The group contains one or more Linux users that require common access to files and folders. For example, members of the accounting group may need access to files in the /var/accounting directory. Groups make managing shared access simpler compared to setting permissions for many individual users.

Others

This refers to all other Linux users on the system besides the owner and members of the resource’s group. Permissions for others are commonly restricted to prevent unauthorized access.

Permission Types

There are three basic permission types in Linux:

Read Permission

The read permission, denoted by r, allows a user to view a file’s contents or list files inside a directory. Reading files allows users to access data. Reading directories allow the contents to be listed.

Write Permission

The written permission, denoted by w, allows a user to modify the contents of a file or add/remove files inside a directory. Writing to files allows data to be edited or overwritten. Writing to directories allows files and subfolders to be added, removed, or renamed.

Execute Permission

The execute permission, denoted by x, allows a user to execute a file or change into a directory. Executing a file runs a script or binary. Executing a directory permits a user to traverse into that folder using the cd command.

Viewing File Permissions

To view the permissions of a file or folder in Linux, the ls -l command can be used. This long listing format contains a symbolic representation of the permissions for each resource.

Here is an example long listing:

-rwxr-xr-- 1 meilana staff 4096 Feb 12 09:32 file.txt

This breaks down as follows:

  • The first character indicates the file type. A dash - denotes a regular file.
  • The following three triplets represent the permissions for the file’s owner, group, and other users.
  • Next is the number of hard links pointing to this file.
  • Then the owner name john and group staff are shown.
  • Finally, the file size, modification date, and name are given.

Focusing on the permission triplets, the symbolic values map to:

  • r = read permission
  • w = write permission
  • x = execute permission
  • - = no permission

So in the earlier example, the permissions break down as:

  • Owner (meilana): read, write, and execute
  • Group (staff): read and execute only
  • Others: read and execute only

The output of ls -l provides a quick overview of the permissions for files and folders. To investigate further, additional commands like stat and namei -l can be used.

Changing File Permissions

The most common command for modifying permissions is chmod. It can be used in two ways:

Symbolic Method

Use letters to explicitly set permissions for the owner, group, and others:

chmod u=rw,g=r,o= file.txt
  • u = owner
  • g = group
  • o = others

Numeric Method

Use numeric values to set permissions according to a calculation:

chmod 644 file.txt
  • Read = 4
  • Write = 2
  • Execute = 1

The three digits set owner, group, and other permissions respectively.

Special Permissions

Beyond the standard read, write, and execute permissions, Linux has special permission flags that provide additional security controls.

SetUID

The SetUID permission allows an executable file to run with the permissions of its owner rather than the user executing it. This often allows regular users to perform tasks requiring root access.

To illustrate, consider a SetUID root binary that restarts a system daemon. Any user can run this binary to restart the service, even though only root would normally have permission. SetUID is set by:

chmod u+s file

When applied to an executable, an s appears in that position instead of x. For example:

-rwsr-xr-x

This shows the binary has SetUID set. The executing user receives the file owner’s permissions.

SetUID requires caution as it allows programs to exceed a user’s permissions. If the binary is compromised, it poses a significant risk.

SetGID

SetGID is the group equivalent of SetUID. It allows a file to run with the group permissions of its owner.

SetGID is configured similarly:

chmod g+s file

When set on a directory, SetGID causes new files created within to inherit the directory’s group ownership. This is useful for shared directories like /var/account. As with SetUID, use SetGID judiciously to avoid unintended privilege escalations.

Sticky Bit

The sticky bit protects files from accidental deletion within shared directories. When set on a folder, it allows only the file’s owner, directory owner, or root to remove or rename files. Without the sticky bit, any user with write access can delete or move files.

To set the sticky bit on a shared directory:

chmod +t directory

Practical Examples

Here are some common examples of using chmod in practice:

chmod 755 script.sh (Owner rwx, Group/Others rx)
chmod 644 file.txt (Owner rw, Group/Others r)  
chmod +t directory (Set sticky bit on directory)

Conclusion

Understanding and properly setting file permissions is critical for security on Linux systems. Following best practices, like the principle of least privilege, ensures users only have the necessary access. Mastering chmod and decoding ls -l output gives you control over access.

Marshall https://linuxtips.us
Marshall Anthony is a professional Linux DevOps writer with a passion for technology and innovation. With over 8 years of experience in the industry, he has become a go-to expert for anyone looking to learn more about Linux.

Related Posts

How to Change Document Root in Apache

How to Install and Use Nano Text Editor in Linux

How to List All Users in Linux

How to Fix Umount Target is Busy in Linux

How to Format USB Drive as exFAT on Linux

How to Change UUID on Linux