Working with files in Linux – Permissions

Over the next few posts I’ll be covering three basic elements of files in Linux:

• Permissions
• ACL’s (Access Control Lists)
• File Attributes

The ls command

Every file in Linux has three primary permissions settings (read, write, execute) that apply to three elements (owner, group, others).

File permissions can be viewed on the command line using the “ls” command.

[luke@testserver stuff]$ ls -l
total 0
-rwxrw-r-x 1 luke admins 0 Jun 21 19:44 file1

Looking at the output from ls -l, from left to right we can break the output into several groups as shown below. Each group separated by parenthesis.

[ (-) (rwxrw-r-x) (1)  (luke admins)  (0) (Jun 21 19:44)  (file1) ]

Let’s look at each block separately.

(-) The leading dash tells us that this is a normal file. You may also see “d” (directory), “l” (link), or “b” (block device) and a few others. but -,d, and l will cover 90+ % of the files you will come into contact with.

Continuing down the line we have (rwxrw-r-x) this should be viewed as three sets of permissions (r) read, (w) write, and (x) execute. Each of the 3 permissions are applied to the owner, group, and others (others is everyone else on the system).

In this example, the permissions read as follows

Owner: rwx (read, write, execute)

Group: rw- (read, and write). The – indicates that the group does not have execute permissions

Other: r-x (read, and execute) In this case others can read and execute but not write to the file, as indicated by the – in the “w” place.

(1) Continuing to the right we see the number 1. This number represents the link count for a file. This file has 1 link which is to itself, if we created a link (shortcut) to this file from another location then the link count would be 2 and would increase by one for each additional link.

The next two entries (luke admins) represent the file owner (luke) and the group that has permission to the file (admins).

(0) The number after the group listing is the file size in bytes. In this case, it’s 0. To see the file size in human readable form use ls -lh .

(Jun 21 19:44) This section shows the date and time that the file was last modified.

(file1) Last we see the file name.

Changing file ownership

Files in Unix-like operating systems belong to a single user (the owner) and a group. Only the root user can change the ownership of a file or directory.

To change ownership of a file use the  chown command like this:

chown <user>:<group> file

Here are a few examples:

Change user and group of a file:

sudo chown superman:justiceleague goodguy.file

Change only the user: 

sudo chown superman goodguy.file

Change only the group:

sudo chown :justiceleague goodguy.file

Changing Permissions

File permissions are changed with the chmodcommand. Permissions can be modified using two different formats, numerical and symbolic.

File permissions in Linux are coded symbolically (as letters)

• r – read
• w – write
• x – execute

And Numerically:

• 4 – read
• 2 – write
• 1 – execute

Each applies to the user(owner), group, and other.

For example, if a file has the following permissions

ls -lh myawesomefile.txt
-rw-r--r-- 1 luke users 9.3M Jan 21 21:43 myawesomefile.txt

•  User – read, write
• Group – read
• Others -read

If we wanted to change this so that users can execute this file we can make this change in one of two ways.

Symbolically

chmod u+x myawesomefile.txt

In this example u = user and x = execute. You can remove the execute permission by changed the + to a -.

chmod u-x myawesomefile.txt

Changing permissions symbolically uses (ugoa) user, group, other, all

Give group write permission on myawesomefile.txt

chmod g+x myawesomefile.txt

Give all users execute permission.

chmod a+x myawesomefile.txt

Numerically 

Changing permissions numerically is intimidating for new Linux users but it shouldn’t be. If you can add up to seven then you should be fine.

Let’s make a new file called “USMC.OORAH” and then display the permissions.

touch USMC.OORAH; ls -lh USMC.OORAH
-rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH

So permissions are rw-r–r– (User read/write, Group read only, Others read only)

These permissions can be expressed numerically as 644 which is admittedly much higher than seven. However, this number is not six hundred forty-four. It is six, four, four.

Numerically file permissions are always Read  + Write + Execute = numerical permission

• User – 6 (read/write because read (4) + write (2) + execute (0) = 6)
• Group – 4 (read only because read (4) + write (0) + execute (0) = 4)
• Others – 4 (read only because read (4) + write (0) + execute (0) = 4)
• Remember read = 4, write =2, and execute = 1 and each applies to users groups and others user6|group4|other4 or just 644

Lets change permissions on our file to allow the group to write to the file, while keeping everything else the same. We need to add 2 only to the group portion of our permissions.

chmod 664 USMC.OORAH
ls -lh USMC.OORAH
-rw-rw-r-- 1 luke users    0 Jan 25 19:50 USMC.OORAH

What if we wanted to allow others to execute this file? Currently, others can only read which is represented by the number 4 execute is represented by the number 1. 4+1=5 so we will want to change permissions to 665.

chmod 665 USMC.OORAH
ls -lh USMC.OORAH
-rw-rw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH

Full permission, read write and execute, is represented by the number 7 because 4+2+1 is 7. So to give the user read write and execute on our file:

chmod 765 USMC.OORAH
ls -lh USMC.OORAH
-rwxrw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH

Of course, you can take permissions away by subtracting. To change the file back to its original permissions of rw-r–r–

chmod 644 USMC.OORAH 
ls -lh USMC.OORAH
-rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH

My next post will take this one step further and add ACL’s or access control lists to the permissions scheme which allows our permissions be become much more fine-grained and can include multiple users and groups.

Luke has an RHCSA for Red Hat Enterpirse Linux 7 and currently works as a Linux Systems Adminstrator in Ohio.

This post, re-published here with permission, was originally published on Luke’s site here.