Permissions

Just like in other operating systems, multiple user accounts can be created on Linux, and these users can share the same system.

However, when different users share the same system, privacy issues can easily arise. For instance, one user may not want others to view, edit, or delete their files.

We can address this issue with permissions that can be defined at the file and directory level.

To view the permissions for a file or directory, we can use the -l parameter of the ls command, as discussed in previous sections.

root@hackerbox:~$ ls -l
drwxr--r-- 2 john development 4096 Jul  29 12:34 notes.txt

The columns in the output obtained with the -l parameter of the ls command are as follows:

Column Content
Description

d

File type. If it's a directory, it's shown as d, if it's a file, it's shown as -. In this example, it's d, so it's a directory.

rwxr--r--

File permissions

2

Number of hard links to the file/directory

john

Owner of the file/directory

development

Group owner of the file/directory

4096

Size of the file or the block count used to store directory information

Jul 29 12:34

Creation or last modification date of the file/directory

notes.txt

Name of the file/directory

Understanding Permissions

The file permissions (rwxr--r--) given in the example above can be thought of as three different sets of permissions consisting of 9 characters in total.

Each set of three characters represents the user,group, andotherspermission sets.

---         ---     ---
rwx         rwx     rwx
user         group    others

r, w, x, and - Characters

The r character represents read permission, i.e., the permission to read the contents of the file.

The w character represents write permission, i.e., the permission to write or modify the contents of the file.

The x character represents execute permission, i.e., the permission to execute the file. The x permission is given only to executable programs.

If any of the rwx characters are replaced with-, it means that permission is not granted.

User, Group, and Others

  • user - User permissions concern only the owner of the file or directory.

  • group - Group permissions concern only the users who belong to the group assigned to the file or directory.

  • others - Other permissions concern all other users and groups on the system.

Reading Permissions

First, let's divide the given permissions (rwxr--r--) into three distinct groups.

rwx         r--     r--
user         group    others

It is seen that all permissions (read, write, and execute) are granted for the owner user. In other words, the owner of the file (the user named john) can read, modify, and execute this file. However, since this file is a text file, as indicated by its name, it will not execute even though it has execute permission.

For group permissions, only read permission is granted to the group assigned to the file. Write and execute permissions are not granted, as indicated by the - character. Members of the development group, to which the file is assigned, have only read permission for this file.

As for the permissions of other users and groups, it is also seen that only read permission is granted. Again, write and execute permissions are not granted, as indicated by the - character. This means that all other users and groups on the system have read permission for this file.

Changing File and Directory Permissions

To change file and directory permissions, use thechmod command.

The first argument given to the chmod command indicates which permission set you want to change. You can specify the permission set with the u,g, or o options.

  • u (user) - Owner user permissions

  • g (group) - Group permissions

  • o (others) - Other permissions

To change permissions for all sets, you can use u,g,o.

After specifying the first argument, you need to indicate whether you want to add or remove a permission. You can use the + or - options.

  • + -> Adds permission

  • - -> Removes permission

Lastly, you need to specify which permission you want to change (r,w, or x).

  • r (read) - Read permission

  • w (write) - Write permission

  • x (execute) - Execute permission You can also use the combination rwx.

Let's do an example to understand it better

For instance, if we want to grant write permission to others for the file notes.txt, we start the command by indicating the permission set (o for others):

root@hackerbox:~$ chmod o

Then, we indicate whether we want to add or remove the permission. Since we want to add the permission, we use the + character.

root@hackerbox:~$ chmod o+

Lastly, we specify the permission ( w for write).

root@hackerbox:~$ chmod o+w

Finally, we specify the file we want to modify,

notes.txt, and execute the command. We then verify the changes withls -l.

root@hackerbox:~$ chmod o+w notes.txt
root@hackerbox:~$ ls -l
drwxr--rw- 2 john development 4096 Jul  29 12:34 notes.txt

As we can see, the permission set for others has been changed to rw-. Now, other users can read and write to the file.

Another example

You can also update multiple permissions and groups in a single command.

For example, to grant all permissions to all sets for the file notes.txt, run the following command:

root@hackerbox:~$ chmod ugo+rwx notes.txt
root@hackerbox:~$ ls -l
drwxrwxrwx 2 john development 4096 Jul  29 12:34 notes.txt
PreviousGroup ManagementNextProcess Management

Last updated