A Complete Beginner’s Guide on Linux Permissions
Last Updated on August 11, 2022
Linux is a Unix-like computer operating system assembled under the model of free and open-source software development and distribution. It is popular among developers and has seen some distros being preferred for programming across the board.
One of the key concepts in mastering Linux is understanding Linux Permissions.
What are Permissions in Linux?
Permissions are a set of rules that determine what a user is allowed to do with the files in Linux. These rules are set for each file and folder separately.
The three types of permissions are:
Read: allows users to view the contents of the file
Write: allows users to modify or delete the contents of the file
Execute: allows users to execute it as a program
The permission model is a mechanism to control access to files/directories in a process known as permission checking. When the permissions of an object need to be changed, they are changed according to the rules in the system.
Permissions are used when manipulating file contents, such as moving or deleting them, copying or renaming them, and viewing their content. Another use is when granting or denying apps permission to access data on the device, such as contacts, photos, and location.
The File Manager app requests permission before accessing the user’s entire device.
Why Should I Care about the Linux Permission Structure?
Permissions in Linux are a crucial part of it, they allow users to control who can access files on their computer.
They are based on three different types of users: the owner of the file, the group that owns the file, and other users.
To set permissions on a file, one must know which type of user they want to set them for. The owner of a file is able to read, write, and execute the file.
The group that owns the file is able to read and write the file. Other users have no control over the file other than being able to view it.
A user can be a member of more than one group. In this case, they must choose which group they want to set their file permissions for.
The owner of a file and the group that owns the file can change permissions on it later and all other users will have no effect on those changes.
Basic Commands for Linux File Permissions
This section provides a basic overview of the three commands that affect file permissions.
ls -List contents of a directory
The ls command can be used to list the contents of a directory and can take a directory name as an argument, or display what’s in the current working directory when there are no arguments specified.
ls
This command lists the contents in the current working directory.
ls -a
This command lists all the contents in the current working directory including hidden files.
ls -l
This command shows information about a directory including file permissions, the number of links, owner name, owner group, file size, time of last modification, and the file or directory name
chmod – Alter file permissions
To modify existing permissions on a file, use the chmod command with a plus or minus symbol before each letter to indicate whether you want to increase or decrease the permissions.
For example, chmod u+rwx filename changes file permissions so that others can read, write and execute while users in the group can only read. This sets the owner of the file to be the user where u is an arbitrary number and then sets all other permissions to 0 (no permissions). U = user who owns the file.
chmod +rwx filename
This command adds read, write and execute permissions to a file
chmod -rwx filename
This command removes read, write and execute permissions from a file
Note that “r” is for read, “w” is for write, and “x” is for execute.
chown – Change file ownership
chown is a command-line utility in Unix, Linux and other Os which changes the owner of a file.
It requires root privileges to assign ownership of any file other than the current user’s home directory.
The command-line syntax is chown [-R [-h] ] owner:newowner filename where filename is the name of the file that is to be changed in ownership.
The -R flag recursively changes all subdirectories and their files.The -h flag changes only the specified file’s owner without changing the group.
chown -R owner:newowner /path/to/directory
This command gives someone the ownership of the directory, and all files and subdirectories.
Advanced Commands for Linux File Permissions
In this part, I’ll discuss some of the less-known commands for working with file attributes.
chattr – Change Attributes of a File or Directory
By default, files in Linux are immutable. This means that once the file has been created, it cannot be changed. In order to change the attribute of a file or directory, you have to use the chattr command followed by a string or a set of strings.
Let’s take an example of the file /etc/passwd. if we run the command ls -l we can get the following output
-rw-r--r-- 1 root root 4096 Aug 8 11:36 /etc/passwd
To add attributes to a file we can use the chattr command
chattr +i /etc/passwd
we can verify the immutability using the lsattr command
lsattr
----i----------- ./etc/passwd
You can find more information on chattr in this article.
find – Search for Files in Linux
Finding files is easier than you think. Below are some quick tips to help you find and locate the files you need in the file system.
To locate files in the current folder with a specific extension:
find . -name "*.txt"
To list files with a specific name and their parent directory:
find . -name "my_file.txt" -print
If you want to search for a file that is in your current working directory:
find . -name "my file.txt"
You can learn more about find here.
lsattr – List Attribute of Files or Directories
lsattr is a command-line utility that lists the attributes of files/directories. The information listed below should be used as an example when using lsattr.
lsattr myfile.txt
touch – Update Timestamp on a File
touch is a command line utility for updating the access and modification times on one or more files or directories. This will update the access and modification times on all files in the current directory.
touch -a filename
This updates the access time of a file
touch -am -r directory
This will update the access and modification times on all files in the current directory recursively.
unlink – Delete a Directory or File
The unlink command is used to delete a directory or file from a file system. The original name of the directory/file will be deleted, along with any hard links that might have been created.
unlink /path/to/some-directory
Permissions are set by using three different classifications: owner, group, and others.
The owner of a file is the person who created it. The group of a file is the people who have access to that file if it’s been shared with them. And others are everyone else who doesn’t fall into those two categories.
A group is a set of users who share permissions to files in a given directory. A user who belongs to the group can access these files, but cannot change their permissions or ownership.
It is important to reset permissions on your Linux server so that it is secure. To do this, you need to log in as root and use the following command: chmod -R 777 /home/testuser The chmod command sets permissions on the given directory, making all files, subdirectories and directories read-only for the user and group testuser.
The root user is the default owner of all files and directories in a Linux system. When a user creates a file within a directory, they automatically become the owner of that file/directory. The root user can change the ownership of any file/directory by using the chown command. If you are logged in as root and you wish to reset ownership for all files and directories, you can use this command:
chown -R root: root *
This command will change the owner for all files and directories to root with a recursive option set.
A sticky bit permission is a permission that is set on a directory (or any file system object) that causes all new files created in the directory (or other objects) to inherit the permission.
The sticky bit permission is set by using the chmod command with a plus character (+) followed by an r, which sets the read and write permissions.
The Linux operating system assigns a unique identifier to every user. This identifier is called the user ID or UID. The Linux system also assigns a group ID (GID) to each account that is associated with it. SUID stands for Set User ID and it is an attribute of files in Unix-like OS that determines what operations the file’s owner can perform on the file versus what operations other users can perform on the file. A SUID program runs with the permissions of its owner rather than with those of its original (non-owner) user and group.
chmod 775 means that all users in the group can read, write, and execute a file.
chmod 777 means that read, write and execute access is granted to all users.
Conclusion
Linux permissions are the first thing to consider when looking at any Linux system. It is important to know what the permissions mean and what to do when they are not correct. Linux permissions can be a little tricky to wrap your head around, but once you know the basics, you’ll be able to use them to your advantage. I hope this guide was able to shed some light on some of the most important Linux permissions. If you enjoyed reading, you can read about the best Linux distros for programming. Thank you for reading.