Linux file permissions. – DEV Community
In Ubuntu (and other Linux systems), file permissions are an essential part of managing file security and access. Permissions define who can read, write, and execute a file or directory. Understanding these permissions is crucial for system administration, security, and software development.
File Permission Overview
Each file or directory in Ubuntu has three types of permissions:
-
Read (
r
): Allows viewing or reading the contents of a file. For a directory, it means listing its contents. -
Write (
w
): Allows modifying or editing the contents of a file. For a directory, it allows adding or deleting files within it. -
Execute (
x
): Allows running or executing a file (e.g., shell scripts or binary files). For a directory, it allows traversing into it (changing into that directory).
Permission Levels: User
, Group
, and Others
There are three categories of users for each file and directory:
- User (u): The owner of the file. This is usually the person who created the file.
- Group (g): A group of users who share the same permissions.
- Others (o): All other users who are not the owner or part of the group.
Permissions for each category are represented in the following format:
Example: -rwxr-xr--
This example shows typical permissions of a file in a ls -l
listing:
-rwxr-xr--
Breaking Down the Example
-
-
: Indicates the file type.-
is a regular file,d
is a directory, andl
is a symbolic link. -
rwx
: User permissions (owner). The user has read (r
), write (w
), and execute (x
) permissions. -
r-x
: Group permissions. The group has read (r
) and execute (x
), but not write (-
) permission. -
r--
: Other users’ permissions. Other users have read-only (r
) permission.
Changing Permissions: The chmod
Command
You can change file permissions using the chmod
command. There are two ways to use chmod
:
-
Symbolic Mode: Uses letters to represent permissions (
r
,w
,x
). - Numeric Mode: Uses numbers (e.g., 755, 644) to set permissions.
Symbolic Mode: Examples
-
chmod u+x file.txt
: Adds execute (x
) permission for the user. -
chmod g-w file.txt
: Removes write (w
) permission for the group. -
chmod o+r file.txt
: Adds read (r
) permission for others. -
chmod u=rwx, g=rx, o=r file.txt
: Setsrwx
for user,rx
for group, andr
for others.
Numeric Mode: Examples
In numeric mode, each permission has a corresponding value:
-
Read (
r
): 4 -
Write (
w
): 2 -
Execute (
x
): 1
The sum of these values determines the permissions. For example:
-
rwx
= 4 + 2 + 1 = 7 -
rw-
= 4 + 2 + 0 = 6 -
r--
= 4 + 0 + 0 = 4
Setting Permissions Using Numbers
When using numbers, you provide three digits, where each digit represents a category:
- First Digit: Permissions for the user (owner).
- Second Digit: Permissions for the group.
- Third Digit: Permissions for others.
Example:
Thus, rwxr-xr-x
.
Thus, rw-r--r--
.
Ownership: The chown
Command
Besides permissions, each file has an owner and a group. You can change the owner or group using the chown
command:
-
chown user:group file.txt
: Changes the owner and group of the file. -
chown user file.txt
: Changes only the owner. -
chown :group file.txt
: Changes only the group.
Example:
-
chown alice:developers script.sh
changes the owner toalice
and the group todevelopers
.
File Types in Permission Listings
When you list files with ls -l
, you’ll see the file type indicated as the first character:
-
-
: Regular file -
d
: Directory -
l
: Symbolic link -
c
: Character device file (e.g., terminals, serial ports) -
b
: Block device file (e.g., disk drives)
Example Output of ls -l
:
drwxr-xr-x 2 alice developers 4096 Oct 3 10:45 directory_name
-rw-r--r-- 1 bob users 1024 Oct 3 10:30 file_name.txt
In this example:
-
Directory (
d
):directory_name
hasdrwxr-xr-x
permissions. -
Regular file (
-
):file_name.txt
hasrw-r--r--
permissions.
Practical Permission Management Tips
-
Setting Permissions for Scripts: Use
chmod +x script.sh
to make shell scripts executable. -
Limiting Access: Set sensitive files to
chmod 600 file.txt
so only the owner can read/write. -
Directory Permissions: Use
chmod 755
for directories you want others to traverse but not modify.
Summary of Common chmod
Values
-
777
:rwxrwxrwx
– Everyone can read, write, and execute (dangerous for sensitive files). -
755
:rwxr-xr-x
– User can read, write, execute; others can only read and execute. -
644
:rw-r--r--
– User can read, write; others can only read.