Linux – Managing File Permissions

Linux file permissions are a fundamental aspect of managing file security and access control on Unix-like operating systems. They determine who can read, write, or execute files and directories. Understanding file permissions involves grasping their representation, modification, and the concepts behind them. Here’s a comprehensive and detailed explanation:

1. File Permission Basics

In Linux, file permissions are represented in three primary categories:

1. Owner (User) Permissions: Permissions for the file’s owner.
2. Group Permissions: Permissions for users in the file’s group.
3. Others (World) Permissions: Permissions for all other users.

Permissions can be set for files and directories and are expressed in both symbolic and octal formats.

2. Permission Types

There are three types of permissions:

1. Read (r): Permission to view the contents of the file or directory.

• File: Allows reading the file’s content.
• Directory: Allows listing files and directories within it.

2. Write (w): Permission to modify the file or directory.

• File: Allows editing the file’s content.
• Directory: Allows creating, deleting, or renaming files and directories within it.

3. Execute (x): Permission to execute a file or access a directory.

• File: Allows running the file as a program or script.
• Directory: Allows entering the directory and accessing its contents.

3. Permission Representation

Permissions are displayed using the ls -l command in a long format, which includes a string of characters representing the file’s type and permissions.

3.1. File Type

• The first character in the ls -l output denotes the file type:
• - for a regular file.
• d for a directory.
• l for a symbolic link.
• c for a character device.
• b for a block device.
• p for a named pipe (FIFO).
• s for a socket.

3.2. Permissions

• The next nine characters are split into three groups of three, representing the permissions for owner, group, and others:
• Owner Permissions: rwx (read, write, execute)
• Group Permissions: rwx
• Others Permissions: rwx

Example:

-rwxr-xr--

This represents:

• A regular file (-).
• Owner has read, write, and execute permissions (rwx).
• Group has read and execute permissions (r-x).
• Others have read-only permission (r--).

4. Symbolic and Octal Modes

Permissions can be set or modified using symbolic or octal notation.

4.1. Symbolic Mode

• Syntax: chmod [who][operator][permissions] file
• who: Specifies who the permissions apply to (u for user/owner, g for group, o for others, a for all).
• operator: Specifies how to modify permissions (+ to add, - to remove, = to set exactly).
• permissions: Specifies the permissions (r for read, w for write, x for execute).

Examples:

• Add execute permission for the owner: chmod u+x file.txt
• Remove write permission for the group: chmod g-w file.txt
• Set read and write permissions for all: chmod a=rw file.txt

4.2. Octal Mode

• Syntax: chmod [permissions] file
• Octal Numbers:
• 4: Read permission (r)
• 2: Write permission (w)
• 1: Execute permission (x)

The permissions are set using a three-digit octal number where each digit represents the permissions for owner, group, and others.

Examples:

• Set rwx (read, write, execute) for owner, rx (read, execute) for group, and r (read) for others: chmod 754 file.txt
• Set rw-r--r-- (read and write for owner, read-only for group and others): chmod 644 file.txt

5. Special Permissions

There are additional permissions that modify the default behavior of files and directories:

5.1. Setuid (Set User ID)

• Effect: When set on an executable file, the process running the file will have the privileges of the file’s owner, not the user running the process.
• Symbolic Representation: s in the owner’s execute position (e.g., rwsr-xr-x).
• Octal Representation: 4000

Example:

chmod u+s /path/to/program

5.2. Setgid (Set Group ID)

• Effect: When set on a directory, files created within the directory will inherit the group of the directory. When set on an executable file, the process will run with the privileges of the file’s group.
• Symbolic Representation: s in the group’s execute position (e.g., rwxr-sr-x).
• Octal Representation: 2000

Example:

chmod g+s /path/to/directory

5.3. Sticky Bit

• Effect: When set on a directory, only the file’s owner, the directory’s owner, or the root user can delete or rename files within that directory.
• Symbolic Representation: t in the others’ execute position (e.g., rwxr-xr-t).
• Octal Representation: 1000

Example:

chmod +t /path/to/directory

6. Viewing and Modifying Permissions

6.1. Viewing Permissions

• Use the ls -l command to view file permissions:

ls -l file.txt

6.2. Modifying Permissions

• Use the chmod command to change file permissions:

chmod 755 file.txt

• Recursive Permission Changes:
  • Use the -R option to apply changes recursively:

bash chmod -R 755 /path/to/directory

7. Examples and Use Cases

• Making a Script Executable:

chmod +x script.sh

• Setting Permissions for a Web Directory:

chmod 755 /var/www/html

• Allowing Group Members to Write to a Directory:

chmod 775 /path/to/directory

8. Security Considerations

• Avoid Giving Unnecessary Write Permissions: Especially on directories and executables, as this can lead to security vulnerabilities.
• Use Setuid/Setgid Carefully: These permissions can escalate privileges and should be used with caution.
• Apply Sticky Bit for Shared Directories: Useful for directories like /tmp to prevent unauthorized deletion of files by users.

By understanding and effectively managing file permissions, you ensure that your system maintains proper security and access controls, protecting both your data and system integrity.