Learn Linux File System Permissions

Security is important, no matter if it is a personal computer or a web server. Every operating system on the planet has some kind of access control system that allows administrators and users to work on servers or computers without messing up or compromising the system. Linux also comes with such an access control system. In Linux, we call it file system permissions.

It is because, Every file and a directory has specific permissions for Owner, group and other users in Linux file system. And there are commands that we can use to manipulate the file permissions efficiently. In this guide, I will show you how to deal with Linux file permissions and How to keep your system secure with proper file permissions.

We will also discuss How we should give permissions to the websites hosted on our server, that way, you will be able to understand the concept practically. So, Let’s start with the guide. The first thing we will learn is What are file permissions and How to check permissions of specific file or a directory.

What are File system Permissions?

Every file and a directory in Linux has different kind of permissions to different kind of entities. Any specific file or directory is connected with three types of Entities. They are User(Owner), Group and Others.

User(Owner) is a user who owns the file. Normally, A user who creates a file is the owner of the file unless the ownership is given to someone else by the superuser (Root or user with sudo privileges).

Group is a group of users in Linux. And we can assign a specific group to specific file or directory. Each and every user from a group can perform actions based on the permissions given to the group.

Others include all the other users on the system. Normally, Others do not have write permissions to the file or directory except if it is required.

Now, There are three types of permissions that we can give to any of the above given entities for a specific file or a directory. The types of permissions are.

  • Read: Read permission allows a user to read file contents. If you do not want others to read file contents, you can revoke read permissions for Group and Others, we will see How to perform this action.
  • Write: Write permission allows a user to edit or delete a file. If a user has write permission on any file or directory, he/she can update the contents of the file as well as delete the file.
  • Execute: With Execute permission, a user can execute a file using proper software on the system. For example, If someone has execute permission on a shell script, he/she can execute the shell script.

In short, There are three types of users for a specific file or directory. And these three types of users can work on a file based on the Read, Write and Execute permissions they have on the file.

Do not worry if it is hard to understand right now. Let’s see How to check File permissions in Linux.

How to check File Permissions in Linux

Login to your Linux VPS or computer and start the terminal. Now, Execute the following command to get list of files and directories along with the file permissions.

$ ls -la

And Here is the kind of output you should expect.

drwxr-xr-x  5 iamuser iamgroup 4096 Oct 25 22:20 .
drwxr-xr-x 31 iamuser iamgroup 4096 Oct 25 05:02 ..
-rw-r--r--  1 iamuser iamgroup    0 Oct 25 22:20 example
drwxr-xr-x  2 iamuser iamgroup 4096 Oct 25 22:20 example2.com
drwxr-xr-x  2 iamuser iamgroup 4096 Oct  9 13:08 example.com
-rw-r--r--  1 iamuser iamgroup    0 Oct 25 22:20 important
drwxr-xr-x  2 iamuser iamgroup 4096 Oct 25 22:20 phpmyadmin
-rw-r--r--  1 iamuser iamgroup    0 Oct 25 22:20 shell.sh
-rw-r--r--  1 iamuser iamgroup    0 Oct 25 22:20 something

The first column in this output indicates the exact file permissions. All the permissions on a file or a directory are expressed in a string of 10 characters. This string only consists 5 characters, The 5 characters are Read(r)Write(w), Execute(x)d(Directory)-(No permission).

The third column in this output shows us the name of the owner of the file. And the fourth column shows us the group of the file.

Let’s understand the file permissions of a file named shell.sh from the list.

-rw-r–r–

The first character in the string is always either d or . It is because the first character is used to show if a file is a file or a directory. It will show d if it is a directory and it will show  if it is a file.

The next Nine Characters of the string are divided into three sections. Each consisting of three characters to indicate the read, write and execute permission for User, Group and Others. Let’s see what permissions do User, Group and Others get in our shell.sh file.

  1. Owner Permissions (rw-): In this example, the owner of the file gets read and write permissions on our example file. It means that the owner of the file can read the file contents because he has read permissions. He can also update file contents and delete a file because he has write permission too. However, In this example, The owner cannot execute the file as he does not have x permission on the file.
  2. Group Permissions (r–): The next three characters in the string indicates the group permissions. In this case, the group members can only read the contents of the file. They cannot update/delete the file nor they can execute the file.
  3. Other Permissions (r–): All the other users on the system can read the file contents. Just like group members, they cannot update/delete a file nor they can execute the file.

So, this is how we can see the file permissions of a specific file in Linux. Now, as we can read the file permissions, it’s time to learn how to manipulate file permissions in Linux.

How to Update File Permissions in Linux

There are two commands in Linux that we can use to modify file permissions. In this section, we will see how to use these commands to update file permissions.

Chown command in Linux

The first command we are going to learn is chown. We can use chown command to update ownership of the file. As we now know, we can give file ownership to a user and a group. For instance, we do not want iamauser to own the file. We have a new user who can manage this file and his username is iamausernew. And we also want to change group ownership from iamagroup to iamagroupnew. To perform this action, we have to execute the following command.

$ sudo chown iamausernew:iamagroupnew shell.sh

You can do the same thing with a directory. If you also want to update the ownership of all the files and directories inside a specific directory, use the -R option in the chown command. The -R option will change the file permissions recursively.

Chmod command in Linux

Unlike Chown command, Chmod command is used to change the read, write and execute permissions for all the owners and non-owners of the file or directory. For instance, Let’s say we want to allow group members to execute our shell.sh file, in order to give them execute permissions, here is the command we will run.

$ sudo chmod g+x shell.sh

Similar to chown, you can use -R in case of directories if you also want to update file permissions recursively. Let’s assume we want to give all, the owner, group and other users to execute the file. In that case, we will execute the following command.

$ sudo chmod +x shell.sh

So, this is how you can change Linux file system permissions using chmod command. Note that only the owner of the file, the superuser(root) or a user with sudo privileges can update the file permissions.

Best Practices

  1. Do not give read, write and execute permissions to other users, it is very dangerous. If you stumble upon an article on the internet that suggests you to permanently change your file permissions to 777(rwxrwxrwx), you not do it.
  2. In case if you are hosting websites on your server, you can give ownership to the user who owns the site and group ownership to www-data or httpdbecause that way, the web server and a user both can update files inside a specific directory.

 

Conclusion: If you want to learn Linux System administration, you must learn How the Linux file permissions and access control works. This topic is very much important when it comes to access to the server and security. At the same time, It is not so hard to learn Linux FileSystem permissions. You just have to understand the concepts and some command that we discussed in this guide to be good at managing permissions.

If you are having any questions or queries, please use the comment section given below. We will help you with the confusions and issues.

Leave a Reply