Learn Linux File System Permissions
Access to files by users are controlled by file permissions. The Linux file permissions systems is simple and flexible, which makes it easy to understand. Files have just three categories of user to which permissions apply. The file is owned by a user normally the one who created the file. The file is also owned by a single group, usually the primary group of the user who created the file, but this can be changed. Different permissions can be set for the owning user, the owning group, and for all other users on the system that are not the user or a member of the owning group. There are also just three categories of permissions which apply: read, write, and execute. These permissions affect access to files and directories as follows
Permission Effect on files Effect on directories
r (read) Contents of the file can be read. Contents of the directory can be listed.
W (write) Contents of file can be changed. Any file in the directory may be created
X (exec) Files can be executed as commands. Contents of the directory can be
Note that users normally have both read and exec on read-only directories, so that they can list the directory and access its contents. If a user only has read access on a directory, the names of the files in it can be listed, but no other information, including permissions or time stamps, are available, nor can they be accessed. If a user only has exec access on a directory, they cannot list the names of the files in the directory. However, if they already know the name of a file which they have permissions to read, then they can access the contents of that file by explicitly specifying the file name. A file may be removed by anyone who has write permission to the directory in which the file resides, regardless of the ownership or permissions on the file itself. (This can be overridden with a special permission, the sticky bit.)
Viewing file/directory permissions and ownership
The -l option of the ls command will expand the file listing to include both the permissions of a file and the ownership:
$ ls -l test
-rw-rw-r– 1 user user 1097374 Dec 12 18:48 test
The commands ‘ls -ld directoryname’ will show the expanded listing of all of the files that reside inside the directory. To prevent the descent into the directory and see the expanded listing of the directory itself, add the -d option to ls:
$ ls -ld /home
drwxr-xr-x 5 root root 316848 Dec 12 21:00 /home
Unlike NTFS permissions, Linux permissions only apply to the directory or file that they are set on. Permissions on a directory are not inherited automatically by the subdirectories and files within it. All permissions in Linux are set directly on each file or directory. The read permission on a directory in Linux is roughly equivalent to List folder contents in Windows. The write permission on a directory in Linux is equivalent to Modify in Windows. It implies the ability to delete files and subdirectories. In Linux, if write and the sticky bit are both set on a directory, then only the user that owns a file or subdirectories in the directory may delete it, which is similar to Windows write permission. Root has the equivalent of the windows full control permission on all files in Linux. However, root may still have access restricted by the system’s SELinux policy and the security context of the process and files in question. SELinux will be discussed in a later course.
Changing file/directory permissions with ‘chmod’ command
We can use the ‘chmod’ command which stands for ‘change mode’. Using this command, we can set permissions (read, write, execute) on a file/directory for the owner, group and the world.
Syntax: chmod permissions filename
For example, we can set permission to the test file by using the following command:
$ chmod 644 test
If you need any further assistance please contact our support department.