Linux - File Permission
In Linux, everything is based on file permissions. Each file or directory has:
- an owner
- a group (or groups)
- users
And an owner and a group (or groups) that usually has more permissions to read, write, or execute than users not in the owner or in the permission group.
Intepret the Permissions
First run the below command on a working directory to see directory/file permissions, user, group, filesize, creation date/time, and filename.
The first character identifies the resource as either a directory (d) or file (-).
The following nine characters should actually be read as triplets:
rw
- for the file owner,rw
- for the group(s) that have permission to the file, andr--
for all others.
The r, w and x symbols means:
- read (r) = contents can be viewed but not edited, renamed, added, or deleted
- write (w) = contents can be viewed, edited, renamed, added, and deleted
- execute (x) = contents can run as a program or script
- (-) = permissions don’t apply
| PERMISSION | NUMBER | LETTER | | ------------- | ------ | ------ | | read | 4 | r | | write | 2 | w | | execute | 1 | x | | no permission | 0 | - |
Default Permission
When a normal user creates a folder, the default owner for the user and group is set to the username. The default permissions are typically set to 755 (or “rwx” for the user, “rx” for the group, and “rx” for others). These defaults are designed to restrict access until deliberately granted!
When a user then creates a file inside the folder, the default owner for the user and group is again set to the username, while the permissions for that file are set to 644 (or “rw” for the user, “r” for the group, and “r” for others).
Example, changing the permissions on the newly created test.csv file so that:
- only the owner and group can read it (but not write or execute)
- other users has no permission
Example, to modify this file to have read, write, and execute permissions for the user, group, and other
Administrator Privileges
An administrator can make changes anywhere in the system, including creating users and groups, modifying them, and elevating or reducing any permissions for files. As an administrator, there are commands at your disposal to add, delete, or modify users and groups:
- Adding and Modifying Users and Groups
useradd
creates a new usergroupadd
creates a new groupusermod
andgroupmod
can be used to modify users and groupsuserdel
andgroupdel
can be used to delete users and groups.
- Modifying Owners and Permissions
chwon
andchgrp
allow the superuser/admin to change who owns the resource, file, or directorchmod
changes the read-write-execute permission levels.
Elevating Privileges - Using sudo to access admin commands
A user that is a member of the Administrator Group can elevate his/her privileges using sudo
command.
sudo
is usually used when required to perform specific tasks, like adding and modifying permissions and configuring system software.