Linux - File Permission

In Linux, everything is based on file permissions. Each file or directory has:

  • an owner
  • a group (or groups)
  • users

And an owner and a group (or groups) that usually has more permissions to read, write, or execute than users not in the owner or in the permission group.

Intepret the Permissions

First run the below command on a working directory to see directory/file permissions, user, group, filesize, creation date/time, and filename.

ls -l

The first character identifies the resource as either a directory (d) or file (-).

# resource is a file
-rw-rw-r--
# resource is a directory
drwxr-xr-x

The following nine characters should actually be read as triplets:

  • rw- for the file owner,
  • rw - for the group(s) that have permission to the file, and
  • r-- for all others.

The r, w and x symbols means:

  • read (r) = contents can be viewed but not edited, renamed, added, or deleted
  • write (w) = contents can be viewed, edited, renamed, added, and deleted
  • execute (x) = contents can run as a program or script
  • (-) = permissions don’t apply

| PERMISSION | NUMBER | LETTER | | ------------- | ------ | ------ | | read | 4 | r | | write | 2 | w | | execute | 1 | x | | no permission | 0 | - |

Default Permission

When a normal user creates a folder, the default owner for the user and group is set to the username. The default permissions are typically set to 755 (or “rwx” for the user, “rx” for the group, and “rx” for others). These defaults are designed to restrict access until deliberately granted!

When a user then creates a file inside the folder, the default owner for the user and group is again set to the username, while the permissions for that file are set to 644 (or “rw” for the user, “r” for the group, and “r” for others).

Example, changing the permissions on the newly created test.csv file so that:

  • only the owner and group can read it (but not write or execute)
  • other users has no permission
chmod 440 test.csv

Example, to modify this file to have read, write, and execute permissions for the user, group, and other

chmod 777 test.csv
or
chmod u=rwx,g=rwx,o=rwx test.csv

Administrator Privileges

An administrator can make changes anywhere in the system, including creating users and groups, modifying them, and elevating or reducing any permissions for files. As an administrator, there are commands at your disposal to add, delete, or modify users and groups:

  1. Adding and Modifying Users and Groups
  • useradd creates a new user
  • groupadd creates a new group
  • usermod and groupmod can be used to modify users and groups
  • userdel and groupdel can be used to delete users and groups.
  1. Modifying Owners and Permissions
  • chwon and chgrp allow the superuser/admin to change who owns the resource, file, or director
  • chmod changes the read-write-execute permission levels.
# 1. create a new group called engineering
sudo groupadd engineering
# 2. To verify that the engineering group has been created
cat /etc/group
# 3. create a new file called engineering/keys.txt
sudo touch engineering/keys.txt
# to make engineering the group owner of the engineering/keys.txt file
sudo chgrp engineering engineering/keys.txt
# to see the ownership of the engineering/keys.txt file
ls -l engineering/keys.txt

Elevating Privileges - Using sudo to access admin commands

A user that is a member of the Administrator Group can elevate his/her privileges using sudo command. sudo is usually used when required to perform specific tasks, like adding and modifying permissions and configuring system software.

# to add a new user john
useradd john
# to modify the owner of a file named test.csv to john
chown john test.csv
# if faced Permission denied! add sudo
# will receive password prompt to prove we are the current authorized user
sudo chown john test.csv