File modes in linux

Linux file permissions, chmod and umask

Understand how Linux file permissions and special mode bits work. Learn how to change these permissions using the chmod command. Find out how default permissions for new files are configured via a user’s umask value.

Linux file permissions

In Linux everything is a file, so everything will have permissions also.

File permissions define which user or system accounts have permissions to read, write, and execute specific files.

  • user = the user that owns the file
  • group = users in the files group
  • other = every other user

There are also three other components when it comes to file mode bits, namely the setuid bit, the setgid bit, and the sticky bit.

As you’ll see later, these «special mode bits» can only be used for certain files.

How read , write , and execute permissions are represented

File permissions are identified through file mode bits. These bits represent what actions can be carried out by specific user accounts.

For example, if you run the command ls -l to list the files in the current directory, you’ll see something similar to this at the beginning of each line in the results:

The repeated rwx sequences represent the notion of read ( r ), write ( w ), and execute ( x ) permissions for user, group, and other (in that order).

Hence the -rwxrwxrwx above indicates that user, group, and other have read, write and execute permissions for that file or in other words: the owner of the file, anyone in the file’s group, and everybody else has read, write, and execute permissions for that file).

Читайте также:  Execute bin file linux

Note that the leading — you’ll see in permissions like -rwxrwxrwx simply indicates that this is a normal file (file type regular).

File types

  • — = regular file
  • d = directory
  • l = symbolic link
  • b = block special device
  • c = character device
  • s = unix socket (local domain socket)
  • p = named pipe

Here are a few more examples of what you might see:

A regular file, readable and writable by user and group, but only readable by everybody else.

Note that the d above indicates that the permissions are for a directory (that is the file’s type is a directory).

This directory is readable, writable, and executable by «user» whilst only readable and executable by «group» and «other».

Also note that for directories, the execute mode bit `x` indicates access / search-ability of that directory for a particular category of user.

The above permissions show that the owner of this regular file has read and write permission but nobody else has any permissions for that file.

If you see a file with permissions like this:

You’ll know it refers to a «character device» (such as a tty) where the «user» has read and write permission, the «group» has write permission, and «other» has no permissions.

To recap, the meanings of `r`, `w`, and `x` for each of the three categories «user», «group», and «other» are illustrated in the image below which shows an `ls -l` command run in a directory which contains filename.txt:

A file’s user and group

The user name shown in the image above is the name of the user account which owns the file (normally the creator, but this can be changed using chown ) whilst the group name is the creator’s primary group (this can be changed using chgrp ).

Читайте также:  Memcheck x86 linux valgrind

By default in Ubuntu, the default primary group is a group with the same name as the user. This is the case above where both the user and group are «tutonics».

Note: for more info about user accounts and groups, please read our post about user account and group management.

To understand how default permissions are determined, skip to section «umask — configuring default file / directory permissions» below.

Special mode bits

Normal process permissions

When a process runs, it takes on the effective permissions of the user who started it. This means the process can only read / write / execute what the user has permissions for.

The same applies to the effective group id of a process, it assumes that of the user, so group permissions of the process mirror that of the user.

This behaviour gets changed when setuid and/or setgid bits are set as you’ll see next.

Setuid — set user id

When the setuid bit is set for a program, on execution the process’s effective user ID gets set to that of the program file itself (rather than that of the user running it).

If a file with permissions -rwxrwxrw- gets its setuid bit set, the permissions will be displayed as -rwsrwxrw- (note the lower case s `where the x was).

If however, the file didn’t have the x permissions for the user, and then had the setuid bit set, you’d see -rwSrwxrw- instead.

So to recap, there is a difference between S and s the former indicates just the setuid bit, the latter indicates setuid bit and execute x (for that position) in the permissions is set.

Читайте также:  File transfer protocol in linux

Setgid — set group id

When the setgid bit is set for a program, on execution the process’s effective group ID gets set to that of the program file (rather than that of the user’s primary group).

Like setuid , the setgid bit is shown as either an S or s .

If a file starts out with -rw-r—r— (no group x) and has its setgid bit set, you’d see it being displayed as -rw-r-Sr— whereas if it started out as -rw-r-xr— it would be displayed as -rw-r-sr— once the setgid bit is set.

Setuid for directories

When the setuid bit is set as part of a directory’s permissions in Ubuntu, it does nothing, for example it has no effect (This is not the case for the setgid bit, as you’ll see next).

Setgid for directories

When the setgid bit is set for a directory, any files created in that directory will have the same group as that directory.

Also, any directories created in that directory will also have their setgid bit set.

Sticky bit

Nowadays (for Linux) the sticky bit is used only in relation to directories.

When a directory has the sticky bit set, only root or the file’s owner has permission to change files in that directory.

The letter’s T and t are used to indicate that the sticky bit is set. For example a directory with permissions drwxr-xr-x having the sticky bit set, would change to drwxr-xr-t whilst a dir with drwxr-xr— would change to drwxr-xr-T (So t vs T depends on whether the «other» category has x permissions set or not respectively).

Permissions: octal representation

Sometimes, you’ll see permissions referred to numerically in base 8 octal (that is using digits 0-7).

Источник

Оцените статью
Adblock
detector