- File Permissions in Linux / Unix: How to Read, Write & Change?
- Linux File Ownership
- User
- Group
- Other
- Linux File Permissions
- Changing file/directory permissions in Linux Using ‘chmod’ command
- Absolute(Numeric) Mode in Linux
- Symbolic Mode in Linux
- Change Permissions for a Folder and All Its Content in Linux
- 1. Overview
- 2. Access Permissions
- 2.1. Listing File and Directory Permissions
- 2.2. Default Access Permission
- 3. Change Permission of Directory and File
- 3.1. chmod Codes
- 3.2. Change Permission Recursively
- 4. Access Modes
- 5. Changing Owner and Group
- 6. Conclusion
File Permissions in Linux / Unix: How to Read, Write & Change?
Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.
The concept of Linux File permission and ownership is crucial in Linux. Here, we will explain Linux permissions and ownership and will discuss both of them. Let us start with the Ownership.
Click here if the video is not accessible
Linux File Ownership
Every file and directory on your Unix/Linux system is assigned 3 types of owner, given below.
User
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
Group
A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.
Other
Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.
Now, the big question arises how does Linux distinguish between these three user types so that a user ‘A’ cannot affect a file which contains some other user ‘B’s’ vital information/data. It is like you do not want your colleague, who works on your Linux computer, to view your images. This is where Permissions set in, and they define user behavior.
Let us understand the Permission system on Linux.
Linux File Permissions
Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.
- Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
- Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
- Execute: In Windows, an executable program usually has an extension “.exe” and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.
Let’s see file permissions in Linux with examples:
ls – l on terminal gives
Here, we have highlighted ‘-rw-rw-r–‘and this weird looking code is the one that tells us about the Unix permissions given to the owner, user group and the world.
Here, the first ‘–‘ implies that we have selected a file.p>
Else, if it were a directory, d would have been shown.
The characters are pretty easy to remember.
r = read permission
w = write permission
x = execute permission
– = no permission
Let us look at it this way.
The first part of the code is ‘rw-‘. This suggests that the owner ‘Home’ can:
- Read the file
- Write or edit the file
- He cannot execute the file since the execute bit is set to ‘-‘.
By design, many Linux distributions like Fedora, CentOS, Ubuntu, etc. will add users to a group of the same group name as the user name. Thus, a user ‘tom’ is added to a group named ‘tom’.
The second part is ‘rw-‘. It for the user group ‘Home’ and group-members can:
The third part is for the world which means any user. It says ‘r–‘. This means the user can only:
.png)
Changing file/directory permissions in Linux Using ‘chmod’ command
Say you do not want your colleague to see your personal images. This can be achieved by changing file permissions.
We can use the ‘chmod’ command which stands for ‘change mode’. Using the command, we can set permissions (read, write, execute) on a file/directory for the owner, group and the world.
chmod permissions filename
There are 2 ways to use the command –
Absolute(Numeric) Mode in Linux
In this mode, file permissions are not represented as characters but a three-digit octal number.
The table below gives numbers for all for permissions types.
| Number | Permission Type | Symbol |
|---|---|---|
| 0 | No Permission | — |
| 1 | Execute | –x |
| 2 | Write | -w- |
| 3 | Execute + Write | -wx |
| 4 | Read | r– |
| 5 | Read + Execute | r-x |
| 6 | Read +Write | rw- |
| 7 | Read + Write +Execute | rwx |
Let’s see the chmod permissions command in action.
.png)
In the above-given terminal window, we have changed the permissions of the file ‘sample to ‘764’.
.png)
‘764’ absolute code says the following:
- Owner can read, write and execute
- Usergroup can read and write
- World can only read
This is shown as ‘-rwxrw-r–
This is how you can change user permissions in Linux on file by assigning an absolute number.
Symbolic Mode in Linux
In the Absolute mode, you change permissions for all 3 owners. In the symbolic mode, you can modify permissions of a specific owner. It makes use of mathematical symbols to modify the Unix file permissions.
Adds a permission to a file or directory
Sets the permission and overrides the permissions set earlier.
The various owners are represented as –
Change Permissions for a Folder and All Its Content in Linux
The Kubernetes ecosystem is huge and quite complex, so it’s easy to forget about costs when trying out all of the exciting tools.
To avoid overspending on your Kubernetes cluster, definitely have a look at the free K8s cost monitoring tool from the automation platform CAST AI. You can view your costs in real time, allocate them, calculate burn rates for projects, spot anomalies or spikes, and get insightful reports you can share with your team.
Connect your cluster and start monitoring your K8s costs right away:
1. Overview
The Linux operating system uses access permissions to maintain security on files directories. When we create a file or directory, Linux assigns default permissions to them. In this tutorial, we’ll discuss different ways of changing permissions for directories and files within the directory.
2. Access Permissions
In many Linux distributions when we create a user, the Linux system creates a group having the same name as the user and assigns that user’s files to that group. The relationship between files and users is that each file can belong to one user and one group.
2.1. Listing File and Directory Permissions
We can use the ls -ld command to show us the permissions on a directory:
$ ls -ld folder drwxrwxr-x 2 baeldung baeldung 4096 Jul 14 08:50 folderAdditionally, we can apply the ls -l command to show us the permissions on the files in a directory:
$ ls -l total 0 -rw-rw-r-- 1 baeldung baeldung 0 Jul 14 08:50 file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 14 08:50 file2 Moreover, we use ls -l command for a specific file that shows us the permissions on that file:
$ ls -l file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 14 08:50 file1 2.2. Default Access Permission
When we create a new file or directory, it is created with default access or permission 666 (rw-rw-rw-) or 777 (rwxrwxrwx), respectively. However, we can change the default permission by using umask command. The umask command tells the system what permissions should not be given to a new file as default. The umask is the value that is subtracted from the default permission. By default umask is equal to 0002, and will remove write permissions from files (rw-rw-r–) when creating it:
$ umask 0002 $ echo "test" > file $ ls -l file -rw-rw-r-- 1 baeldung baeldung 0 Jul 14 09:36 fileAlso, the new directory will be created with the 775 (rwxrwxr-x) permissions.
3. Change Permission of Directory and File
We can change the permissions of files and directories using the chmod command. There are two ways to change permission:
3.1. chmod Codes
We can use symbolic code plus (+) to add permissions and use minus (–) to remove permissions. Therefore, to give read permission we use +r. In addition, we use +w to give write permission and +x to give execute permission. For removing these permissions, we use -r to remove read permission, -w to remove write permission and -x to remove execute permission.
In addition, we can use octal codes to change the permissions. For example, when using octal codes, we can use numbers instead of r,w,x.
3.2. Change Permission Recursively
Sometimes, we need to change the permissions of a directory and all its subfolders and files. In these cases, we use -R option to recursively apply permission to all subfolders and files:
For example, we want to assign read, write, and execute permissions, to the owner (7) for the current directory and all its subfolders and files. Also, we want to assign read and execute permissions to both group (5) and others (5).
$ ls -ld folder drwxrwxr-x 2 baeldung baeldung 4096 Jul 14 08:50 folder $ ls -l file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 14 08:50 file1 $ chmod -R 751 folder/$ ls -ld folder drwxr-x--x 2 baeldung baeldung 4096 Jul 14 08:51 folder $ ls -l file1 -rwxr-x--x 1 baeldung baeldung 0 Jul 14 08:51 file14. Access Modes
Normally when we run a program it runs with your access level but there are times we should change our password or use programs that need access to system files. We should be able to access /etc/passwd or /etc/shadow to change our password but we should not be able to access other people’s files. In such a case, the Linux system has special bits on each file:
If we set suid on a file, that file will be executed with the access of the owner of the file, and no matter which user is running it. We can set the suid bit with u+s command:
$ ls -l file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 12 11:26 file1$ chmod u+s file1 $ ls -l file1 -rwSrw-r-- 1 baeldung baeldung 0 Jul 12 11:26 file1The S character is in the place of executable bit for the user. If we set the sgid bit on a file, members of the same group can run the file. We can set sgid bit with g+s command:
$ ls -l file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 12 11:50 file1$ chmod g+s file1 $ ls -l file1 -rw-rwSr-- 1 baeldung baeldung 0 Jul 12 11:50 file1The sgid on a directory will force any new file in that directory to have the sgid of the directory. It is possible to set or unset, the suid and sgid using chmod and +s or -s instead of x. If we set the sticky bit on a file, only the owner of the file can delete it even if all users have to write access to that directory. The sticky bit is identified by t and will be shown on the last bit of a directory. We can set sticky bit with o+t command:
$ ls -l file1 -rw-rw-r-- 1 baeldung baeldung 0 Jul 12 12:07 file1$ chmod o+t file1 $ ls -l file1 -rw-rw-r-T 1 baeldung baeldung 0 Jul 12 12:07 file1The T character is in the place of executable bit for the other. Let’s review how we can set these access modes:
access mode | octal | symbolic suid | 4000 | u+s guide | 2000 | g+s sticky | 1000 | t We can set the access modes of a directory and all its subfolders and files using -R option:
$ ls -ld folder drwsr-x--x 2 baeldung baeldung 4096 Jul 14 08:51 folder $ ls -l file1 -rwsr-x--x 1 baeldung baeldung 0 Jul 14 08:51 file15. Changing Owner and Group
If we need to change the ownership or group of a file or directory, we use the chown command. The general style for changing owner and group is:
chown newuser:newgroup file$ ls -l file1 -rw-rw-r-T 1 baeldung baeldung 0 Jul 12 12:07 file1$ chown baeldung:adm file1 $ ls -l file1 -rw-rw-r-T 1 baeldung adm 0 Jul 12 12:07 file1Also, we can use another format of chown:
$ chown :adm file1 $ ls -l file1 -rw-rw-r-T 1 baeldung adm 0 Jul 12 12:07 file1We changed the default group (baeldung) to adm group.
We can change the ownership of a directory and all its subfolders and files recursively using -R option:
$ chown -R newuser:newgroup directory6. Conclusion
In this tutorial, we described permissions on files and directories. Also, we assessed the access modes and changing the ownership and group of files and directories.