Working with files in Linux - Permissions
Over the next few posts I’ll be covering three basic elements of files in Linux:
The ls command
Every file in Linux has three primary permissions settings (read, write, execute) that apply to three elements (owner, group, others).
File permissions can be viewed on the command line using the
[[email protected] stuff]$ ls -l total 0 -rwxrw-r-x 1 luke admins 0 Jun 21 19:44 file1
Looking at the output from
, from left to right we can break the output into several groups as shown below. Each group separated by parenthesis.
[ (-) (rwxrw-r-x) (1) (luke admins) (0) (Jun 21 19:44) (file1) ]
Let’s look at each block separately.
The leading dash tells us that this is a normal file. You may also see
(block device) and a few others. but
will cover 90+ % of the files you will come into contact with.
Continuing down the line we have
this should be viewed as three sets of permissions
. Each of the 3 permissions are applied to the owner, group, and others (others is everyone else on the system).
In this example, the permissions read as follows
(read, write, execute)
(read, and write). The
indicates that the group does not have execute permissions.
(read, and execute) In this case others can read and execute but not write to the file, as indicated by the
in the “w” place.
Continuing to the right we see the number
This number represents the link count for a file. This file has 1 link which is to itself, if we created a link (shortcut) to this file from another location then the link count would be 2 and would increase by one for each additional link.
The next two entries
represent the file owner (luke) and the group that has permission to the file (admins).
The number after the group listing is the file size in bytes. In this case, it’s 0. To see the file size in human readable form use
Jun 21 19:44
This section shows the date and time that the file was last modified.
Last we see the file name.
Changing file ownership
Files in Unix-like operating systems belong to a single user (the owner) and a group. Only the root user can change the ownership of a file or directory.
To change ownership of a file use the
command like this:
chown <user>:<group> file
Here are a few examples:
Change user and group of a file:
sudo chown superman:justiceleague goodguy.file
**Change only the user: **
sudo chown superman goodguy.file
Change only the group:
sudo chown :justiceleague goodguy.file
File permissions are changed with the
command. Permissions can be modified using two different formats, numerical and symbolic.
File permissions in Linux are coded symbolically (as letters)
- r - read
- w - write
- x - execute
- 4 - read
- 2 - write
- 1 - execute
Each applies to the user(owner), group, and other.
For example, if a file has the following permissions
ls -lh myawesomefile.txt -rw-r--r-- 1 luke users 9.3M Jan 21 21:43 myawesomefile.txt
- User - read, write
- Group - read
- Others -read
If we wanted to change this so that users can execute this file we can make this change in one of two ways.
chmod u+x myawesomefile.txt
In this example
= user and
You can remove the execute permission by changing the
chmod u-x myawesomefile.txt
Changing permissions symbolically uses (ugoa) user, group, other, all
Give group write permission on
chmod g+x myawesomefile.txt
Give all users execute permission.
chmod a+x myawesomefile.txt
Changing permissions numerically is intimidating for new Linux users but it shouldn’t be. If you can add up to seven then you should be fine.
Let’s make a new file called
and then display the permissions.
touch USMC.OORAH; ls -lh USMC.OORAH -rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
We can see permissions are
(User read/write, Group read only, Others read only)
These permissions can be expressed numerically as
which is admittedly much higher than seven. However, this number is not six hundred forty-four.
It is six, four, four.
Numerically file permissions are always Read + Write + Execute = numerical permission
- Read is equal to the number 4.
- Write is equal to the number 2.
- Execute is equal to the number 1.
Our file has numerical permissions of six, four, four - and here is how that breaks down:
- User = 6 (read/write because read (4) + write (2) + execute (0) = 6)
- Group = 4 (read only because read (4) + write (0) + execute (0) = 4)
- Others = 4 (read only because read (4) + write (0) + execute (0) = 4)
- Remember read = 4, write =2, and execute = 1 and each applies to users groups and others.
- user permissions add up to 6.
- group permissions add up to 4.
- others permissions add up to 4.
- Which is generally expressed as just 644.
Lets change permissions on our file to allow the group to write to the file, while keeping everything else the same. We need to add 2 only to the group portion of our permissions.
chmod 664 USMC.OORAH ls -lh USMC.OORAH -rw-rw-r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
What if we wanted to allow others to execute this file? Currently, others can only read which is represented by the number 4 execute is represented by the number 1. 4+1=5 so we will want to change permissions to 665.
chmod 665 USMC.OORAH ls -lh USMC.OORAH -rw-rw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH
Full permission, read write and execute, is represented by the number 7 because 4+2+1 is 7. So to give the user read write and execute on our file:
chmod 765 USMC.OORAH ls -lh USMC.OORAH -rwxrw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH
Of course, you can take permissions away by subtracting. To change the file back to its original permissions of
chmod 644 USMC.OORAH ls -lh USMC.OORAH -rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
My next post will take this one step further and add ACL’s or access control lists to the permissions scheme which allows our permissions be become much more fine-grained and can include multiple users and groups.