/ Engineering

Linux file permissions in a nutshell

Every file and directory in linux have their own permissions. They decide what a user can do with them, inform the same to system.

In a nutshell, a file/directory lets a user do either of:
read (r), write (w) and execute (x).

For files:

  • read -- user can read contents of file.
  • write -- user can edit/write to file. Also, this lets user delete the file.
  • execute -- user can execute the file as a script (something like bash command)

For directories:

  • read -- user can read contents of directory.
  • write -- user can create a new file in the directory or rename the file or delete the file. Also, this lets user delete the directory.
  • execute -- user can cd to directory. Yes, user can't do it with only read permission.

Now, how do file/folder specify which users can access what?

Answer lies in users(u), groups (g) and others (o)

  • User - The owner of file/directory.
  • Group - All users added to these groups (yes, they can be multiple.) can do what they're permitted to do.
    Groups essentially determine how multiple users can access a file/directory.
  • Other - Those who have nothing specifically assigned.

Example walkthrough

To look for permissions of all files in a folder, run the command ls -la <folder_path>

Let's have a peek through of /var/www/ on the server where this website is hosted.

$ ls -al /var/www/
drwxr-xr-x  6 root     root     4096 Jun  1 22:01 .
drwxr-xr-x 13 root     root     4096 Apr 16  2015 ..
drwxr-xr-x 10 ghost    ghost    4096 Sep 19 00:35 ghost
drwxr-xr-x  3 srujan   srujan   4096 Sep 23 06:52 html
  • drwxr-xr-x translates to
    • d -- directory
    • "rwx" -- owner can read, write, execute.
    • "r-x" -- Group can read, can't write, execute.
    • "r-x" -- Others can read, can't write, execute.
  • 6, 13, 10, 3 are respective number of hardlinks.
  • root root/ ghost ghost / srujan srujan says owner group
    By default, user who creates the file owns it.
  • 4096 -- size of file/directory in bytes
  • The rest are timestamps.
  • Filenames:
    • . -- Current directory.
    • .. -- Parent directory.
    • ghost -- Child directory.
    • html -- Another child directory

And other example where a file is present. Notice that d is not present in the rules.

$ ls -al /var/www/html/
total 16
drwxr-xr-x 3 srujan srujan   4096 Sep 23 06:52 .
drwxr-xr-x 6 root   root     4096 Jun  1 22:01 ..
-rw-rw-r-- 1 srujan srujan     94 Sep 23 06:52 404.html

How to change permissions

Go through the manual of command chmod for understanding how to achieve desired permissions to a file/directory.