Being a web developer is inevitable to not come across with the Linux ecosystem. Either a web server needs to be configured or some other files need to be modified on a Linux server.
The Linux file permissions are the most fundamental feature of how the Linux file system works. So without further ado let's see how it actually works. I'll try to compact this information as much as possible below.
Linux uses Unix-like file permissions at its core, each file has owners and each owner has read/write/execute permissions.
Owner types
A file or directory has users owning it, and can have three types of owners.
1. User
A user is the owner/creator of the file or directory. Simple as that.
2. Group
A group can have multiple users assigned to it. Every file and directory has group permissions assigned, meaning that all those users who belong to the group will have the group permissions on a file or directory.
3. Other
Other users who have access to a file, users who are not the owners nor belong to a group that's associated with the file.
Permissions
Each file and directory have three permissions set for each owner type, so a total of nine permissions per file or directory. These permissions are:
1. Read
If an owner type (User, Group, Other) has read permissions it means those users can read the contents of that file or list out the files in a directory.
2. Write
The write permission lets owners modify or remove files, and add, remove or rename files in a directory.
3. Execute
In Linux the execute permission has a somewhat special meaning, every file that has the execute permission can be an executable (like a .exe in Windows or .dmg file in macOS).
Reading Permissions
In Linux to show a file or directory permissions, you need to execute the list command like so
ls -lA
ls
is the list command, it lists files and directories-l
is the option to use the long format for listing (e.g. shows permissions)-A
is the option to list almost all the contents, except . and ..
The output of this command will show something like:
drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir
-rw-r-xr-- 1 george admins 12 Feb 22 10:00 myfile.txt
We're interested in the first 10 characters from each line, those represent the permissions.
The first character is a special permissions flag and it can be:
-
- no special permissions.d
- directory.l
- symbolic link.s
- setuid/setgid permissions. 5t
- sticky bit permissions.
The following nine characters are three sets of three characters that specify the permissions for the three owner types, taking the example above for myfile.txt
it's as follows:
rw-
- User owner type permissions. The User has read and write permission, but no execute permission.r-x
- Group owner type permissions. The assigned Group has read and execute permissions, but no write persmission.r--
- Other owner type permissions. The Other owner type has only read permission.
The order of characters in each set is always read-write-execute.
The characters for each set can be:
r
- read permission.w
- write permission.x
- execute permission.-
- explicitly defining no permission.
To exercise reading permission bits let's take the example of mydir
illustrated again below.
drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir
Let's break it down:
d
- The first character, showing us that it's a directory.rwx
- The next three characters define that the User owner type has read, write and execute permissions, in this case, the User owner type isgeorge
.rw-
- The next three characters define Group permissions, and have read and write, but not execute permissions. In this case, the group isadmins
.r--
- The final three characters define Other permissions, and have read permissions only. In this case, all users who are not the owner of the directory and not assigned to theadmins
group can list out the contents of the directory.
Changing Owners
Changing the two explicit owners, User and Group, of the file or directory can be done with the command chown
. The command takes the following format:
chown user:group file
If you want to change the Group owner of myfile.txt
in the example above from admins
to let's say authors
you can execute the command like so:
chown george:authors myfile.txt
If you want to change the user, but not the group, execute the command like so:
chown daniel myfile.txt
There's another option if you want to change the owner of all files and directories recursively too, let's say to change the owner of mydir
AND ALL its files and directories inside it RECURSIVELY, execute the the command like so:
chown -R daniel:authors mydir
Changing Permissions
To change a file or directory permissions is with the chmod
command. This command can change each owner type permissions separately or combine all three together in one command.
This command can read the specified permissions in numeric or symbolic mode, I'll cover the symbolic mode as it is more readable and does the same thing as the numeric mode.
The owners for this command are defined as follows:
u
- userg
- groupo
- othera
- all three owner types
The permissions remain the same as what the ls
command outputs, r
, w
, x
for read, write, execute.
The chmod
command has operators too (don't worry it'll make sense):
+
- add permission to the owner type.-
- remove permission from the owner type.=
- set and overwrite the permission on the owner type.
Ok, let's put it together, take a look at the permissions of myfile.txt
below.
-rw-r-xr-- 1 daniel authors 12 Feb 22 10:00 myfile.txt
To change the user permissions we execute the chmod
command as follows:
chmod u+rwx myfile.txt
This means that we added the +rwx
(read, write, execute) permissions to the user owner type denoted with u
.
Let's take away all the permissions from all the owner types in one go, note you have to be root
in order to do this:
chmod a-rwx myfile.txt
If we list the file permissions again it would show no permissions on the file:
---------- 1 daniel authors 12 Feb 22 10:00 myfile.txt
Let's add back the permissions for each owner type one by one grouped by permission assignment:
chmod a+r myfile.txt
chmod ug+rw myfile.txt
chmod u+x myfile.txt
Run the ls -lA
command after all three chmod
executions to see how the permissions build up for each owner type.
- The 1st command adds the read permission for all owners. The permission bits will look like
-r--r--r--
. - The 2nd command adds read and write permissions for user and group. It changes to
-rw-rw-r--
. - The 3rd command adds execute permission for the user only. The final permission list will look like
-rwx-rw-r--
.
Conclusion
I hope you liked the article and understand better how Linux permissions work. For more information on the commands visit the following websites.
- man(ls) - Linux manual page for
ls
. - man(chown) - Linux manual page for
chown
. - man(chmod) - Linux manual page for
chmod
.
Also, don't forget to like and share this article. ๐