Linux File Permissions for Web Developers

Linux File Permissions for Web Developers

ยท

10 min read

Being a web developer is inevitable to not come across with the Linux ecosystem. Either a web server needs to be configured or some other files need to be modified on a Linux server.

The Linux file permissions are the most fundamental feature of how the Linux file system works. So without further ado let's see how it actually works. I'll try to compact this information as much as possible below.

Linux uses Unix-like file permissions at its core, each file has owners and each owner has read/write/execute permissions.

Owner types

A file or directory has users owning it, and can have three types of owners.

1. User

A user is the owner/creator of the file or directory. Simple as that.

2. Group

A group can have multiple users assigned to it. Every file and directory has group permissions assigned, meaning that all those users who belong to the group will have the group permissions on a file or directory.

3. Other

Other users who have access to a file, users who are not the owners nor belong to a group that's associated with the file.

Permissions

Each file and directory have three permissions set for each owner type, so a total of nine permissions per file or directory. These permissions are:

1. Read

If an owner type (User, Group, Other) has read permissions it means those users can read the contents of that file or list out the files in a directory.

2. Write

The write permission lets owners modify or remove files, and add, remove or rename files in a directory.

3. Execute

In Linux the execute permission has a somewhat special meaning, every file that has the execute permission can be an executable (like a .exe in Windows or .dmg file in macOS).

Reading Permissions

In Linux to show a file or directory permissions, you need to execute the list command like so

ls -lA
  1. ls is the list command, it lists files and directories
  2. -l is the option to use the long format for listing (e.g. shows permissions)
  3. -A is the option to list almost all the contents, except . and ..

The output of this command will show something like:

drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir
-rw-r-xr-- 1 george admins   12 Feb 22 10:00 myfile.txt

We're interested in the first 10 characters from each line, those represent the permissions.

The first character is a special permissions flag and it can be:

  1. - - no special permissions.
  2. d - directory.
  3. l - symbolic link.
  4. s - setuid/setgid permissions. 5 t - sticky bit permissions.

The following nine characters are three sets of three characters that specify the permissions for the three owner types, taking the example above for myfile.txt it's as follows:

  1. rw- - User owner type permissions. The User has read and write permission, but no execute permission.
  2. r-x - Group owner type permissions. The assigned Group has read and execute permissions, but no write persmission.
  3. r-- - Other owner type permissions. The Other owner type has only read permission.

The order of characters in each set is always read-write-execute.

The characters for each set can be:

  1. r - read permission.
  2. w - write permission.
  3. x - execute permission.
  4. - - explicitly defining no permission.

To exercise reading permission bits let's take the example of mydir illustrated again below.

drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir

Let's break it down:

  1. d - The first character, showing us that it's a directory.
  2. rwx - The next three characters define that the User owner type has read, write and execute permissions, in this case, the User owner type is george.
  3. rw- - The next three characters define Group permissions, and have read and write, but not execute permissions. In this case, the group is admins.
  4. r-- - The final three characters define Other permissions, and have read permissions only. In this case, all users who are not the owner of the directory and not assigned to the admins group can list out the contents of the directory.

Changing Owners

Changing the two explicit owners, User and Group, of the file or directory can be done with the command chown. The command takes the following format:

chown user:group file

If you want to change the Group owner of myfile.txt in the example above from admins to let's say authors you can execute the command like so:

chown george:authors myfile.txt

If you want to change the user, but not the group, execute the command like so:

chown daniel myfile.txt

There's another option if you want to change the owner of all files and directories recursively too, let's say to change the owner of mydir AND ALL its files and directories inside it RECURSIVELY, execute the the command like so:

chown -R daniel:authors mydir

Changing Permissions

To change a file or directory permissions is with the chmod command. This command can change each owner type permissions separately or combine all three together in one command.

This command can read the specified permissions in numeric or symbolic mode, I'll cover the symbolic mode as it is more readable and does the same thing as the numeric mode.

The owners for this command are defined as follows:

  1. u - user
  2. g - group
  3. o - other
  4. a - all three owner types

The permissions remain the same as what the ls command outputs, r, w, x for read, write, execute.

The chmod command has operators too (don't worry it'll make sense):

  1. + - add permission to the owner type.
  2. - - remove permission from the owner type.
  3. = - set and overwrite the permission on the owner type.

Ok, let's put it together, take a look at the permissions of myfile.txt below.

-rw-r-xr-- 1 daniel authors   12 Feb 22 10:00 myfile.txt

To change the user permissions we execute the chmod command as follows:

chmod u+rwx myfile.txt

This means that we added the +rwx (read, write, execute) permissions to the user owner type denoted with u.

Let's take away all the permissions from all the owner types in one go, note you have to be root in order to do this:

chmod a-rwx myfile.txt

If we list the file permissions again it would show no permissions on the file:

---------- 1 daniel authors   12 Feb 22 10:00 myfile.txt

Let's add back the permissions for each owner type one by one grouped by permission assignment:

chmod a+r myfile.txt
chmod ug+rw myfile.txt
chmod u+x myfile.txt

Run the ls -lA command after all three chmod executions to see how the permissions build up for each owner type.

  1. The 1st command adds the read permission for all owners. The permission bits will look like -r--r--r--.
  2. The 2nd command adds read and write permissions for user and group. It changes to -rw-rw-r--.
  3. The 3rd command adds execute permission for the user only. The final permission list will look like -rwx-rw-r--.

Conclusion

I hope you liked the article and understand better how Linux permissions work. For more information on the commands visit the following websites.

  1. man(ls) - Linux manual page for ls.
  2. man(chown) - Linux manual page for chown .
  3. man(chmod) - Linux manual page for chmod.

Also, don't forget to like and share this article. ๐Ÿ˜Š