Linux File Permissions for Web Developers
Being a web developer is inevitable to not come across with the Linux ecosystem. Either a web server needs to be configured or some other files need to be modified on a Linux server.
The Linux file permissions are the most fundamental feature of how the Linux file system works. So without further ado let's see how it actually works. I'll try to compact this information as much as possible below.
Linux uses Unix-like file permissions at its core, each file has owners and each owner has read/write/execute permissions.
A file or directory has users owning it, and can have three types of owners.
A user is the owner/creator of the file or directory. Simple as that.
A group can have multiple users assigned to it. Every file and directory has group permissions assigned, meaning that all those users who belong to the group will have the group permissions on a file or directory.
Other users who have access to a file, users who are not the owners nor belong to a group that's associated with the file.
Each file and directory have three permissions set for each owner type, so a total of nine permissions per file or directory. These permissions are:
If an owner type (User, Group, Other) has read permissions it means those users can read the contents of that file or list out the files in a directory.
The write permission lets owners modify or remove files, and add, remove or rename files in a directory.
In Linux the execute permission has a somewhat special meaning, every file that has the execute permission can be an executable (like a .exe in Windows or .dmg file in macOS).
In Linux to show a file or directory permissions, you need to execute the list command like so
lsis the list command, it lists files and directories
-lis the option to use the long format for listing (e.g. shows permissions)
-Ais the option to list almost all the contents, except . and ..
The output of this command will show something like:
drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir -rw-r-xr-- 1 george admins 12 Feb 22 10:00 myfile.txt
We're interested in the first 10 characters from each line, those represent the permissions.
The first character is a special permissions flag and it can be:
-- no special permissions.
l- symbolic link.
s- setuid/setgid permissions. 5
t- sticky bit permissions.
The following nine characters are three sets of three characters that specify the permissions for the three owner types, taking the example above for
myfile.txt it's as follows:
rw-- User owner type permissions. The User has read and write permission, but no execute permission.
r-x- Group owner type permissions. The assigned Group has read and execute permissions, but no write persmission.
r--- Other owner type permissions. The Other owner type has only read permission.
The order of characters in each set is always read-write-execute.
The characters for each set can be:
r- read permission.
w- write permission.
x- execute permission.
-- explicitly defining no permission.
To exercise reading permission bits let's take the example of
mydir illustrated again below.
drwxrw-r-- 2 george admins 4096 Feb 22 09:48 mydir
Let's break it down:
d- The first character, showing us that it's a directory.
rwx- The next three characters define that the User owner type has read, write and execute permissions, in this case, the User owner type is
rw-- The next three characters define Group permissions, and have read and write, but not execute permissions. In this case, the group is
r--- The final three characters define Other permissions, and have read permissions only. In this case, all users who are not the owner of the directory and not assigned to the
adminsgroup can list out the contents of the directory.
Changing the two explicit owners, User and Group, of the file or directory can be done with the command
chown. The command takes the following format:
chown user:group file
If you want to change the Group owner of
myfile.txt in the example above from
admins to let's say
authors you can execute the command like so:
chown george:authors myfile.txt
If you want to change the user, but not the group, execute the command like so:
chown daniel myfile.txt
There's another option if you want to change the owner of all files and directories recursively too, let's say to change the owner of
mydir AND ALL its files and directories inside it RECURSIVELY, execute the the command like so:
chown -R daniel:authors mydir
To change a file or directory permissions is with the
chmod command. This command can change each owner type permissions separately or combine all three together in one command.
This command can read the specified permissions in numeric or symbolic mode, I'll cover the symbolic mode as it is more readable and does the same thing as the numeric mode.
The owners for this command are defined as follows:
a- all three owner types
The permissions remain the same as what the
ls command outputs,
x for read, write, execute.
chmod command has operators too (don't worry it'll make sense):
+- add permission to the owner type.
-- remove permission from the owner type.
=- set and overwrite the permission on the owner type.
Ok, let's put it together, take a look at the permissions of
-rw-r-xr-- 1 daniel authors 12 Feb 22 10:00 myfile.txt
To change the user permissions we execute the
chmod command as follows:
chmod u+rwx myfile.txt
This means that we added the
+rwx (read, write, execute) permissions to the user owner type denoted with
Let's take away all the permissions from all the owner types in one go, note you have to be
root in order to do this:
chmod a-rwx myfile.txt
If we list the file permissions again it would show no permissions on the file:
---------- 1 daniel authors 12 Feb 22 10:00 myfile.txt
Let's add back the permissions for each owner type one by one grouped by permission assignment:
chmod a+r myfile.txt chmod ug+rw myfile.txt chmod u+x myfile.txt
ls -lA command after all three
chmod executions to see how the permissions build up for each owner type.
- The 1st command adds the read permission for all owners. The permission bits will look like
- The 2nd command adds read and write permissions for user and group. It changes to
- The 3rd command adds execute permission for the user only. The final permission list will look like
I hope you liked the article and understand better how Linux permissions work. For more information on the commands visit the following websites.
- man(ls) - Linux manual page for
- man(chown) - Linux manual page for
- man(chmod) - Linux manual page for
Also, don't forget to like and share this article. 😊