Understanding Permissions
Linux file permissions control who can read, write, and execute files. Understanding permissions is crucial for security and system administration.
Why Permissions Matter
Permissions:
- Protect sensitive files from unauthorized access
- Prevent accidental modifications
- Control program execution
- Enable multi-user systems to work safely
The Permission String
When you run ls -l, you see permissions:
-rw-r--r-- 1 user group 4096 Jan 7 10:00 file.txt
The first 10 characters are the permission string:
-rw-r--r--
│└┬┘└┬┘└┬┘
│ │ │ └── Others (everyone else)
│ │ └── Group (group members)
│ └── User/Owner (file owner)
└── File type (- = file, d = directory)
Permission Types
| Symbol | Permission | For Files | For Directories |
|---|---|---|---|
r | Read | View contents | List contents |
w | Write | Modify file | Create/delete files |
x | Execute | Run as program | Enter directory |
- | None | Denied | Denied |
User Categories
| Category | Description |
|---|---|
| User (u) | The file owner |
| Group (g) | Members of the file's group |
| Others (o) | Everyone else |
Reading Permission Strings
Examples:
| Permission | Meaning |
|---|---|
-rwxr-xr-x | Owner: all, Group/Others: read+execute |
-rw-r--r-- | Owner: read+write, Group/Others: read only |
drwxr-xr-x | Directory with typical permissions |
-rwx------ | Only owner can access |
-rw-rw-r-- | Owner and group can write |
Numeric (Octal) Permissions
Permissions can be expressed as numbers:
| Permission | Number |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
| None (-) | 0 |
Add them up for each category:
| Combo | Value | Meaning |
|---|---|---|
| rwx | 7 | Full access |
| rw- | 6 | Read and write |
| r-x | 5 | Read and execute |
| r-- | 4 | Read only |
| --- | 0 | No access |
Common numeric permissions:
| Number | Permission | Use Case |
|---|---|---|
| 755 | rwxr-xr-x | Directories, scripts |
| 644 | rw-r--r-- | Regular files |
| 700 | rwx------ | Private directories |
| 600 | rw------- | Private files |
Exercise: Read Permissions
Look at file permissions and understand what they mean:
Special Permissions
Beyond basic permissions, there are special ones:
| Permission | Symbol | Effect |
|---|---|---|
| Setuid | s (user x) | Run as file owner |
| Setgid | s (group x) | Run as group owner |
| Sticky | t (other x) | Only owner can delete |
You'll see these in system files:
ls -l /usr/bin/passwd
# -rwsr-xr-x (the 's' is setuid)
Key Takeaways
- Permissions have three categories: user, group, others
- Three types: read (r), write (w), execute (x)
- Numeric format: r=4, w=2, x=1
- Common: 755 for directories, 644 for files
- Permissions are essential for security