File Permissions in Linux - snir1551/DevOps-Linux GitHub Wiki
File Permissions in Linux
Permissions control who can access files and directories in Linux, and what they are allowed to do with them. This is a critical part of Linux security and multi-user management.
The Three Levels of Access
Each file and directory in Linux has three sets of permissions:
- User (Owner) β The person who owns the file.
- Group β A group of users who share access rights.
- Others β All other users on the system.
For each level, there are three types of permissions:
| Symbol | Permission | Meaning |
|---|---|---|
r |
Read | Can view the contents of a file / list a directory. |
w |
Write | Can modify a file / create and delete files in a directory. |
x |
Execute | Can run a file (if executable) / enter a directory. |
Example of File Permissions
Letβs look at the output of ls -l:
-rwxr-xr--
| Section | Meaning |
|---|---|
- |
File type: - for regular file, d for directory. |
rwx (user) |
Owner can read, write, and execute. |
r-x (group) |
Group can read and execute. |
r-- (others) |
Others can only read. |
Numeric (Octal) Representation
Permissions can also be represented using octal numbers:
- r = 4
- w = 2
- x = 1
For example:
- -rwxr-xr-- = 754
Explanation:
-
Owner: rwx β 4+2+1 = 7
-
Group: r-x β 4+0+1 = 5
-
Others: r-- β 4+0+0 = 4
Common Permission Commands
| Command | Description |
|---|---|
chmod |
Change file permissions. |
chown |
Change file owner. |
chgrp |
Change file group. |
umask |
Set default permissions for new files. |
chmod Usage Examples
| Command | Effect |
|---|---|
chmod 755 myfile |
Set permissions: owner=rwx, group=rx, others=rx. |
chmod u+x myscript.sh |
Add execute permission for the user (owner). |
chmod g-w myfile |
Remove write permission from group. |
chmod o=r myfile |
Set others to read-only. |
Special Permissions
Linux also supports special permissions for specific use cases:
- Set-UID (s) β Run a file with the permissions of its owner.
- Set-GID (s) β Run a file with the groupβs permissions.
- Sticky Bit (t) β Restrict deletion of files in shared directories (like /tmp).
Example (with ls -l):
-rwsr-xr-x (Set-UID on a file)
drwxrwxrwt (Sticky bit on a directory)