Understanding Linux File permissions
When working with servers most of the time you will work with linux servers (Ubuntu, Debian, etc.).
In order to change, view or create files you need the right permissions. To get a basic understanding of what that means, I will tell you how to view, read and interpret these file permissions.
Viewing Permissions
An easy way to view permissions for files inside a folder you can use the ls command with the o or l flag like so:
ls -o
#or
ls -lMove to a directory that has files in it and type the above command into your terminal. It will generate multiple lines of output that look similar to this:
# permissions hard links user group of user file size change date file/folder name
drwxrwxr-x 9 toscani toscani 288 11 Nov 09:07 publicThe important part are the first ten letters drwxrwxr-x. They describe the permissions. These characters are broken down into four groups.
- The first letter, in this case
d - Letters two to four
rwx - Letters five to seven
rwx - and finally eight to ten
r-x
Group one states if the entry describes a file -, a directory d or a link l. The other three groups describe the permissions each type of user has. On Linux we distinguish between the user, the group and others - in this order. Hence drwxrwxr-x means:
- It is a directory which can be
- read, written and executed by the user
- read, written and executed by the group the user is in
- read and executed by the others
You are maybe wondering what “executing a directory” means. It basically lets the you open that directory. “Reading a directory” on the other hand means “to be able to see” the directory, e.g. being able to list it with the
lscommand.
Changing permissions
Now that you know how to view file permissions, I will tell you how to change them. For this we use the chmod (change mode) command. There are two different methods for this. The symbolic method and the absolute method.
If you have ever seen the
chmodcommand in a tutorial before the symbolic method is the one with the letters, the absolute method is the one with the numbers ;).
Symbolic method
The symbolic method combines an access class with an operator and an access type to set permissions. A common example is to make a file executable for everybody:
chmod a+x my_file.sh
# or, as `a` is the default
chmod +x my_file.shAccess classOperatorAccess Typeu, user+, to add accessr, readg, group-, remove accessw, writeo, other=, set exact accessx, executea, all
These parameters can be combined in many different ways. Although I can´t tell you what the right configuration for a specific use case is, the following examples might help you to find that out yourself.
ualways means the current user andgalways refers to the group the current user is in.
# remove read and write permissions for all except you
chmod go-rw my_file.sh# set access to only read for everybody
chmod a=r myfile.sh# remove write access from and add execution rights for the group
chmod g-w+x myfile.sh# grant read permission for a directory and all files in it to all
# -R is used as a flag, not as a parameter to describe the permissions
chmod -R +r mydir
Absolute method
In contrast to the symbolic method, the absolute method sets all permissions at once by using a three digit number. Each of the digits is the sum of it´s individual permissions. Let´s use the following example:
chmod 774 myfile.sh| Permission | Number |
|--- |--- |
| 4 | read |
| 2 | write |
| 1 | execute |
| 0 | no permissions |Combinations
PermissionNumber 7read, write and execute (4 + 2 + 1) 6 read and write (4 + 2) 5read and execute (4 + 1)3execute and write (1 + 2)
The first number represents the user, the second the group and the last represents others. Hence, the example above sets the following permissions:
- read, write and execute for the user
- read, write and execute for the group
- read for others
Now you know how to read and change file and directory permissions on linux. If you need further information just consult the man page by typing man chmod into the command line.
If you have questions or feedback, please leave a comment :).