Understanding Linux permissions

Confused about Linux Permissions? You're not alone!

by Pete
Published: Updated: 13 minutes read

Linux permissions are a fundamental aspect of ensuring the security of your system. They dictate who can read, write, and execute files and directories. In this article, we’ll delve into the intricacies of Linux permissions and how to wield the powerful chmod and chown commands to manage them effectively.

Let’s get started

In the Linux realm, the control of file and folder permissions revolves around the notions of ownership—both the owner and group associated with a file or directory. Each of these entities—owner, group, and others—can have permissions defined, governing who is granted the ability to read, write, and execute these files or directories.

When navigating the Linux landscape, it’s imperative to grasp the various types of permissions that can be assigned to files and directories. These permissions essentially determine the access levels of different users to these resources.

User and Group Permissions

At the core of Linux permissions are the concepts of ownership. The owner holds the highest authority over a file or folder and can dictate permissions for both the group and others. The group ownership, on the other hand, influences the permissions of users who belong to that specific group. Permissions for others encompass all users who are neither the owner nor part of the group.

There are three primary permission types that can be configured for files and directories:

  1. Read permission: This permits a user to view the contents of a file or folder.
  2. Write permission: This allows a user to make alterations to the contents of a file or folder.
  3. Execute permission: This empowers a user to run a file as a program or script, or to access the contents of a directory.

Permissions can be assigned using either the octal notation system or the permissions field representation, achieved through the chmod command.

Understanding Octal Notation

Linux permissions can be succinctly represented using octal notation, comprising a three-digit numerical code that encodes read, write, and execute permissions for the owner, group, and others. Each digit in the octal notation signifies a combination of permissions.

Here’s the mapping of values to permissions:

  • 0: No permissions
  • 1: Execute permission only
  • 2: Write permission only
  • 3: Write and execute permissions
  • 4: Read permission only
  • 5: Read and execute permissions
  • 6: Read and write permissions
  • 7: Read, write, and execute permissions

For instance, to grant the owner read, write, and execute permissions, the group read and execute permissions, and deny all permissions to others, you would employ the octal notation “754.” The first digit “7” pertains to the owner’s permissions, the second digit “5” to the group’s permissions, and the third digit “4” to permissions for others.

It’s crucial to note that when using octal notation, you should employ leading zeroes if the number is less than four digits. For example, to provide the owner read and write permissions but disallow execute permissions, you would issue the command “chmod 600 myfile.txt.”

Although the octal notation method is a concise and efficient way of configuring permissions on files and directories, it may necessitate some familiarity before it feels like a swift and hassle-free method of managing permissions on your Linux system.

Understanding the field representation

When executing the “ls -l” command in Linux, you may encounter a series of letters and hyphens that might seem like gibberish at first glance. However, these characters are a condensed means of portraying the permissions for a file or directory.

Firstly, the initial character in the permissions field designates whether it’s a regular file (“-“), directory (“d”), symbolic link (“l”), or socket (“s”). It’s akin to a secret code, revealing the nature of the entity.

The ensuing nine characters are split into three sets of three characters each, representing permissions for the owner, group, and others. These characters are akin to an encrypted message, delineating who possesses the capacity to read, write, and execute the respective file or directory.

Every set of three characters encompasses:

  1. The first character denoting read permission, appearing as “r” if the user possesses read authorization, or “-” if access is denied.
  2. The second character designating write permission, represented by “w” if the user has write privileges, or “-” if such access is denied, much like a password to unlock a vault.
  3. The third character signifying execute permission, displayed as “x” if the user is allowed to execute, or “-” if this right is withheld, akin to a special handshake for identification.

For example, “drwxr-xr-x” signifies a directory (the initial “d”), with the owner granted read, write, and execute permissions (“rwx”), the group having read and execute permissions (“r-x”), and others enjoying read and execute access (“r-x”).

In the permissions field, the “-” is employed to signify the absence of a specific permission. Thus, if the permissions field is “-rw-r–r–,” it suggests a regular file, with the owner possessing read and write permissions, while the group and others only have read access.

Octals and field representation

The octal notation system offers a concise approach to portraying file permissions through a three-digit number, where each digit embodies permissions for the owner, group, and others, respectively.

The field representation in the “ls -l” command is an abbreviated method of displaying file permissions through a sequence of letters and hyphens. It effectively showcases the permissions for the owner, group, and others in a precise order.

Every digit within the octal notation corresponds to a value between 0 and 7, with 0, 1, 2, 4, and 7 being the most frequently used values. The octal notation is inherently linked to the permissions delineated in the permissions field representation.

To illustrate, a value of 7 in the octal notation translates to “rwx” in the permissions field representation, while a value of 6 corresponds to “rw-“, and a value of 5 matches with “r-x,” and so forth.

To convert the permissions field representation to octal notation, you can sum the values of permissions: “r” is worth 4, “w” equals 2, and “x” amounts to 1. Therefore, “rwx” corresponds to 7, “rw-” equals 6, “r-x” matches with 5, and so on.

Changing Permissions using chmod

The versatile chmod command can be employed using both the octal notation system and the permissions field representation.

For example, to provide the owner with read, write, and execute permissions, grant the group read and execute permissions, and revoke all permissions from others, you can apply the octal notation method, issuing “chmod 754 myfile.txt.”

Alternatively, the permissions field representation allows for a command such as “chmod u+rwx,g+rx,o-rwx myfile.txt” to yield the same results. In this case, the owner gains read, write, and execute permissions, the group acquires read and execute permissions, and permissions for others are entirely withdrawn.

The chmod command also permits the addition or subtraction of permissions using the “+” or “-” operators, with “u” signifying the owner, “g” for the group, and “o” for others.

For instance, to add execute permissions to a file for all user categories, simply execute “chmod +x myfile.txt.” This command bestows execute privileges upon the owner, group, and others.

What about the executable permission?

The “execute” permission, represented by “+x,” serves as the key to unlock certain capabilities. It empowers a user to run a file as a program or script, as well as enter a directory to access its contents.

Consider the example of having a script named “myscript.sh” that you wish to run like a pro. To achieve this, you need to grant it execute permission through the “chmod +x myscript.sh” command. Voilà! Your script is now ready for execution.

Without execute permission, it’s akin to attempting entry into an exclusive VIP event without the appropriate pass, resulting in an “Access Denied” message. This analogy holds true for directories as well; they act as enigmatic clubs, and execute permission is the secret knock required for entry.

Crucially, execute permission is contingent on the presence of read permission. You cannot execute a file if you’re unable to read its contents, similar to attempting to solve a riddle without access to all the clues.

Putting it all together

Let’s consolidate our understanding with some practical examples of altering file and folder permissions.

chmod 700 myfile.txt

To give the owner and group of a file full permissions, and give others only read permission, you would use the octal notation method:

chmod 750 myfile.txt

To add execute permission to a file for the owner, group, and others you would use:

chmod +x myfile.txt

To remove write permission for the group on a file you would use:

chmod g-w myfile.txt

To give the owner, group and others execute permission and read permission on a file you would use:

chmod 755 myfile.txt

To give the owner of a file full permissions (read, write, and execute) and give the group and others only execute permission, you would use the octal notation method:

chmod 711 myfile.txt

To give the owner and group of a file read and write permissions, and give others no permissions at all, you would use the octal notation method:

chmod 640 myfile.txt

To add read and execute permission for the group and others on a file you would use:

chmod +rx myfile.txt

To rescind execute permission from the owner for a directory, execute:

chmod u-x mydir

To extend read and write permissions to both the owner and group for a file, while permitting others only execute access, the octal notation method proves valuable:

chmod 751 myfile.txt

To alter the user ownership of a folder named “myfolder” to “john” and group “admin,” employ the command:

sudo chown john:admin myfolder

It’s worth noting that numeric IDs can be employed for a user and group, rather than their names, within the chown command. For example, to switch the ownership of a folder to a user with ID 1000 and group with ID 1001, execute:

sudo chown 1000:1001 myfolder


In Conclusion

Linux permissions are an indispensable aspect of your operating system’s security infrastructure, dictating who can read, write, and execute files and directories. Empowering you to assert control, the chmod command is your ally in configuring permissions, while the chown command enables alterations to the ownership of files and directories. Understanding these intricacies fortifies the security of your Linux system, shielding it from unauthorized intrusions.

Admittedly, grasping Linux permissions can be a challenging endeavor. If you find yourself in need of assistance, don’t hesitate to explore a chmod calculator, like the one available at https://chmod-calculator.com/. Such tools can simplify the learning process, making you more proficient with Linux permissions over time.