File and directory permissions for Linux series

foreword

We know that root the user can basically do anything in the system. Other users have more restrictions and are usually collected into groups. You put users with similar needs into a group that is granted the relevant permissions, and each member inherits the group's permissions.

Let's take a look:

• Checking permissions
• Changing permissions
• Default permissions
• Special permissions

Granted permission

There are three levels of permissions, which are:

• r : read permission.
• w : Write permission.
• x : Execute permission.

When a file is created, usually the user who created it is its owner, and the owning group is the user's current group. We can transfer the ownership of the file to a different user by using the chown command.

 chown gps /tmp/file.txt

Here, we give the user gps file.txt in the /tmp directory.

We can also transfer ownership of files from one group to another using the chgrp command to do so.

 chgrp cloudadmins newIDS

Suppose we have an application named newIDS , here we give the ownership of the group to the newIDS cloudadmins group of ---d1e4344b57a0e61da60f05b8e57f3183---.

View permissions

 ls -l

The ls command with the -l (long) switch will display the contents of the directory, including permissions. Let's break this down a little further.

 drwxr-xr-x 2 azureuser azureuser 4096 Feb 14 22:31 Videos

The first character indicates the file type, in this case d , which means it is a directory. This character can be:

• (-) Regular files.
• (d) Table of Contents.
• (c) Special characters.
• (b) Special blocks.
• (p) fifo (command pipe).
• (l) Symbolic links.
• (s) Sockets.

Typically, you'll see d , - , l . In this article we will focus on - and d . A symbolic link is somewhat similar to a file link.

Then we can see:

 rwxr-xr-x

There are 9 characters in total, the first three represent the permissions of the user; the middle three represent the permissions of the group; the last three represent the permissions of other users.

• In this example, the group user has rwx (read, write, execute) permissions.
• The group has r-x (read, not write, execute) permissions, - means that the corresponding permissions are not granted.
• Other users have r-x (read, not write, execute) permissions.

 2 azureuser azureuser 4096 Feb 14 22:31 Videos

The remaining columns include: number of links, user, size, date created, and name.

Permissions can be changed if necessary.

Change permissions

Only root user or the owner of the file can change permissions, we use the chmod command to handle it, and we can use decimal notation or UGO (User, Group, Other), let's First look at the decimal notation.

Change permissions using decimal notation

The table contains all possible permission combinations and their octal and binary representations.

If we want to represent all permissions for owner, group, other users, we can use

 777

In this example, each number is 7 , representing the permissions of the owner, group, and other users. In the table, we find that 7 in octal corresponds to rwx , that is, all (read, write, execute) permissions. So how should I use chmod ?

 chmod 777 sample.txt

This gives all permissions to the owner, all permissions to the group, and all permissions to all other users.

 chmod 700 sample.txt
chmod 774 sample.txt
chmod 755 sample.txt

• The first line will give the owner all permissions, the group no permissions, and other users no permissions.
• The second line will give all permissions to the owner, all permissions to the group, and read-only permissions to other users.
• The third line will give the owner all permissions, group read and execute permissions, and other users read and execute permissions.

Use UGO to change permissions

The numerical method for changing permissions is the most common, but we can still use the symbolic method: UGO(User, Group, Other).

• - Remove permissions.
• + Add permission.
• = Set permissions.

Let's remove write permissions for the user who has sample.txt .

 chmod u-w sample.txt

We can change multiple permissions at once.

 chmod u-rw sample.txt

 chmod u+rwx,o+rwx sample.txt

Default permissions

Linux automatically gives all files and directories default permissions. The default permissions for files are 666 and the default permissions for directories are 777 . By default, it cannot be executed immediately after downloading a file.

The default permissions can be changed using the umask (user file-creation mask) method. This method indicates the permissions you want to remove from the base permissions of a file or directory.

umask is a three-digit octal number, corresponding to three permission numbers. On most Debian systems, umask is set to 022. After it is subtracted by the number of permissions, it will get the new permission state.

Each user can set a personal default umask value for files and directories in their personal .profile file.

View the current value of umask :

 umask

special permissions

 set user ID (SUID)
set group ID (SGUID)
sticky bit

SUID

The SUID bit means that any user can execute the file with the owner's permissions, but those permissions do not extend beyond the scope of using the file. To change this bit, you would change the first value after chmod to 4, usually you only use 3 digits, because the first digit is defaulted to 0. If you see a s instead of x in the owner permissions of a file, that means the SUID bit is set.

 chmod 4644 sample.txt

SGID

SGID assigns group ownership to files. Useful for shared group directories. You can apply SGIDs to directories and files.

With the SGID bit set on a file, someone without execute permission can execute the file if the owner belongs to a group that has execute permission on the file.

When the SGID bit is set on a directory, ownership of new files created in that directory belongs to the directory creator's group, not the file creator's group.

The SGID bit is represented as 2 before the regular authority. If you see a s instead of x in the group permissions of a file or directory, that means the SGID bit is set.

 chmod 2644 sample.txt

Sticky Bit

This permission is replaced by t in other users x . When you set the sticky bit on a directory, people can only delete files in that directory that belong to them. They can't delete files that belong to someone else, regardless of the combination of file permissions. You can only apply the sticky bit to directories. If you see a t in the other user's permissions on a directory instead of x , that means the sticky bit is set.

 chmod 1777 sample.txt

The sticky bit is ignored by modern Linux systems, but you should at least be familiar with the term.