File Permissions, and Ownership

Published on August 9, 2022 at 6:03 pm by LEW

Introduction

One of the most important, and arguably one of the least understood by newcomers and average users, features of Unix/Linux is file permissions and ownership. Basically Linux/Unix systems have two related sets of file parameters. One is ownership at the user and group levels. The other is access permissions based on owner/group. These are set to defaults at creation, or can be set using the chmod/chown commands.

Since I am talking about basic access, I am not going into sticky bits, or setuid/groupid in this post. They are out of scope and subjects for the future.

We will be using the chmod/chown command to explore ownership and permissions in this post. I will also be doing posts on the individual commands at some point.

Viewing File Ownership and Permissions

Go ahead and log into your Linux/Unix system. At this point you should be in your home directory. To look at file ownership and permissions use the following command.

ls -al

Basically ls stands for list. The “a” option stands for all files, and the “l” option stands for long list format. This will list all files in your home directory. For more information on the ls command, see this post.

Lets take a look at the first couple of lines. They may initially appear as gobbledygook, but they are not to hard to decipher.

drwx------ 12 user user  4096 Aug  9  2022 .
drwxr-xr-x 3 root root   4096 Jul 16 18:24 ..
-rw------- 1 user user   3794 Aug  5 13:33 .bash_history

The ls -al Output Deciphered

The first ten spaces are what I refer to as the permission matrix (technically the first position is not a permission). This matrix is broken down as follows.

• Position 1 tells us if the file is a directory or not, d for directory and – for file.
• Positions 2 to 4 gives us the owners permissions, r for read, w for write, and x for executable.
• Positions 5 to 7 give us the group permissions, with the same letters as above.
• Positions 8 to 10 give us everyone else’s permissions.

The next bit of information provided is the number of hard links. This is out of scope for the subject of this post.

Following hard links, two pieces of information are provided, the owner and the group. If you are not the owner or part of the group, you are part of other (every one else), and we do not need an additional column to tell us that.

We then have the file size as the next piece of information. This is in bytes. If we would have used the h option (human readable, ls -alh), we would get the file size in Kilobytes, Megabytes, or Gigabytes.

Next comes last modified date. This should be self explanatory, aka the last time the file was modified.

Finally we have the file name, or file link. A quick bit of explanation for the few items shown above. The “.” represents the current directory, so of course the user owns it. The “..” represents the next higher directory, which usually belongs to root. The “.bash_history” file is a hidden file in Linux because it starts with a “.”, and will not show up without using the “a” option.

The chmod “a” Owner

In the above example, we have three classes of ownership; owner, group, and other. In the chmod command there is an additional owner that is purely for convenience when using the chmod command. That is the owner “a” (all). This changes all owner categories at once (as we will see latter). It is purely within chmod and not an actual file ownership parameter.

File Permissions and Groups

As we can see in the above example, each owner can have three permissions. Each permission also has a numeric value. They are execute (1), write (2), and read (4).

Two of the owner categories should not require extensive explanation, user and other. The group owner requires a little more explanation.

A group is basically a group of users. It is a method to allow only a select group of users to access a specific file. For example, lets say you are managing Project X, and only project members of the team should have access to project files. You would create the group Project_X, and assign project members to this group. Then you would change the group owner (see below) and add “group” permissions to the project folder, and remove “other” permissions.

If you want to see existing groups, you can use the following command to show the contents of the group file in the /etc directory.

cat /etc/group

This file is organized by line, with major entries separated by a colon, and group members separated by commas. For example.

video:x:44:user1,user2

This is the video group. The “x” represents the password field (for security it is always just an “x”). Next is the group ID, followed by all users in the group.

Changing Owner/Group

This is done with the chown command (short for change owner). The form of the command is as follows.

chown [options] [user]:[group] file name

You can use the groupadd command to add new groups, and the usermod command to add users to an existing group.

You can find what groups you belong to by typing “groups” at the command prompt. The output will be a list of all the groups you belong too.

Changing Permissions

Changing permissions is done with the chmod command. It has the following form.

chmod [options] [modes] file

There are different modes that can be used with this command. The shortest is using three numbers (owner group other) between 0 and 7. These are basically adding up the numeric values for read, write, and execute.

• 0 No permission      ---
• 1 execute            --x
• 2 write              -w-
• 3 execute/write      -wx
• 4 read               r--
• 5 execute/read       r-x
• 6 write/read         rw-
• 7 execute/write read rwx

So when we execute a command like chmod 755 file.txt, we are setting the user to execute/write/read, the group to execute/read, and everyone else to execute/read for file.txt.

We can also use letters and a bit of math symbology to set file permissions with chmod. We already know x, w, r permissions. Now we need u (user), g (group), o (other), and a (all).

Now we can write chmod a=rw files.txt to set everyone to read/write permissions. If we want the user to be able to execute the file, we would use chmod u+x files.txt. This will add execute permission to the file owner.

Depending on the situation, the text alternative can be somewhat quicker than figuring out the numbers.

Here is a reverse example. If you are setting up a web server, you might need to set the permissions of files in the directory to 664. This works out to user read/write (4 + 2), group read/write (4 + 2), and other just read (4).

Conclusion

In this post we have taken a look at permissions and ownership for files/folders in Linux/Unix operating systems. An important point to remember is that eve5rything is a file in Linux/Unix, so everything has permissions and owners.

This has been a general overview, and as started above I have not delved into sticky-bits or setuid/setgid.  These are subjects for a future post.

[…] a previous post we talked about ownership and file permissions. In this post we will discuss setuid (set user id) […]

Add New Comment

Your email address will not be published. Required fields are marked *