Understanding File Permissions

Overview

Linux permissions control who can read, write, or execute files. Every file has permissions for three groups: the owner, the group, and everyone else. Understanding permissions is crucial for security and system administration.

Reading Permissions

Viewing Permissions

ls -l filename

Shows detailed file information including permissions.

Example Output:
-rw-r--r-- 1 user group 1024 Jan 15 10:30 file.txt
Let's break this down...

Understanding Permission Strings

-rw-r--r--
Position Characters Meaning
1st character - File type (- = file, d = directory)
Next 3 (rw-) rw- Owner permissions (read, write)
Next 3 (r--) r-- Group permissions (read only)
Last 3 (r--) r-- Everyone else (read only)

Permission Types

  • r (read) = 4 - View file contents or list directory
  • w (write) = 2 - Modify file or add/remove files in directory
  • x (execute) = 1 - Run file as program or enter directory
  • - = 0 - No permission

Changing Permissions

Using chmod (Numeric Method)

chmod 755 filename

Changes permissions using numbers. Add up the values for each group:

Common Permission Codes:
755 = rwxr-xr-x (owner: all, group/others: read+execute)
644 = rw-r--r-- (owner: read+write, others: read only)
600 = rw------- (owner: read+write, no one else)
777 = rwxrwxrwx (everyone: all permissions) !DANGEROUS!
Calculate: r(4) + w(2) + x(1) for each group

Using chmod (Symbolic Method)

chmod u+x filename

Changes permissions using symbols:

  • u = user (owner), g = group, o = others, a = all
  • + = add permission, - = remove permission, = = set exactly
Examples:
chmod u+x script.sh - Add execute for owner
chmod g-w file.txt - Remove write for group
chmod a+r file.txt - Add read for everyone

Changing Ownership

sudo chown user:group filename

Changes who owns the file and what group it belongs to.

Examples:
sudo chown john file.txt - Change owner to john
sudo chown john:developers file.txt - Change owner and group
sudo chown :staff file.txt - Change group only

Changing Group Only

sudo chgrp groupname filename

Changes just the group ownership of a file.

Security Best Practices

  • Never use 777: Gives everyone full access - major security risk!
  • Scripts need execute: Use chmod +x to make scripts runnable
  • Sensitive files: Use 600 (owner only) for private files
  • Web files: Typically 644 for files, 755 for directories
  • Check before changing: Use ls -l to see current permissions first

Practice Levels

Level 1: View File Permissions Level 2: Make Script Executable Level 3: Set Numeric Permissions Level 4: Change File Owner