Files and Directory Permissions in Linux

  • All files and directories in our account should be protected from or made accessible to others by modifying its access permission. This is because Linux supports multiple users.
  • The three types of permissions for a file or directory are r also called read, w also called write and x called to execute.
  • All the permissions (rwx) can be modified at three levels namely u means user, g means group and o means others.
  • The command ls -l is used to get all the permissions for a file or a directory.
  • The command chmod is used to modify permission.

linux-fundamental3

Here, the file xy has the permission -rw-r--r--. This means the first group (user) can perform read and write actions on it. The second group (group) and the third group (others) can only perform read operations.

Now if we want to modify the group read permission of the file xy, the command should be chmod g-r xy.

linux-fundamental4

To remove the read permissions for all groups for this file, the command should be chmod a-r xy.

linux-fundamental5

Let us now bring back the original permissions to the file xy (-rw-r--r--). To add permission to the user the command should be chmod u+r xy. To add permission to the group the command should be chmod g+r xy. To add permission to the other the command should be chmod o+r xy.

linux-fundamental6

Please note - We run the command ls -l <filename> to validate the permissions for a file.

Next, let us take a directory and remove its execute permission from it. The command should be chmod a-x directory name. To give back its execute permission, the command should be chmod a+x directory name.

Files Permissions Using Numerics in Linux

The permissions to a file can be assigned numerically. Every file has a user, group, and other access. The command should be chmod numeric value filename. The below image shows numbers to permission types:

linux-fundamental7

Now if we execute the command chmod 764 FILE. Its meaning is illustrated below as per the permissions number table above:

linux-fundamental8

Let us apply the number 764 to a file named sam. By default, the file has the -rw-r--r-- permissions. Then we shall remove all permissions. The command should be chmod 000 sam.

chmod 000 sam

linux-fundamental9

To add only execute permission for all users, the command should be chmod 111 sam.

chmod 111 sam

linux-fundamental10

File Ownership Commands in Linux

There are two owners of a file or directory. They are called the user and group. To change the file ownership, the commands chown and chgrp are used.

The chown command changes the ownership of a file. The chgrp command changes the group ownership of a file. While we run the ls - ltr command we get the details of the user and group owners of the file.

ls - ltr xy

linux-fundamental11

Here the user and group owners of the file are saby. To change the user ownership of the file xy to root, we have to login as a root user with the command su -. The command should be chown root xy.

To change the group ownership of the file xy to root, we have to login as a root user with the command su -. The command should be chgrp root xy.

Access Control List (ACL) in Linux

The access control list gives an extra, more customized permission technique for the files. It permits any user or group to any disc resource.

Sometimes we may need to give permissions to access a file to a user who is not a part of the group. The ACL allows a user to access a file without requiring to add the user to the group. Thus it makes the permissions more flexible in Linux.

The commands to provide and list ACL permissions are setfacl and getfacl.

The list of commands for setting up ACL are:

  • Adding permission for user - setfacl -m u:userid:permission /path of file.
  • Adding permission for group - setfacl -m u:group:permission /path of file.
  • Removing a specific entry - setfacl -x u:userid /path of file.( For a particular user).
  • Removing all entries - setfacl -b /absolute path of the file. ( For all users).
Please note: After adding ACL permissions to a file or directory, a + sign gets added at the end of the permission. Also, setting w permission with ACL does not allow us to delete a file.

linux-fundamental12

All the permissions for user, group, and others are listed. Also, the owner and group are populated. The command to be used is getfacl permission, where permission is the file name.

Now to set rw permission for the user. The command is setfacl -m u:saby:rw /home/saby/permission.

setfacl -m u:saby:rw /home/saby/permission

linux-fundamental13

The user:saby:rw is shown.

Now to set rw permission for the group give the below command,

setfacl -m g:saby:rw /home/saby/permission

linux-fundamental14

The group:saby:rw is shown.

To remove permission for the user. The command is setfacl -x u:saby /home/saby/permission.

setfacl -x u:saby /home/saby/permission

linux-fundamental15

The user saby is removed from permission.

To remove all the permissions, the command is setfacl -b /home/saby/permission.

linux-fundamental16

Changing Default File Permissions in Linux

We can change the default file permissions. The command umaskis used to set default permission of a newly created file/directory.

The default permission of a file is set as per the configuration set in the /etc/bashrc file. Run the command to get the contents of that file:

cat /etc/bashrc

linux-umask

To get default permissions for a newly created file called ss, run the commands:

touch ss
ls -ltr ss

linux-umask1

The permission is -rw-r--r--.

To change the default permission for another file called gs to --w--w--w-, run the commands:

umask u+w,u-r,g+w,g-r,o+w,o-r
touch gs
ls -ltr gs

linux-umask2

The permission is now --w--w--w-.

Once we log off from this terminal session, then the permission will again change to -rw-r--r--.

To set our permission permanently to --w--w--w-, we have to update the .bashrc file with the command:

vi .bashrc

Add the line:

umask u+w,u-r,g+w,g-r,o+w,o-r

Save and quit.

:wq!
About Author :

Myself Debomita Bhattacharjee, an IT employee with 6+ years of experience in Software industry. My area of interest is Automation testing and Front End Development.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions