Arghya's Blog

Deep Dive into Linux File Permissions

Deep Dive into Linux File Permissions

Ever wondered how linux file permissions actually work ? Well here is a taste.

Arghya Sahoo's photo
Arghya Sahoo
·

5 min read

Table of contents

People who are new to linux often find it hard to understand how Linux handles file permissions. Linux, undoubtedly has one of the most ingenious ways of handling access to different files. In this blog, I will try to clarify concepts regarding linux file permissions in an lucid fashion.

Spin up a linux terminal and enter ls -l. What does it show ? A long scary list right. The list most probably has 9 columns. The last column indicates the name of the file or directory. In this blog, we are only interested in the first column of the listing. Those are the file permissions. The permissions probably looks something like this: -rwxr-xr-x. This looks a bit obscure. Lets break it down.

A file permission has a total of 10 characters to it. It is comprised of characters like r, w, x, -, d, p, t etc. This 10 characters can be broken down into 4 different parts.

Part noNo. of Characters
11
23
33
43

file_perms.png

Owner Permissions

The 2nd part i.e, 2nd, 3rd and 4th character denotes the permissions for the owner of the file which is shown on the 3rd column of the output. The owner is, well you guessed it, the person who created the file. The 3 characters are for read, write and execute, denoted by r, w and x respectively. In most of the cases, the owner will have read and write permissions set for a regular file and all 3 of these permissions are set for an executable file. If any of them are not set, the respective character will be replaced by a -.

Group Permissions

The 3rd part i.e, 5th, 6th and 7th character denotes the permissions for the group that the file has been assigned to. It is shown in the 4th column of the output. A group consists of multiple users all of which have the same permissions to the file as set for the group. The 3 characters denote read, write and execute respectively and work the same way as the owner permissions.

Others Permissions

The 4th part i.e, 8th, 9th and 10th character denotes the permissions for all other users, i.e, anyone who wants to access the file who is not the owner nor the member of the group specified. The permissions work same way as the above two.

Special Permissions

The 1st part of the permission bit denotes special permissions. If the file is a directory?, a symbolic link?, a pipe? does the file has a sticky bit set, does it have a setuid? all these parameters affect the special bit in the permissions.

  • For a directory, it is set d.

  • If the file is a symbolic link then, it is set as l

  • If the file is a unix pipe it is set as p

  • If the file has a sticky bit set, then it is set as t

  • If the setuid bit is set, then it is set as s

What is rwx ?

Let's dig deeper into 'rwx'. As previously mentioned, these denote, read, write and execute respectively. But, do these actually work. Essentially r, w and x are just single bits that are set or unset based on the permission. If a file has only read permission for the owner, only the read bit is set, which mean a permission number of 400. Breaking it down gives, 100-000-000, i.e the read bit is only set for the file owner rest are 0. converting each triplet into decimal gives 100. Similarly if a file has read and write permissions for the owner and group it will have a permission of 660(110-110-000). A file with all permissions enabled for all users will be, 777(111-111-111). You can play around with this for a bit and find out all possible permission numbers. If everytime converting from bianry to decimal is tedious for you, there is a simple trick to remember the permissions.

Permission BitNumber
r4
w2
x1

perms_eg.png

Configuring File Permissions

In linux there is a command line utility called chmod which is used to change file mode bits, i.e change file permission. Let's walk through an example.

  1. Create a demo file

     touch demo.txt

  2. View its permissions

     ls -l demo.txt

  3. Revoke all permissions

     chmod 000 demo.txt

    Try to read or write to this file now, you will get an error Permission denied

  4. Grant read permission only to the owner

     chmod 400 demo.txt

    Now, you will be able to read the file, but cannot write to it.

  5. Grant rwx permission to all users other than owner and group

 chmod 007 demo.txt

In this mode, any user other than owner and group will be able to read, write and execute the file

Isn't this amazing? Tinker around with file permissions, try to modify permissions on existing files, Soon, you will find out how ingenious idea it is to manage file permissions on a system.

P.S: I briefly discussed about Special Permission bits here, there is a lot more to it. If you are interested, I recommend you go through this article.

I would love to hear your thoughts on this one.

Linuxfilesfile-permissionterminal commandlinux-commands