Deep Dive into Linux File Permissions
Ever wondered how linux file permissions actually work ? Well here is a taste.
People who are new to linux often find it hard to understand how Linux handles file permissions. Linux, undoubtedly has one of the most ingenious ways of handling access to different files. In this blog, I will try to clarify concepts regarding linux file permissions in an lucid fashion.
Spin up a linux terminal and enter ls -l
. What does it show ? A long scary list right. The list most probably has 9 columns. The last column indicates the name of the file or directory. In this blog, we are only interested in the first column of the listing. Those are the file permissions. The permissions probably looks something like this: -rwxr-xr-x
. This looks a bit obscure. Lets break it down.
A file permission has a total of 10 characters to it. It is comprised of characters like r, w, x, -, d, p, t etc. This 10 characters can be broken down into 4 different parts.
Part no | No. of Characters |
1 | 1 |
2 | 3 |
3 | 3 |
4 | 3 |
Owner Permissions
The 2nd part i.e, 2nd, 3rd and 4th character denotes the permissions for the owner of the file which is shown on the 3rd column of the output. The owner is, well you guessed it, the person who created the file. The 3 characters are for read, write and execute, denoted by r, w and x respectively. In most of the cases, the owner will have read and write permissions set for a regular file and all 3 of these permissions are set for an executable file. If any of them are not set, the respective character will be replaced by a -.
Group Permissions
The 3rd part i.e, 5th, 6th and 7th character denotes the permissions for the group that the file has been assigned to. It is shown in the 4th column of the output. A group consists of multiple users all of which have the same permissions to the file as set for the group. The 3 characters denote read, write and execute respectively and work the same way as the owner permissions.
Others Permissions
The 4th part i.e, 8th, 9th and 10th character denotes the permissions for all other users, i.e, anyone who wants to access the file who is not the owner nor the member of the group specified. The permissions work same way as the above two.
Special Permissions
The 1st part of the permission bit denotes special permissions. If the file is a directory?, a symbolic link?, a pipe? does the file has a sticky bit set, does it have a setuid? all these parameters affect the special bit in the permissions.
For a directory, it is set d.
If the file is a symbolic link then, it is set as l
If the file is a unix pipe it is set as p
If the file has a sticky bit set, then it is set as t
If the setuid bit is set, then it is set as s
What is rwx ?
Let's dig deeper into 'rwx'. As previously mentioned, these denote, read, write and execute respectively. But, do these actually work. Essentially r, w and x are just single bits that are set or unset based on the permission. If a file has only read permission for the owner, only the read bit is set, which mean a permission number of 400. Breaking it down gives, 100-000-000
, i.e the read bit is only set for the file owner rest are 0. converting each triplet into decimal gives 100. Similarly if a file has read and write permissions for the owner and group it will have a permission of 660(110-110-000
). A file with all permissions enabled for all users will be, 777(111-111-111
). You can play around with this for a bit and find out all possible permission numbers. If everytime converting from bianry to decimal is tedious for you, there is a simple trick to remember the permissions.
Permission Bit | Number |
r | 4 |
w | 2 |
x | 1 |
Configuring File Permissions
In linux there is a command line utility called chmod
which is used to change file mode bits, i.e change file permission. Let's walk through an example.
Create a demo file
touch demo.txt
View its permissions
ls -l demo.txt
Revoke all permissions
chmod 000 demo.txt
Try to read or write to this file now, you will get an error
Permission denied
Grant read permission only to the owner
chmod 400 demo.txt
Now, you will be able to read the file, but cannot write to it.
Grant rwx permission to all users other than owner and group
chmod 007 demo.txt
In this mode, any user other than owner and group will be able to read, write and execute the file
Isn't this amazing? Tinker around with file permissions, try to modify permissions on existing files, Soon, you will find out how ingenious idea it is to manage file permissions on a system.
P.S: I briefly discussed about Special Permission bits here, there is a lot more to it. If you are interested, I recommend you go through this article.
I would love to hear your thoughts on this one.