In this article, we explain file permissions in Linux and one of the basic Linux commands for beginners, i.e. the
chmod command used for this purpose, with its most frequently used command options.
What is Linux?
Linux is a family of open-source operating systems based on the Linux kernel. The first Linux system kernel was released on September 17, 1991, by Linus Torvalds.
Popular Linux distributions include Debian, Fedora, and Ubuntu, and the commercial distributions include Red Hat Enterprise Linux and SUSE Linux Enterprise Server.
There are also quite a number of customized Linux distributions, such as Kali Linux, REMnux etc. Kali Linux is a Debian-based distribution developed, funded and maintained by Offensive Security for ethical hackers for the purposes of Penetration Testing, Security Research & Assessment, and Computer Computer Forensics & Reverse Engineering. REMnux, on the other hand, is a Linux distro curated for reverse-engineering and malware analysis purposes.
The quiter you become, the more you are able to hear…Rumi
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
File Permissions in Linux
In Linux, the behavior of a file is set or controlled by two mechanisms: file ownership and file permissions. The ownership of files or directories is normally based on the default
uid (User ID)
gid (Group ID) of the the user who created them.
Regarding the permissions, Linux provides granular controls to manage file and directory permissions. Essentially, there are three types of rights that can be assigned to the users:
- read (denoted by r)
- write (denoted by w)
- execute (denoted by x)
Meaning of read, write and execute permissions for files are self-explanatory. However, they have slightly different semantics when applied to directories:
- read: Names of the entires in the directory can be read.
- write: Entries in the directory can be modified.
- execute: Metadata for the entries in the directory can be read and the contents of the entries can be accessed.
In addition to these three essential rights, executables can be assigned setuid and setgid flags (denoted by s instead of x) and directories can be assigned sticky bit flags (denoted by t instead of x). To keep our post on file and directory permissions short and simple for the beginners, these higher level permissions are discussed in a separate article: Special Permissions (SetUID, SetGID and Sticky Bit) in Linux.
Each file or directory can be assigned these read, write, and execute permissions for three categories of users:
- The user (denoted by u): Permissions for the file owner of the file or directory.
- The group (denoted by g): Permissions for the members of the group owning the file or directory.
- The others (denoted by o): Permissions for all the other users.
When a file or directory is created, a default set of permissions (
755 for directories,
644 for the files) are assigned for its users. If preferred, these default permissions can be changed by the
umask command. Default file and directory permissions for the default
umask value of
022 are listed below:
Default Directory Permissions (
777 - 022 = 755)
- User: read, write, execute (
- Group: read, execute (
- Others: read, execute (
Default File Permissions (
666 - 022 = 644)
- User: read, write (
- Group: read (
- Others: read (
Viewing File Permissions
To list file and directory permissions,
ls command in the long listing format (
ls -l) command should be used. Figure 1 shows the output of the
ls -la command for the files inside a directory.
$ ls -la
On each line, the first character identifies the type of the entry that is being listed. Dash (
-) indicates a file, the letter
d denotes a directory and the letter
l represents a link. Each of the following three characters show permissions for the owner (user), group and others, respectively. File permissions for the
my-script.sh file is described below in more detail in Figure 2.
Modifying File Permissions with the
chmod Command – Change Mode Bits
Change file permissions by defining mode bits. Basic usage:
chmod [MODE][,MODE] ... FILE ...
In Linux, file and directory permissions can be modified in two different ways using the
chmod command: with symbolic format or with numeric format.
The format of a symbolic mode is
[ugoa][[-+=][PERMS ...]] A combination of letters
[ugoa] defines which users’ permissions will be changed and the letters
rwx select file mode bits for the affected users.
A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. The first digit is used to set the setuid, setgid, and sticky bit flags and it is optional and can be omitted. The second digit selects permissions for the user who owns it, the third digit selects permissions for the users in the file’s group, and the fourth digits selects permissions for the other users not in the file’s group. The digits that can be used and their permissions are described in Figure 3.
Note that, the numeric format allows only setting at once all the rights (privileges) for all the user categories, as compared to the flexibility provided by the symbolic notation that allows adding or removing specific rights for only the chosen user categories.
To give read, write and execute permissions to all the users:
$ chmod u=rwx,g=rwx,o=rwx filename
$ chmod a=rwx filename
$ chmod 777 filename
To give read, write and execute permissions to the user (owner of the file), read permission to the group owning the file and no permissions to all other users:
$ chmod u=rwx,g=r,o= filename
$ chmod 740 filename
To add execute permission the group owning the file:
$ chmod g+x filename
$ chmod 654 filename
To remove execute permission from the group owning the file:
$ chmod g-x filename
$ chmod 644 filename
To explore more
chmod command options, please visit the man pages by typing
$ man chmod on the terminal.
To learn more on Linux, you could also visit our Linux Resources Page.