Linux_Permissions_For_Devops

  ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ Linux permissions

What you will Learn:

  • Remove users

  • Permission groups

  • Permission types

  • Practical example of permisions

  • Permission sequence

  • change permission​​ mode (chmod)

  • Set the directory permission

  • chmod​​ using octal code

  • change ownership (chown)

  • change group (chgrp)

Remove users

Before we delete testuser2, notice below that there is an entry for this user in passwd and shadow files

We use ‘userdel <username>’ command to delete a user​​ 

As can be seen below, testuser2 no more exists in passwd and shadow files

Permission groups

There are 3 permission groups​​ :
a) owner – denoted by ‘o’

b) group – denoted by ‘g’

c) all​​ or others​​ – denoted by ‘a’

Permission types

There are 3 permission types​​ :
a) read​​ – denoted by ‘r’

b) write​​ – denoted by ‘w’

c) execute​​ – denoted by ‘x’

Practical example of permisions

Let us logout from root user and create a new file

We then execute the ‘ls -l’ command, see below

Permission sequence

rwx​​ is the permission sequence, see below

Above signifies that ‘owner’ has read and write permission, ‘group’ has read and write permission, others have only read permission. None of them have execute permission.

The leftmost bit - represents the special permission

change permission​​ mode (chmod)

Let us consider the​​ below file

We can give execute permission to owner (or user) by executing below command

Now if you see below, the user or owner has execute permissions

Similarly we can grant execute permission to group

Grant execute permission to others

To delete or modify a file, you need to have write (w) permission.

To read the file contents​​ (using cat command for example), you need to have read (r) permission.

To understand execute permission, let us create a shell script

Let us edit this file using ‘vi’ editor

Hit Enter, the editor window opens

Press key ‘i’ to insert the text.

Type the below 2 lines​​ 

To save the file, type​​ Esc​​ key followed by colon​​ :​​ followed by​​ wq

Hit Enter

You can see the file contents by using the ‘cat’ command

Execute this file (. means the current dir). Notice below that we get the permission denied message​​ 

This is because the file does not have execute permission

Let us give execute permission to owner and then try to execute the file. See below, we are now able to execute file

Set the directory permission

Let us now see a directory permission. Let us create a new directory. You can execute ‘ls -ld <dirname>’ to see​​ just​​ the dir permissions.​​ If you want to see dir contents, you can execute​​ 
ls -l <dirname>

Now look at the leftmost bit, you can see ‘d’. This denotes directory​​ 

Notice above that, owner/group/others have execute permission.​​ For a directory, execute permission means that we can open the directory​​ viz we can ‘cd’ to directory

Let us remove the execute permission from everyone. First let us cd to previous dir

​​ 

To remove the execute permission from all or everyone, we can use​​ chmod a-x <dir name>

Now see below, owner/group/others do not have execute permission

Now see below, we cannot cd to testdir

We can now give execute permission to everyone and can now cd to testdir

chmod​​ using octal code

So far we have been setting permissions for owner, group and others using separate commands (chmod o+w, chmod g+x, chmod a+w and so on…).​​ We will now see how to setup owner/group/others permissions in a single command. To achieve this, we use octal codes.

Below table​​ will help​​ us understand it better. We know that the 3 permission types are denoted by rwx. So the octal mode 0​​ means no permission, octal mode 4 means read permission and so on​​ 

Permission

Binary mode

Octal mode

---

000

0

--x

001

1

-w-

010

2

-wx

011

3

r--

100

4

r-x

101

5

rw-

110

6

rwx

111

7


The way we practically use it is as follows. In the below example, the first digit grants permission to owner, second digit to group and third to others.​​ 

So look at the above table. 012 means grant ‘no’ permission to owner, execute permission to group and write permission to others​​ 

Similarly 777 means grant rwx permission to owner, rwx permission to group and rwx permission to others​​ 

You can use below command to find out the permission for a file

So this is how we can change file permissions for owner, group and others.

change ownership (chown)

We can change the ownership of a file as well.​​ Recall the below snapshot. Notice that the file has a owner​​ and it belongs to a specific group

We can change the file owner using​​ 
chown <new owner> <filename>’ syntax. You need to be a root user to do that.​​ You cannot change the file ownership even if you own it. Only a root user can do that.

Notice below that the file has a new owner ‘testuser1’

change group (chgrp)

You can change group as well using​​ 
chgrp <new group> <filename>’ syntax.

Notice below that the file belongs to a new group now ‘testuser1’

So this is pretty much about​​ fundamentals of​​ file permissions​​ in Linux.

Thank you for reading!

Share On

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on tumblr
Share on email

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top

Lifetime Membership Club

LIFETIME MEMBERSHIP BIG SALE - ALL LIVE COURES JUST - 7000 RS/ 99 USD
Attend All Live courses in just 7000 rs / $99 - offer ends 1st Nov 2024