Linux permissions
What you will Learn:
Remove users
Permission groups
Permission types
Practical example of permisions
Permission sequence
change permission mode (chmod)
Set the directory permission
chmod using octal code
change ownership (chown)
change group (chgrp)
Remove users
Before we delete testuser2, notice below that there is an entry for this user in passwd and shadow files
We use ‘userdel <username>’ command to delete a user
As can be seen below, testuser2 no more exists in passwd and shadow files
Permission groups
There are 3 permission groups :
a) owner – denoted by ‘o’
b) group – denoted by ‘g’
c) all or others – denoted by ‘a’
Permission types
There are 3 permission types :
a) read – denoted by ‘r’
b) write – denoted by ‘w’
c) execute – denoted by ‘x’
Practical example of permisions
Let us logout from root user and create a new file
We then execute the ‘ls -l’ command, see below
Permission sequence
rwx is the permission sequence, see below
Above signifies that ‘owner’ has read and write permission, ‘group’ has read and write permission, others have only read permission. None of them have execute permission.
The leftmost bit - represents the special permission
change permission mode (chmod)
Let us consider the below file
We can give execute permission to owner (or user) by executing below command
Now if you see below, the user or owner has execute permissions
Similarly we can grant execute permission to group
Grant execute permission to others
To delete or modify a file, you need to have write (w) permission.
To read the file contents (using cat command for example), you need to have read (r) permission.
To understand execute permission, let us create a shell script
Let us edit this file using ‘vi’ editor
Hit Enter, the editor window opens
Press key ‘i’ to insert the text.
Type the below 2 lines
To save the file, type Esc key followed by colon : followed by wq
Hit Enter
You can see the file contents by using the ‘cat’ command
Execute this file (. means the current dir). Notice below that we get the permission denied message
This is because the file does not have execute permission
Let us give execute permission to owner and then try to execute the file. See below, we are now able to execute file
Set the directory permission
Let us now see a directory permission. Let us create a new directory. You can execute ‘ls -ld <dirname>’ to see just the dir permissions. If you want to see dir contents, you can execute
‘ls -l <dirname>’
Now look at the leftmost bit, you can see ‘d’. This denotes directory
Notice above that, owner/group/others have execute permission. For a directory, execute permission means that we can open the directory viz we can ‘cd’ to directory
Let us remove the execute permission from everyone. First let us cd to previous dir
To remove the execute permission from all or everyone, we can use ‘chmod a-x <dir name>’
Now see below, owner/group/others do not have execute permission
Now see below, we cannot cd to testdir
We can now give execute permission to everyone and can now cd to testdir
chmod using octal code
So far we have been setting permissions for owner, group and others using separate commands (chmod o+w, chmod g+x, chmod a+w and so on…). We will now see how to setup owner/group/others permissions in a single command. To achieve this, we use octal codes.
Below table will help us understand it better. We know that the 3 permission types are denoted by rwx. So the octal mode 0 means no permission, octal mode 4 means read permission and so on
Permission | Binary mode | Octal mode |
--- | 000 | 0 |
--x | 001 | 1 |
-w- | 010 | 2 |
-wx | 011 | 3 |
r-- | 100 | 4 |
r-x | 101 | 5 |
rw- | 110 | 6 |
rwx | 111 | 7 |
The way we practically use it is as follows. In the below example, the first digit grants permission to owner, second digit to group and third to others.
So look at the above table. 012 means grant ‘no’ permission to owner, execute permission to group and write permission to others
Similarly 777 means grant rwx permission to owner, rwx permission to group and rwx permission to others
You can use below command to find out the permission for a file
So this is how we can change file permissions for owner, group and others.
change ownership (chown)
We can change the ownership of a file as well. Recall the below snapshot. Notice that the file has a owner and it belongs to a specific group
We can change the file owner using
‘chown <new owner> <filename>’ syntax. You need to be a root user to do that. You cannot change the file ownership even if you own it. Only a root user can do that.
Notice below that the file has a new owner ‘testuser1’
change group (chgrp)
You can change group as well using
‘chgrp <new group> <filename>’ syntax.
Notice below that the file belongs to a new group now ‘testuser1’
So this is pretty much about fundamentals of file permissions in Linux.
Thank you for reading!