File Permissions in Linux
In Linux, file permissions are a way to control who can access a file and what they can do with it. Three types of permissions can be assigned to files: read, write, and execute.
Each file in Linux has a set of permissions that determine who can perform certain actions on the file. The permissions are divided into three groups: owner, group, and other. The owner is the user who created the file, the group is a set of users who have access to the file, and other is everyone else on the system.
The following is a breakdown of each permission type:
Read permission (r): Allows a user to view the contents of a file.
Write permission (w): Allows a user to modify the contents of a file.
Execute permission (x): Allows a user to execute a file if it is a program or script.
Permissions can be assigned to each of the three groups using a three-digit code, where each digit corresponds to the owner, group, and other. The three digits are calculated as follows:
The first digit represents the owner's permissions.
The second digit represents the group's permissions.
The third digit represents the other users' permissions.
Each digit is calculated by adding up the following values:
Read permission: 4
Write permission: 2
Execute permission: 1
For example, if you wanted to assign read and write permissions to the owner and read-only permissions to the group and other, you would use the following command:
chmod 644 filename
This would give the owner read and write permissions (4 + 2 = 6), and read-only permissions to the group and other (4 for read-only).
Representation of File Permissions:
The representation of file permission is a 10-character string that indicates the type of file and the permissions for the owner, group, and other users. The first character of the string indicates the type of file, and the remaining nine characters represent the permissions.
The first character of the string can be one of the following:
"-" (hyphen): Indicates a regular file.
"d": Indicates a directory.
"l": Indicates a symbolic link.
"c": Indicates a character device file.
"b": Indicates a block device file.
"s": Indicates a local socket file.
"p": Indicates a named pipe.
The remaining nine characters of the string represent the permissions for the file, and are divided into three groups of three characters each: the owner permissions, group permissions, and other permissions. Each group of three characters represents read, write, and execute permissions, respectively.
The characters used to represent the permissions are as follows:
"r" (read permission): Allows the file to be read.
"w" (write permission): Allows the file to be modified.
"x" (execute permission): Allows the file to be executed if it is a program or script.
"-" (hyphen): Indicates that permission is not granted.
Let's take the example of the directory "rrr" in the above set of files and directories:
The first character "d" indicates that it is a directory, and the remaining nine characters indicate the permissions as follows:
"rwx" (owner permissions): The owner can read, write and execute it.
"r-x" (group permissions): The group can read and execute the file, but cannot modify it.
"r-x" (other permissions): Likewise group, Other users on the system can read and execute the file, but cannot modify it.
How to change File Permissions?
In Linux, file permissions can be changed using the chmod
command, which allows you to modify the read, write, and execute permissions for the owner, group, and other users.
The permissions can be represented in two ways:
Symbolic method: In this method, the permissions are represented using a combination of letters and symbols. The following letters are used:
"u": Refers to the owner of the file.
"g": Refers to the group that the file belongs to.
"o": Refers to other users on the system.
"a": Refers to all users (i.e., the owner, group, and others).
The following symbols are used to modify the permissions:
"+": Adds the specified permissions.
"-": Removes the specified permissions.
"=": Sets the permissions to the specified value.
For example, to give the owner and group read and write permissions, but remove write permissions for other users, you would use the following command:
chmod u+rw,g+rw,o-w filename
- Numeric method: In this method, the permissions are represented using a three-digit code, where each digit represents the permissions for the owner, group, and other users, respectively. The digits are calculated by adding the values of the following characters:
"r": 4 (read permission)
"w": 2 (write permission)
"x": 1 (execute permission)
For example, to give the owner read and write permissions, the group read-only permissions, and no permissions for other users, you would use the following command:
chmod 640 filename
To change the permissions for multiple files at once, you can use the wildcard character "*". For example, to give all files in the current directory read-only permissions for the owner and group, you would use the following command:
chmod u+r,g+r *
Let's try out what we learnt today:
Let's change the permissions of the directory "rrr"
chmod 643 rrr
Result:
Access Control List
Access Control List (ACL) is a feature in Linux that allows you to grant permissions to specific users or groups beyond the traditional file permission model. With ACLs, you can set fine-grained access permissions on files and directories, specifying access for specific users or groups.
To set ACLs on a file or directory, you can use the setfacl
command. The basic syntax of the setfacl
command is as follows:
setfacl -m u:[user]:[permissions] [file]
In this command, [user]
is the name of the user that you want to grant access to, and [permissions]
are the access permissions that you want to grant. The permissions can be represented using the same symbols as in the traditional file permission model, such as "r" (read), "w" (write), and "x" (execute).
For example,
To grant user "rajat" read and write access to a file named "file111", you would use the following command:
setfacl -m u:rajat:rw file111
To view the ACLs for a file or directory, you can use the
getfacl
command:getfacl file111
To remove an ACL entry, you can use the
-x
option with thesetfacl
command:setfacl -x u:rajat file111