File Permissions

File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how.

Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files.

When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files.

How do you view Linux file permissions?

The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

$ ls -l

drwxr-xr-x. 4 root root    68 Jun 13 20:25 tuned
-rw-r--r--. 1 root root  4017 Feb 24  2022 vimrc

In this example, you see two different listings. The first field of the ls -l output is a group of metadata that includes the permissions on each file. Here are the components of the vimrc listing:

• File type: -

• Permission settings: rw-r--r--

• Extended attributes: dot (.)

• User owner: root

• Group owner: root

What are the three permission groups in Linux?

1. Owner

These permissions apply exclusively to the individuals who own the files or directories.

1. Group

Permissions can be assigned to a specific group of users, impacting only those within that particular group.

1. All Users or Others

These permissions apply universally to all users on the system, presenting the highest security risk. Assigning permissions to all users should be done cautiously to prevent potential security vulnerabilities.

---     ---     ---
rwx     rwx     rwx
user    group   other 

What are the three kinds of file permissions in Linux?

Letters	Definition
‘r’	“read” the file’s contents.
‘w’	“write”, or modify, the file’s contents.
‘x’	“execute” the file. This permission is given only if the file is a program.

Symbols: `+`, `-` and `=`Option in Linux File Permission

Operators	Definition
`+`	Add permissions
`-`	Remove permissions
`=`	Set the permissions to the specified values

User, group, and others Option in Linux File Permission

Reference	Class	Description
`u`	user	The user permissions apply only to the owner of the file or directory, they will not impact the actions of other users.
'g'	group	The group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of other users.
'o'	others	The other permissions apply to all other users on the system, this is the permission group that you want to watch the most.
'a'	all	All three (owner, groups, others)

What are octal values?

When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values.

The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

• r (read): 4

• w (write): 2

• x (execute): 1

Example:

• Owner: rwx = 4+2+1 = 7

• Group: r-- = 4+0+0 = 4

• Others: r-- = 4+0+0 = 4

The results produce the three-digit value 744.

How to Change Permissions in Linux

The command you use to change the security permissions on files is called “chmod“, which stands for “change mode” because the nine security characters are collectively called the security “mode” of the file.

chmod [option]+[permission] [Filename]
Ex: chmod u+x file.txt // add execute permission for user in file.txt

chmod ug+rw,o-x abc.txt 

The code above adds read(r) and write(w) permission to both user(u) and group(g) and revoke execute(x) permission from others(o) for the file abc.txt.

The octal notations in Permissions in Linux

There can be numerous combinations of file permissions you can invoke revoke and assign. You can also use octal notations.

octal notations

chmod ugo+rwx [file_name]
chmod 777 [file_name]

Both of them provide full read write and execute permission (code=7) to all the group.

chmod u=r,g=wx,o=rx [file_name]
chmod 435 [file_name]

Both the codes give read (code=4) user permission, write and execute (code=3) for the group and read and execute (code=5) for others.

What are special file permissions?

Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered.

SUID

SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command.

SGID

SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner.

This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files.

Sticky bit

The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory.

How to Change File Ownership

In the Linux operating system, file ownership is a crucial aspect of system security and user management.

The `chown` command, short for “change owner,” is a powerful tool that allows users to change the owner of files and directories.

Understanding User Ownership and Permissions in Linux

Root User

It is a superuser who has access to all the directories and files in our system and it can perform any operation.

An important thing to note is that only the root user can perform changing of permissions or ownerships of the files that are not owned by them.

System User

These users have limited access to files and directories and can only modify the files that they own.

chown Command

chown [options] new_owner[:new_group] file(s)
Ex: chown -c master file1.txt

Essential commands like chown enable ownership changes. Whether granting or revoking access, users must exercise caution, especially when applying universal permissions.