Linux allows multiple users to access and use the system simultaneously. File permissions are crucial in a multi-user system to protect user privacy. It ensures that only authorized users can access and modify files.
The three sets of permissions are:
- Owner permissions: Apply to the user who owns the file.
- Group permissions: Apply to group members that own the file.
- Other permissions: Apply to all other users who are not the owner or a member of the group.
The ls command
The ls by default is used to list the contents of a directory.
Example to display contents of the current directory
ls
ls .
However, it can be used to list file permissions and ownerships or to find hidden files and directories.
Example to check the permissions of files
You can use the -l option which is known as long listing format. The complete command would be ls -l.
ls -l
total 552
-rw-rw-r-- 1 coolin coolin 493743 Oct 23 10:58 book.pdf
drwxrwxr-x 5 coolin coolin 4096 Oct 15 08:27 chapters
Infographics that explain each column in a long listing representation
For example the following case.
drwxrwxr-x 5 coolin coolin 4096 Oct 15 08:27 chapters
Access the man page for more info.
man ls
Hidden Files
To view hidden files in a directory use the -a or --all option with the ls command. This option tells ls to list all files, including those that are hidden.
An example can be found below
ls -a ~
. .. .bash_history .bashrc .profile
Or
ls -a -l ~
total 76
drwx------ 8 root root 4096 Oct 23 14:47 .
drwxr-xr-x 23 root root 4096 Aug 5 17:07 ..
-rw------- 1 root root 24062 Oct 22 21:20 .bash_history
-rw-r--r-- 1 root root 161 Apr 22 2024 .profile
Refer to the ls command's manual pages for more details.
man ls
Directory Permissions
Directories are file types that are marked with the letter d. You set the permissions the same way as with files, but directories behave differently than files when it comes to permissions.
The Read Permission
- Allows a user to view the contents of a directory, such as listing files and subdirectories.
- A user with 'r' permission can not read the contents of individual files within a directory.
- The 'r' permission only grants access to the directory's contents, not the individual files.
The Write Permission
- Allows a user to modify the contents of a directory, including creating, deleting, and renaming files.
- A user with 'w' permission can change the permissions of any file within a directory, regardless of their permissions or ownership.
- The 'w' permission grants the ability to change file permissions within the directory.
The Execute Permission
- Allows a user to enter or access a directory.
- The 'x' permission does not grant access to listing the contents of a directory.
- The 'x' permission only allows entry into the directory. To list the contents, the 'r' permission is also required.
To remove all permissions use the command below.
chmod 0000 myfile
File Permissions
To understand security, you need to master Linux file permissions. As
they control who can access files, and modify them it is crucial to
understand how they work and how to correctly set file permissions.
A dash (-) represents the lack of a particular permission.
The chmod command
Using the chmod command you change file mode bits meaning you can
modify file permissions.
There are two modes to change permissions:
- Symbolic mode,
- Numeric mode.
Symbolic Mode
In this mode, permissions are represented by letters. The symbolic mode
offers a detailed approach to modifying permissions, allowing you to add
or remove specific permissions.
In this example we will make a file readable and executable by everyone, you would use the following example
chmod a+rx file.txt
This is an example of how you use the symbolic mode to add read and write permissions for the user and group, but revoke all permissions for others
chmod ug+rw-x,o-rwx text.txt
To check if permissions were set correctly use the following command.
ls -al text.txt
-rw-rw---- 1 kulin kulin 0 Dec 24 20:16 text.txt
Numeric Mode
In this mode, permissions are represented using numbers. In this mode
permissions are represented as follows: read is 4, write is
2, and execute is 1.
Basic Overview of Permissions
A basic permissions demonstration can be found in the next table.
Detailed Overview of Permissions
A demonstration of detailed permissions can be found in the next table.
Commonly Used Permissions
A common practice when setting permissions to files and directories is
as follows:
- Directories: 755 or 750,
- Files: 644 or 640,
- Sensitive files containing credentials: 600.
- Warning
*The **777 is a world-readable type of permission meaning everyone gets all permissions. It should be used with extreme caution.***
Refer to the chmod command's manual pages for more details.
man chmod
The stat command
This command is used to status files. We will cover the basic use cases
that are useful in the context of this chapter.
Display Permissions in Octal Mode
Example to easily get a file's permissions in octal mode
stat -c %a /etc/passwd
644
Display Permissions in Human Readable Form
Example to easily get a file's permissions in human-readable form
stat -c %A /etc/passwd
-rw-r--r--
You can combine stat options as shown below.
stat -c "%n is a %F, permissions are %A, in octal %a" /etc/passwd
/etc/passwd is a regular file, permissions are -rw-r--r--, in octal 644
Refer to the stat command's manual pages for more details.
man stat
This article is part of my book:
Top comments (0)