In Linux, each file and directory has an associated set of permissions and ownership attributes that determine who can access and manipulate the files and directories. These permissions are defined for three categories of users:
- Owner (user): The user who owns the file.
- Group: The group that the file is associated with.
- Others: All other users.
File Type and Permission String
When you list files using ls -l, you see a detailed listing like this:
-rwxr-xr--
This string is composed of 10 characters:
File type: The first character indicates the type of file:
-for a regular filedfor a directorylfor a symbolic linkcfor a character devicebfor a block device
Permissions: The next nine characters are divided into three sets of three:
- The first set represents the owner's permissions.
- The second set represents the group's permissions.
- The third set represents the others' permissions.
Understanding the Permissions
Each set of permissions can include the following characters:
r(read): Permission to read the file.w(write): Permission to modify the file.x(execute): Permission to execute the file (or to access the directory).
For example, the permission string -rwxr-xr-- can be broken down as:
rwx(read, write, execute) for the owner.r-x(read, execute) for the group.r--(read only) for others.
Numerical (Octal) Representation
Permissions can also be represented numerically using octal (base-8) numbers. Each permission type is assigned a value:
r= 4w= 2x= 1
These values are summed to represent the permissions. For example:
rwx(4 + 2 + 1) = 7r-x(4 + 0 + 1) = 5r--(4 + 0 + 0) = 4
Thus, the permissions -rwxr-xr-- translate to 754.
Changing Permissions with chmod
You can change file permissions using the chmod command. chmod can be used in two ways: symbolic mode and numeric mode.
Symbolic Mode
Symbolic mode allows you to modify permissions by specifying the user category and the permission type. For example:
chmod u+x file.txt # Add execute permission for the owner
chmod g-w file.txt # Remove write permission for the group
chmod o=r file.txt # Set read-only permission for others
chmod a+r file.txt # Add read permission for all (user, group, others)
chmod u=rwx,g=rx,o= file.txt # Set specific permissions for each category
Numeric Mode
Numeric mode allows you to set permissions using octal numbers. For example:
chmod 755 file.txt # Set permissions to rwxr-xr-x
chmod 644 file.txt # Set permissions to rw-r--r--
chmod 600 file.txt # Set permissions to rw-------
Changing Ownership with chown
The chown command changes the ownership of a file or directory. You can change both the owner and the group:
chown user file.txt # Change the owner to 'user'
chown user:group file.txt # Change the owner to 'user' and the group to 'group'
chown :group file.txt # Change the group to 'group'
Special Permissions
There are three special types of permissions: setuid, setgid, and the sticky bit.
Setuid (Set User ID)
When the setuid permission is set on an executable file, the file runs with the privileges of the file’s owner rather than the user running the file. This is indicated by an s in the owner's execute position.
chmod u+s file.txt # Set setuid on the file
Setgid (Set Group ID)
When the setgid permission is set on a directory, new files created within the directory inherit the group of the directory. This is indicated by an s in the group’s execute position.
chmod g+s directory/ # Set setgid on the directory
Sticky Bit
When the sticky bit is set on a directory, only the file's owner, the directory’s owner, or the root user can delete or rename files within that directory. This is indicated by a t in the others' execute position.
chmod +t directory/ # Set the sticky bit on the directory
Viewing File Permissions
To view the permissions of files and directories, you use the ls -l command:
ls -l file.txt
Practical Examples
Here are a few practical examples to summarize:
Setting permissions to
rwxr-xr--(755) for a file:chmod 755 file.txtAdding execute permission for the group:
chmod g+x file.txtRemoving write permission for others:
chmod o-w file.txtChanging owner to
userand group togroup:chown user:group file.txtSetting setgid on a directory:
chmod g+s directory/Setting sticky bit on a directory:
chmod +t directory/
Linux File Permissions Table
| Symbolic | Octal | Description |
|---|---|---|
| --- | 0 | No permissions |
| --x | 1 | Execute only |
| -w- | 2 | Write only |
| -wx | 3 | Write and execute |
| r-- | 4 | Read only |
| r-x | 5 | Read and execute |
| rw- | 6 | Read and write |
| rwx | 7 | Read, write, and execute |
Permissions for User, Group, and Others
The full permissions for a file or directory are a combination of user (u), group (g), and others (o) permissions.
| Symbolic | Numeric | User (u) | Group (g) | Others (o) |
|---|---|---|---|---|
| rwx------ | 700 | rwx | --- | --- |
| rwxr----- | 740 | rwx | r-- | --- |
| rwxr-x--- | 750 | rwx | r-x | --- |
| rwxr-xr-- | 754 | rwx | r-x | r-- |
| rwxr-xr-x | 755 | rwx | r-x | r-x |
| rwx--x--x | 711 | rwx | --- | --x |
| rwxrwxrwx | 777 | rwx | rwx | rwx |
| rw-r--r-- | 644 | rw- | r-- | r-- |
| rw-rw-r-- | 664 | rw- | rw- | r-- |
| rw-rw-rw- | 666 | rw- | rw- | rw- |
| rwxr--r-- | 744 | rwx | r-- | r-- |
| r-xr-xr-x | 555 | r-x | r-x | r-x |
| r--r--r-- | 444 | r-- | r-- | r-- |
| r--r----- | 440 | r-- | r-- | --- |
Special Permissions
A breakdown of the special permissions (setuid, setgid, and sticky bit):
| Symbolic | Octal | Description |
|---|---|---|
| ---s-- | 4000 | Setuid: Executed as the file owner |
| ------s | 2000 | Setgid: Executed as the file's group |
| -------- | 1000 | Sticky bit: Only the file owner can delete or rename |
| rws------ | 4700 | Setuid and read, write, and execute for owner |
| rwxs----- | 2700 | Setgid and read, write, and execute for group |
| rwx--T--- | 1700 | Sticky bit and read, write, and execute for owner |
| rwx--S--- | 2600 | Setgid without execute for group |
Combined Special and Regular Permissions
Here’s how you might see special permissions combined with regular permissions:
| Symbolic | Numeric | Description |
|---|---|---|
| -rwsr-xr-x | 4755 | Setuid with rwx for owner, rx for group, and rx for others |
| -rwxr-sr-x | 2755 | Setgid with rwx for owner, rxs for group, and rx for others |
| -rwxr-xr-t | 1755 | Sticky bit with rwx for owner, rx for group, and rxt for others |