RatSec Blog

Linux File Permissions

- Posted in Uncategorized by

enter image description here

In Linux, each file and directory has an associated set of permissions and ownership attributes that determine who can access and manipulate the files and directories. These permissions are defined for three categories of users:

  1. Owner (user): The user who owns the file.
  2. Group: The group that the file is associated with.
  3. Others: All other users.

File Type and Permission String

When you list files using ls -l, you see a detailed listing like this:


This string is composed of 10 characters:

  1. File type: The first character indicates the type of file:

    • - for a regular file
    • d for a directory
    • l for a symbolic link
    • c for a character device
    • b for a block device
  2. Permissions: The next nine characters are divided into three sets of three:

    • The first set represents the owner's permissions.
    • The second set represents the group's permissions.
    • The third set represents the others' permissions.

Understanding the Permissions

Each set of permissions can include the following characters:

  • r (read): Permission to read the file.
  • w (write): Permission to modify the file.
  • x (execute): Permission to execute the file (or to access the directory).

For example, the permission string -rwxr-xr-- can be broken down as:

  • rwx (read, write, execute) for the owner.
  • r-x (read, execute) for the group.
  • r-- (read only) for others.

Numerical (Octal) Representation

Permissions can also be represented numerically using octal (base-8) numbers. Each permission type is assigned a value:

  • r = 4
  • w = 2
  • x = 1

These values are summed to represent the permissions. For example:

  • rwx (4 + 2 + 1) = 7
  • r-x (4 + 0 + 1) = 5
  • r-- (4 + 0 + 0) = 4

Thus, the permissions -rwxr-xr-- translate to 754.

Changing Permissions with chmod

You can change file permissions using the chmod command. chmod can be used in two ways: symbolic mode and numeric mode.

Symbolic Mode

Symbolic mode allows you to modify permissions by specifying the user category and the permission type. For example:

chmod u+x file.txt     # Add execute permission for the owner
chmod g-w file.txt     # Remove write permission for the group
chmod o=r file.txt     # Set read-only permission for others
chmod a+r file.txt     # Add read permission for all (user, group, others)
chmod u=rwx,g=rx,o= file.txt  # Set specific permissions for each category

Numeric Mode

Numeric mode allows you to set permissions using octal numbers. For example:

chmod 755 file.txt  # Set permissions to rwxr-xr-x
chmod 644 file.txt  # Set permissions to rw-r--r--
chmod 600 file.txt  # Set permissions to rw-------

Changing Ownership with chown

The chown command changes the ownership of a file or directory. You can change both the owner and the group:

chown user file.txt          # Change the owner to 'user'
chown user:group file.txt    # Change the owner to 'user' and the group to 'group'
chown :group file.txt        # Change the group to 'group'

Special Permissions

There are three special types of permissions: setuid, setgid, and the sticky bit.

Setuid (Set User ID)

When the setuid permission is set on an executable file, the file runs with the privileges of the file’s owner rather than the user running the file. This is indicated by an s in the owner's execute position.

chmod u+s file.txt  # Set setuid on the file

Setgid (Set Group ID)

When the setgid permission is set on a directory, new files created within the directory inherit the group of the directory. This is indicated by an s in the group’s execute position.

chmod g+s directory/  # Set setgid on the directory

Sticky Bit

When the sticky bit is set on a directory, only the file's owner, the directory’s owner, or the root user can delete or rename files within that directory. This is indicated by a t in the others' execute position.

chmod +t directory/  # Set the sticky bit on the directory

Viewing File Permissions

To view the permissions of files and directories, you use the ls -l command:

ls -l file.txt

Practical Examples

Here are a few practical examples to summarize:

  1. Setting permissions to rwxr-xr-- (755) for a file:

    chmod 755 file.txt
  2. Adding execute permission for the group:

    chmod g+x file.txt
  3. Removing write permission for others:

    chmod o-w file.txt
  4. Changing owner to user and group to group:

    chown user:group file.txt
  5. Setting setgid on a directory:

    chmod g+s directory/
  6. Setting sticky bit on a directory:

    chmod +t directory/

Linux File Permissions Table

Symbolic Octal Description
--- 0 No permissions
--x 1 Execute only
-w- 2 Write only
-wx 3 Write and execute
r-- 4 Read only
r-x 5 Read and execute
rw- 6 Read and write
rwx 7 Read, write, and execute

Permissions for User, Group, and Others

The full permissions for a file or directory are a combination of user (u), group (g), and others (o) permissions.

Symbolic Numeric User (u) Group (g) Others (o)
rwx------ 700 rwx --- ---
rwxr----- 740 rwx r-- ---
rwxr-x--- 750 rwx r-x ---
rwxr-xr-- 754 rwx r-x r--
rwxr-xr-x 755 rwx r-x r-x
rwx--x--x 711 rwx --- --x
rwxrwxrwx 777 rwx rwx rwx
rw-r--r-- 644 rw- r-- r--
rw-rw-r-- 664 rw- rw- r--
rw-rw-rw- 666 rw- rw- rw-
rwxr--r-- 744 rwx r-- r--
r-xr-xr-x 555 r-x r-x r-x
r--r--r-- 444 r-- r-- r--
r--r----- 440 r-- r-- ---

Special Permissions

A breakdown of the special permissions (setuid, setgid, and sticky bit):

Symbolic Octal Description
---s-- 4000 Setuid: Executed as the file owner
------s 2000 Setgid: Executed as the file's group
-------- 1000 Sticky bit: Only the file owner can delete or rename
rws------ 4700 Setuid and read, write, and execute for owner
rwxs----- 2700 Setgid and read, write, and execute for group
rwx--T--- 1700 Sticky bit and read, write, and execute for owner
rwx--S--- 2600 Setgid without execute for group

Combined Special and Regular Permissions

Here’s how you might see special permissions combined with regular permissions:

Symbolic Numeric Description
-rwsr-xr-x 4755 Setuid with rwx for owner, rx for group, and rx for others
-rwxr-sr-x 2755 Setgid with rwx for owner, rxs for group, and rx for others
-rwxr-xr-t 1755 Sticky bit with rwx for owner, rx for group, and rxt for others

our labs