A Complete File Permissions in Unix and Linux

Published on  

17 min read

A Complete File Permissions in Unix and Linux

This article covers everything you need to know about file permissions in Unix and Linux, including the types of permissions, default settings, and special permissions such as SUID, SGID, and sticky bit. Learn how to change permissions using commands like chmod, chown, and chgrp.

Introduction

If you are a Linux or Unix user, you have likely encountered file permissions before. File permissions are an essential aspect of security in the Unix and Linux operating systems, and they allow users to control who can access, modify, and execute files.

In this article, we will provide a comprehensive guide to file permissions in Unix and Linux. We will start by explaining the basics of file permissions and the different types of file permissions available. Then, we will discuss default file permissions and how to change file permissions using the chmod, chown, and chgrp commands. Finally, we will dive into special file permissions, including Set User ID (SUID), Set Group ID (SGID), and Sticky Bit.

Whether you are a beginner or an experienced user, this guide will provide you with all the information you need to manage file permissions effectively. So, let's get started!

Understanding File Permissions in Unix and Linux

Before we dive into the different types of file permissions in Unix and Linux, it's important to understand what file permissions are and why they matter.

In Unix and Linux, file permissions are a way to control who can access a file and what actions they can perform on it. Each file has three types of permissions: read, write, and execute. These permissions can be set for three different types of users: the file owner, the group owner, and everyone else.

For example, let's say you have a file named "file.txt" that you want to share with your team. You want everyone to be able to read the file, but only certain people to be able to edit it. By setting the appropriate file permissions, you can control who can read and write to the file.

In addition to controlling access to files, file permissions also play an important role in system security. By limiting who can access and modify files, you can prevent unauthorized users from accessing sensitive information or making unauthorized changes to system files.

Next, we'll dive into the specific types of file permissions in Unix and Linux.

Types of File Permissions in Unix and Linux

Unix and Linux systems have three types of permissions that can be applied to a file or directory: read, write, and execute. Each of these permissions can be set for three different user groups: owner, group, and others.

Read (r) Permission

The read permission allows a user to read the contents of a file or the names of files in a directory. If the read permission is not set, the user will not be able to access the contents of the file or directory.

To set the read permission for a file or directory, the letter "r" is used. For example, to give the owner of a file read permission, the command would be:

chmod u+r file.txt

Write (w) Permission

The write permission allows a user to modify the contents of a file or create new files in a directory. If the write permission is not set, the user will not be able to modify the contents of the file or create new files in the directory.

To set the write permission for a file or directory, the letter "w" is used. For example, to give the owner of a file write permission, the command would be:

chmod u+w file.txt

Execute (x) Permission

The execute permission allows a user to execute a file or access the contents of a directory. If the execute permission is not set, the user will not be able to execute the file or access the contents of the directory.

To set the execute permission for a file or directory, the letter "x" is used. For example, to give the owner of a file execute permission, the command would be:

chmod u+x file.txt

These three types of permissions and the three user groups can be combined in various ways to provide fine-grained control over who can access and modify a file or directory. In the next section, we'll take a look at the default file permissions in Unix and Linux.

Default File Permissions in Unix and Linux

When a new file is created in Unix or Linux, it is assigned a set of default file permissions. These permissions determine who can access the file, and how they can access it. Default file permissions are determined by the system's umask, which is a bit mask that is applied to the default permissions to remove certain permissions.

The default file permissions for a new file are usually set to 666, which means that the owner, group, and other users all have read and write access to the file. The umask is then applied to remove certain permissions. For example, if the umask is set to 022, the default file permissions would be 644, which means that the owner has read and write access to the file, while the group and other users only have read access.

It is important to note that default file permissions only apply to newly created files, and not to files that already exist. The default permissions can be changed by modifying the system's umask, but this will affect all newly created files.

Default file permissions can also be set for directories, which determine who can create, delete, and modify files within the directory. The default permissions for directories are usually set to 777, which means that the owner, group, and other users all have read, write, and execute access to the directory. The umask is then applied to remove certain permissions. For example, if the umask is set to 022, the default directory permissions would be 755, which means that the owner has read, write, and execute access to the directory, while the group and other users only have read and execute access.

It is important to carefully consider the default file permissions and umask settings on a system, as they can have a significant impact on the security of the system and the files stored on it.

In the next section, we will discuss how to change file permissions in Unix and Linux.

Changing File Permissions in Unix and Linux

Unix and Linux allow users to change the permissions of files and directories as per their requirements. The three basic file permissions discussed in the previous section (read, write, and execute) can be changed for different user categories: owner, group, and others. Here are some ways to change file permissions:

Using chmod Command

The most common way to change file permissions in Unix and Linux is by using the chmod command. Chmod is short for "change mode," and it allows you to modify the permissions on a file or directory. The basic syntax of the chmod command is:

chmod [options] mode file

Here, "mode" specifies the new permissions you want to set for the file, and "file" is the name of the file or directory you want to modify. The options you can use with chmod include:

  • -c: Display a message only if the permissions are changed.
  • -R: Recursively change permissions for all files and directories under the specified directory.
  • -v: Display a message for each file processed.

The "mode" parameter specifies the new permissions for the file or directory, and it can be specified in two different ways: symbolic mode and numeric mode.

Symbolic mode allows you to modify the permissions in a more human-readable format. The basic syntax for symbolic mode is:

chmod [options] [who] [operator] [permission] file

Here, "who" specifies the user or group whose permissions you want to modify, "operator" specifies the operation you want to perform, and "permission" specifies the new permissions you want to set. The "who" parameter can be one of the following:

  • u: User (owner) of the file
  • g: Group owner of the file
  • o: Other users (not owner or group)
  • a: All users (same as ugo)

The "operator" parameter can be one of the following:

  • +: Add permission
  • -: Remove permission
  • =: Set permission

The "permission" parameter can be one or more of the following:

  • r: Read permission
  • w: Write permission
  • x: Execute permission

For example, if you want to add write permission for the group owner of a file named "file.txt", you can use the following command:

chmod g+w file.txt

Numeric mode, on the other hand, allows you to set the permissions using a three-digit octal value. Each digit represents the permission for the owner, group, and other users, respectively. The values are calculated by adding the values for each permission, where:

  • Read permission is worth 4
  • Write permission is worth 2
  • Execute permission is worth 1

For example, if you want to set the permissions to read and write for the owner, read-only for the group, and no access for other users, you can use the following command:

chmod 640 file.txt

Here, the first digit represents the permission for the owner, the second digit represents the permission for the group, and the third digit represents the permission for other users.

Using chown Command

The chown (short for "change owner") command allows you to change the owner of a file or directory. This can be useful when you want to transfer ownership of a file to another user or group.

The basic syntax of the chown command is as follows:

chown [options] [new_owner]:[new_group] file
  • new_owner is the name of the user who will become the new owner of the file.
  • new_group is the name of the group that will become the new group owner of the file.
  • file is the file or directory whose ownership you want to change.

If you only want to change the owner of the file, you can omit the group name. Similarly, if you only want to change the group owner, you can omit the user name.

Here's an example:

ls -l file.txt
-rw-rw-r-- 1 user1 user1 0 May 11 15:22 file.txt

chown user2 file.txt

ls -l file.txt
-rw-rw-r-- 1 user2 user1 0 May 11 15:22 file.txt

In this example, we changed the owner of the file.txt file to user2. The group owner remained the same (user1) because we did not specify a new group name.

Using chgrp Command

The chgrp (short for "change group") command allows you to change the group ownership of a file or directory.

The basic syntax of the chgrp command is as follows:

chgrp [options] new_group file
  • new_group is the name of the new group that will become the group owner of the file.
  • file is the file or directory whose group ownership you want to change.

Here's an example:

ls -l file.txt
-rw-rw-r-- 1 user1 user1 0 May 11 15:22 file.txt

chgrp group1 file.txt

ls -l file.txt
-rw-rw-r-- 1 user1 group1 0 May 11 15:22 file.txt

In this example, we changed the group owner of the file.txt file to group1.

By using these three commands, you can easily manage file permissions and ownership in Unix and Linux operating systems.

Special File Permissions in Unix and Linux

In addition to the standard read, write, and execute permissions, Unix and Linux systems also have special file permissions that can be assigned to files and directories. These special permissions provide additional control over who can access and execute files and directories, and are often used in conjunction with the standard permissions to create more secure and flexible systems.

There are three types of special file permissions in Unix and Linux:

Set User ID (SUID)

The Set User ID (SUID) permission allows a user to execute a file with the permissions of the file's owner. This is particularly useful for programs that require elevated privileges to run, such as system configuration tools. When a user executes a file with the SUID bit set, the program runs with the permissions of the file's owner, rather than the user's own permissions.

To set the SUID permission on a file, use the chmod command with the numeric code 4, or the letter s. For example, to set the SUID permission on a file called program, you would run the following command:

chmod 4755 program

Set Group ID (SGID)

The Set Group ID (SGID) permission works similarly to the SUID permission, but instead of running a file with the permissions of the file's owner, it runs the file with the permissions of the file's group. This is useful for programs that require access to group resources, such as shared files or directories.

To set the SGID permission on a file, use the chmod command with the numeric code 2, or the letter s. For example, to set the SGID permission on a file called program, you would run the following command:

chmod 2755 program

Sticky Bit

The Sticky Bit permission is used to control write access to a directory. When the Sticky Bit is set on a directory, only the owner of a file in that directory or the root user can delete or rename the file. This helps prevent accidental deletion of important files in shared directories.

To set the Sticky Bit permission on a directory, use the chmod command with the numeric code 1, or the letter t. For example, to set the Sticky Bit permission on a directory called shared, you would run the following command:

chmod 1755 shared

These special file permissions can be combined with the standard file permissions to create complex and secure systems that provide fine-grained control over file and directory access. It's important to understand how these permissions work and how to use them effectively to ensure the security and reliability of your Unix or Linux system.

In the next section, we'll wrap up this guide by summarizing what we've learned and providing some final thoughts on file permissions in Unix and Linux systems.

Conclusion

In conclusion, file permissions are a crucial aspect of Unix and Linux systems that allow users to control access to their files and directories. Understanding the different types of permissions, default permissions, and special permissions is essential for managing access to your system resources effectively.

The read, write, and execute permissions allow users to control who can read, write, or execute a file or directory. Default file permissions determine the permissions assigned to a newly created file or directory. Changing file permissions using chmod, chown, and chgrp commands enables users to modify file permissions according to their needs.

Special file permissions in Unix and Linux, including the set user ID (SUID), set group ID (SGID), and sticky bit, provide advanced access control capabilities that can be useful in specific scenarios.

Overall, file permissions play a critical role in securing and managing access to resources in Unix and Linux systems. By understanding the concepts covered in this article, users can make informed decisions regarding access control and ensure the security of their data.

TAGS:

Linux Command

About the Author

Rexposed Staff

Was this helpful?

Related Articles

How to Install and Use Curl on Linux

How to Install and Use Curl on Linux

By
A Complete File Management Commands in Unix and Linux

A Complete File Management Commands in Unix and Linux

By
Unix and Linux Directory Management Commands: A Complete Guide

Unix and Linux Directory Management Commands: A Complete Guide

By
How to Use SCP Command to Securely Transfer Files and Directories

How to Use SCP Command to Securely Transfer Files and Directories

By