Join Scott Simpson for an in-depth discussion in this video File system basics: Permissions 101, part of Linux Tips Weekly.
- [Instructor] Linux is a multi-user operating system, and that means that we need a way to secure a user's files, or the system files, from access by other users. The way this is done on Linux is through the use of permissions. Every file on a Linux system has information about who owns it, which we can see in a long listing here. This ownership information consists of a user and a group. These values can be changed as needed, with the chown and chgroup commands. And they form the basis of the POSIX permission scheme.
The permission scheme lets us determine who has the ability to access a file to read from it, to write to it, or to execute it based on three criteria. Whether a user is the owner of the file, whether the user is in a group which has ownership of the file, or whether a user is neither. In this listing, those conditions are indicated here in a line of nine characters. Divided into three groups. The first group of three characters after the type represent the ability of the user who has ownership of the file.
The middle group represents the abilities of the group that owns the file. And the last group represents the abilities of any other user who's not the owner or a member of the owning group. Each group has a space to indicate read, write, and execute permissions. We can think about these abilities and conditions as a matrix. The abilities are represented as (r) for Read, (w) for Write, and (x) for Execute. And the conditions can represented by (u) for User, (g) for Group, and (o) for Others.
The file we saw earlier had a permissions mode of rw-rw-r-- so let's plot that up here on the matrix. We use dashes to indicate that a particular role does not have a particular permission. For example, no one can execute this file. If say the user could execute it, the matrix and the mode string would look like this. But how do we change the permission mode on a file? There's two approaches. The first is called Symbolic Notation. With this notation, we set a particular permission for a particular role. For example, we could add execute access for the user with a chmod u for user plus x for execute or we could remove group right access with g-w.
Letting others write and execute, we could accomplish with chmod o+wx. And to remove right access for the owner, the user, we could write u-w. If I were to leave off the first letter, the u, g, or o, and then use plus or minus and a particular permission, it would set that permission for each of the three roles. For example here, chmod +x adds the execute permission for the user, the group, and others. The other way of representing these permissions is called Octal Notation, named for the numbering system with eight values per digit, zero through seven.
If we assign each activity a number, one for execute, two for write, and four for read, then we can sum up each role or condition to determine what the user, group, and other values are. Only allowing the user to read, write, and execute is 700. Allowing the user and group to read and write and others just to read is 664. Allowing the user to read, write, and execute and letting the group and others read and execute is 755. And full access for everyone is 777.
While there are many combinations of permissions, in practice you'll only really see a few. I'll create a file here in my Home folder. With touch afile. And by default, that file has the permissions 664. Read and write for me, the owner or user, and members of the group and read for others. I can open that up in a text editor here and make a change to the file. I'll save that. Now I can use the chmod command for change mode to set the permission mode on this file.
Let's remove user right access with chmod u-w. I'll take a look at the permissions again and I'll see that the w for write has been removed. If I try to edit this file, I'm warned that I have no right permission. I can put that right permission back with chmod u+w or I could use the Octal Notation instead. Right now it's 464. And to add the right permission for the user, I change it to 664.
So I'll write chmod 664 and the file name and then I'll take a look at the permissions again. That's back to how it started out. Permissions are an important concept. So knowing how they're represented and how to change them when needed is a helpful stepping stone toward being more confident in a Linux environment.
Note: Because this is an ongoing series, viewers will not receive a certificate of completion.