Linux file permissions explained

Some people may not be very knowledgeable about *nix file permissions, and what they mean, so this is intended to be some sort of a guide.

Any file or folder has a permission associated to it. Look at it as: ‘who has the power over this file/folder, and what kind of power does he have’.

There are 3 types of permissions:

  • read
  • write
  • execute

These permissions apply to 3 groups of people:

  • The file/folder owner
  • The group to which the owner of this file/folder belongs
  • The rest of the crowd, called world.

So suppose you have a file ‘x’, then this file x will certainly have:

  • a set of permissions defining what its owner can do with it
  • a set of permissions defining what users that belong to the same group as the owner can do
  • what other people that do not fit int he first 2 categories can do

You can assign a single permission (e.g. read) or a set of permissions (e.g. read, execute) to this file/folder.

As an instance, you can allow the owner to do whatever he wants with the file (read,write,execute), allow the group to which the owner belongs to simply read the file, and disallow everyone else on the system from doing anything.

Now, to make it easier for you, and to not get into how these numbers are calculated, just memorize the following:

  • read equals to 4
  • write equals to 2
  • execute equals to 1

Let’s get back to the example listed above.

  • We wanted the owner to have full permissions, this means the permission for the owner should be: 4 (read) + 2 (write) + 1 (execute) = 7
  • We wanted to give the group read and write permissions, meaning 4+2=6
  • We wanted to deny complete access to the world, so that’s a 0

So, the permission for all the 3 types of users we mentioned earlier sums up to: 750

Keep in mind, you use the digit corresponding to the owner’s permissions first (7) , then the group (5) then to world.

Pretty simple, eh?

How do you set such a permission for a certain file ‘x’? Simply execute at your shell prompt chmod 755 x

Let’s do another exercise but backward this time. If i were to tell you that by default, a new created file would have a permission of 644, what would the permission of each of the 3 types of users be?

6 is basically 4+2 (you can’t get it any other way, remember you only have 3 numbers: 4,2 and 1 which would potentially take part of making up this number). This means read and write.
4 is well, 4 … that’s a simple read

So a 644 permission is a read and write permission for this file/folder’s owner, and a read permission for the owner’s group users and for the rest of the world.

One question arises though: what is the difference between the permissions we set to a file and those we set to a folder?

Basically:

  • A read permission on a file means we can see its content, while a read permission on a folder means we can list its content (get the list of files and folders it contains).
  • A write permission on a file means we can alter its content, while a write permission on a folder means we can create, and modify files and folders under it
  • An execute permission on a file means we can literally execute it (e.g. shell script), while an execute permission on a folder means we can browse into it.

A final point:

If you get a long listing of the files/folders on a *nix system, you may as an example notice the following:

-rwxr-xr-x

This is the textual representation of the numbered permissions I explained above. The dash – means ‘no’. ‘r’ means read, ‘w’ means write, ‘x’ means execute. The very first bit would be an indication whether this is a file (-) or a folder (d).

Again, we go by the owner, group, world sequence. So the above example indicates that this is a file, owner has read, write, execute permission, group has read, execute permission, world has read,execute permission.

Hope this guide was simple yet beneficial to the readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>