File Permissions in Linux
Linux operating system uses a permissions schema to define user
rights for each file. These permissions establish:
-who can read the file. If the file is a directory, read
means list the contents of the directory.
-who can write/modify the file. If the file is a
directory, this permission defines if you can make any changes
to the directory contents, for example create or delete files.
-who can execute the file. If the file is a directory,
this permission defines if you can enter the directory and
access its contents, for example run a search in the directory
or execute a program in it.
Permissions are assigned to the file owner, to the file owner
group, and to all users. For example, you can set a document to
be readable and writable by the owner only, and just readable by
everybody else.
When you issue an ls -l command, to list all contents of a
directory, you will see file permissions like this next to each
file:
-rwxrwxrwx
This means this file can be read, written and executed by
anybody. The first dash means this file is not a directory. For
directories, there will be a d letter instead of a dash.
The first set of "rwx" refers to the file owner. The second set,
to the owner group. The last set, to all other users. Let's look
at some examples:
-rwxr - - r - - This file can be read, written and executed by
its owner. It can only be read by other users. When a permission
is not set, you see a dash in its place.
-rw-rw-r- - This file can be read and written by its owner and
the owner group. It can only be read by other users.
You can set these permissions using the chmod command.
For example, this command:
chmod ugo=rwx filename
assigns read, write and execute permissions to file owner
user(u), group(g) and others (o). This other example:
chmod ug=rw,o=r filename
assigns read and write permissions to user and group, and only
read permission to others.
Permissions can also be expressed and set using the octal
numeric system. Each permission is associated to a number:
Read = 4 Write = 2 Execute = 1
You need to come up with a number for the file owner, another
number for the group and a last one for the other users. If you
want to assign read, write and execute permissions to file
owner, you add up the three values, thus getting a 7. If you
want to assign same permissions to group and others, you come up
with three sevens. You can set these permissions like this:
chmod 777 filename
If you set permissions for a file with the following command:
chmod 764 filename
then you're establishing these permissions: read, write and
execute for file owner (4+2+1=7), read and write for group
(4+2=6) and only read for others (4).
The following commands are equivalent:
chmod ug=rw,o=r filename
chmod 664 filename
The file permissions schema lets you implement security
policies. It is not a good idea to set file permissions high
(e.g.: 777) for all files. It is important to think about it and
assign the right permissions to the files, so users can do their
job, and we are sure each file is accessed only by the right
people.