It’s that time again. Beginner’s Linux is back and this time I’m going to be taking a look at file permissions in Linux. In fact, the details should apply to any Unix-based system, but for simplicity I’ll use the term ‘Linux’. This is Part 1 and lays down some of the basic concepts before we put them into practice in Part 2 (coming soon).
If you don’t know anything about how the file system works (i.e. you don’t understand where / is and what the symbol ~ represents), then I’d strongly recommend checking out my guide to files and folders before coming back here for the rest. Don’t worry, it’s written in nice and friendly language as well.
There’s a short intro into Permissions there, but here we’re really going for it and by the end you should have an understanding of file permissions, how they work, how to change them and why they’re necessary.
OK, let’s jump in.
Why do we need file permissions anyway?
File permissions are a necessary part of any modern operating system that’s running on a traditional desktop machine or a server. File permissions exist in almost everything nowadays (Windows XP has them) it’s just that you tend not to notice them so much. Most people run as administrator on Windows XP anyway, and as Administrator you completely bypass file permissions!
File permissions are absolutely great for security. Say a nasty program managed to run on your machine. If you’re only logged in as a user with normal privileges (i.e. not an administrator), file permissions will block that malicious program from changing anything you don’t have access to.
Also they’re good for stopping nosy users of your computer getting into files you might not want them to see and protecting system files from accidental deletion, modification or anything else by a malicious or inexperienced user.
Owners, groups and everybody else
Now we come to one of the main theory points about Linux file permissions. Listen up, because this bit is important.
Every file on Linux has an owner and a group.
The owner, obviously enough, owns the file and is the only one (aside from root, who can see everything) who can change the permissions on that file.
The group is a group of users that you can give full or partial permissions on that file, without giving them ownership of it. For example if I (peter) need to let bob edit a file I own, but I don’t want to give him ownership, I simply place bob in a group and give that group permission to my file.
Everyone else is all users that aren’t the owner or members of the file’s group and you can say what they can do with your file too.
Read, write and execute
There are three possible things you can allow people to do to your file. I can let them read the file, write to the file and also execute the file – if it’s a program, they can run it (Quick note: when ‘execute’ is given on a folder’s permissions, it means you can browse through the folder).
Fairly simple. Now I’m about to jump in a bit more complicated. If you don’t get anything, recap it now before we continue.
The permissions assigned to a file can be represented with a list of characters. They look really confusing at first, but I’m going to try and explain them.
This list starts with an identifier. For a normal file, that will be a single hyphen (-) and for a folder it is d (for directory). There are plenty more but I’ll leave them for later.
Then there is a series of nine characters, broken into three-character chunks.
The first three identify the permissions for the owner. From left to right, these three are read, write and execute permissions. If the permission is given, a letter (r, w or x) will be in that space. If the permission is not granted, there will be a hyphen (-).
The next three is the same idea, but for group.
The last three is for everyone else, and what everyone else is allowed to do. It’s the same as the last two.
Here’s a visual look at what I mean (I’ve shorten execute to exec):
With me so far? OK, so a quick recap. If the permission is granted, the appropriate letter (r, w or x) appears in the space. If it’s not, a hyphen appears. So the image above is for a file with all permissions granted – i.e. everyone can read, write and execute this file.
Now take this example – only the owner can read and write (execute is not even given to the owner) and no-one else can do anything.
And another example – the owner and group can read and write (and the owner can execute), but everyone else has no access.
Easy isn’t it?
Well, that’s all I’m going to cover for now; that’s a very important concept that we’ll be putting into practice in Part 2 when I show you how to change permissions (graphically and otherwise) and explain a different (and even more geeky) way of representing permissions.
In the meantime, you can practise looking at and understanding permissions. Launch a terminal and then go exploring around in some folders looking at the permissions (remember if you’re not as root, you can’t accidentally delete anything – courtesy of file permissions!) Some commands you might need.
$ cd /
(go to root folder)$ ls -l
(list files with permission listing)$ cd foldername
(go into foldername)$ cd ..
(go up one folder)
Have a poke around in / and the other folders and see what permission settings you can decode using this explanation (they’ll be on the left when you run ls -l).
So, until Part 2…
And as with all my tutorials, if you’ve got any suggestions, had a few problems or you genuinely found this useful, I’d love it if you’d drop a comment on this post, it makes writing these so worthwhile!