File permission is a Security Feature in Linux. Let’s assume an example if you maintaining a server and on that server lots of users and you give read, write and execute FILE PERMISSION to a suspicious user then you will increase your server being tempered. That suspicious user can edit any configuration file or delete that file. So only give read permission to other users and only trusted person you should give write and execute FILE PERMISSION IN LINUX. Let’s Explore Linux file Permission with example.
In Linux file permission has two types:
To check file or directory permission, Use ‘ls -l ‘ command. you can read full ls command in my previous blog. you can click here to read that blog
FILE OWNERSHIP: Linux define his file permissions from three permission group which we called file ownership. the group are the following:
First is the OWNER/USER.
Second is the Group.
Third is Other/All.
Owner: By default who creates file or directory has become the owner of the file or directory.
on first dialog permission is for d is for directory and – dash sign is for file. first rwx for owner permission second r-x is for group permission in there – dash means no permission. same as third dialog r-x for other users permission
Group: Groups can contain multiple users. group users have the same permission which you set to group permission. it’s handy to set group permission instead to set user permission
to assume you have an accounting department that has 100 users to set permission. so it is easy to set permission to account group you just have to create a group account and add all users in that group and set that file or directory permission to the account group.
Other: Other user is a user who is not in the same group this user belongs to a different group of user or a single user which is not in the group. it is like you have two or three groups in a server account group sales group and BackOffice group etc. This permission is to give how sales group user, access account group file. This is how Ownership works in Linux now let’s see how FILE PERMISSION works in Linux.
Linux File Permission
Every file and directory has three types of permission Read, Write and Execute
To Check Linux File Permission Run Command “ls -l ” Example
Read permission on file you can read or see file content. and read permission on the directory you can list file content but this only show file name it will not show you file permission and with only read permission you can’t change into the directory. In the image, you can see file name .txt and directory name public has read permission
Write permission: on file only write permission gives you nothing, means you can’t see file content so how can you modify that so if you want to give write permission on the file you have to give read permission with that.
On directory only write permission you cant list directory content you cant change to directory
if you want to see directory content you have to give read and write permission.
Execute Permission: on file execute permission is to run the program file but remember only execute permission give your work done with executing read permission is also want to run program
On directory with execute permission, you can go that directory.
After all the file permission Now the Question is how Linux set Default Permission. Because when you create a file or directory you can see default permission on that file or directory?
Umask Value In Linux
The answer is for default permission is UMASK VALUE. For now, I just tell you how can you check your umask value because umask is a different topic which I cover later on my blogs. to check your umask value for FILE PERMISSION open your terminal and type command umask – S and hit enter
Here is the output you see on your terminal. you can see in image user/ file owner has full permission on that file and for that group-user has only read and execute to file and for other users also have only read and execute permission on file. Linux default permission didn’t give write permission for group user and other user only owner of file can modify that file who create.
After all this information about what is File ownership and File permission now the time is to know how can you change File Permission and File Ownership.
Change File Permission in Linux there are two ways:
To change File Permission the command is chmod
|User Denotation||User Effect|
Permission In Symbolic Mode
|Symbolic Permission||Permission Effect|
In a symbolic way, you can change Permission with letter rwx where r for read w for write and x for execute. if you want to give other users to execute permission for the file so did you remember? with execute permission you have to give read permission. to give permission in a symbolic way to add permission + plus sign you will give and to remove permission – minus sign is used. Here is a command to give permission to other users to read and execute permission chmod o+rw (here your file name).
on this image you see first I check Permission with ‘ls -l’ command the file name file has no permission for other so I run chmod command to give read and execute permission and after that, I check permission with ‘ls -l’ now the file is read and execute permission for other.
And if you want to remove permission just replace + plus sign with – minus sign and your permission will remove.
In this mode, file permissions are not represented as characters but a three-digit octal number.and in this mode because of octal you did not want to give the user denotation
The table below gives numbers for all permissions types:
|Permission type||Effect on Permission||Number value|
So in a numeric way suppose your Owner wants to give self for full permission and group for read and execute and for others read and execute. Then the chmod command is for in Numeric way is chmod 755 (filename/Directory)that’s all, you don’t need to give any user denotation of any plus or minus sign. This is how you change File Permission in Numeric way.
Changing Ownership and Group
To change ownership and group the command is chown
only change owner command is chown (owner name ) file name.
To change owner and group command is chown (owner name):(group name) (filename)
on the above image, you can see the file that the owner has wolverine so I run chown command with new owner name root. then after the run command, I again check with ‘ls -l’ so now the file owner has changed.
chown (owner):(new group) (filename) you can see after running the command file owner and group changed to root.
On the above image first, I check the owner and group so the owner of the file is root but the file belongs to the wolverine group so now I have to change the group to root so I run command. That how File Permission and File Ownership works in Linux
Some important facts:
To see System Generated default Groups run command (groups)
To make new group run command:- newgrp (group name)
Two different groups can not own the same file.
There are some more advance File Permission which I cover in another blog.