Even though I was using Linux for a while, I really didn’t got the idea with the file permissions clear from the beginning. Or even after a year. Changing permissions to allow certain things to happen (e.g. execute a script file) was embedded into my habits, but without really understanding what was happening. Nor did I was that interested to find out, but there is a point where you really want to know what you’re doing and not run commands just because you want “stuff working”.
When trying to find out something about a files permission, one would use “ls -l” ; or if you want more info like space usage – “ls -lsh”
It got pretty confusing understanding the “-rw–“‘s and such (without bothering to read about it). I’ve noticed that It was easier to understand numbers associated with permissions (e.g. a script being executable would have to have a 7 or more associated with its permissions). After discovering the “stat -c “%a %n” *” things got a bit prettier.
It even became more pretty, when using Filezillas GUI to change permissions. There are both letters and numbers.
What are permissions and why are they used?
Permissions underlines which users should be able to read, write and execute the files that they own or that other users might own. Even more simply put, establishing who should be able to do what with a certain file, to avoid unwanted damage or unwanted access to a system. This is also referred to as privilege separation .
In a multi-user environment (where by user we understand a physical human user and virtual users that are created to handle certain parts of the system) a feature like this is what the system needs to ensure order and security both for the end-users and for the environment itself.
Different notations for permissions
Earlier I mentioned something about permissions with numbers and others with letters. These are referred to:
- symbolic mode permission – using letters and symbols : r w x a o u g + –
- octal mode permissions – using numbers : 755, 644, 440
Each file will have a set of 10 symbols and 2 names associated with its permissions. Below you can see the output of “ls -l” and the more graphical view over how those symbols are associated between each other.
- file-type – the file-type can be one of 3 :
- file – noted as “-“
- directory – noted as “d”
- symbolic link (symlink) – noted as “l”
- owner – also referred to as “user” or “u”
- group – the name of the group that the user is part of
- public – also referred to as “other of world” or “o”
- all – all permission categories included (owner,group,public) ; also referred to as “a”
- permissions are added to a file using the “+” operator
- permissions are being removed for user using the “-” operator
A user will be able to have the following set of permissions over files :
- read – noted “r” with the value of “4”
- write – noted “w” with the value of “2”
- execute – noted “x” with the value of “1”
- no permissions – will result in the value of “0”
So, in order to play with the symbols and operators from above, let’s take a look at the following examples. The command to use in Linux to set permissions is “chmod”.
chmod a+x file.sh
Will grant executable permissions over file.sh to the owner of file.sh, the group that the owner is part of and to the public.
chmod uo+rw file.sh
Will add read and write permissions to the user (owner) of the file and to the public (other)
You probably noticed that I associated the permissions above with some values. These are to be used when setting permissions in octal (numeric) mode. I’ve seen it to be more commonly used and more easily understandable than the symbolic mode from above. Like in the symbolic mode, the octal mode is linked with the set of permissions associated with each entity having control over a file (owner, group, public).
chmod 750 file.sh
Will set read,write,execute permissions for the owner of the file, read and execute for the group that the owner is part of and no permissions for public. How is this possible ? Each character of the number 750 is formed based on the addition of values associated with the permissions required. In this case, the first character (7) is associated with the owners permissions over the file, them being read (4) , write (2) and execute (1). Added together, forming a 7.
To have a practical approach on viewing how permissions are being written in different ways, you can check out the “Linux permissions prettifier“. It follows same idea as the GUI in Filezilla mentioned above.
People tend to ignore manual pages and explanations and when they just want to “get stuff working” they want a quick fix/solution. While the quick fix might get your things up and running, it is crucial to understand what you are doing there so that something else is not (will be) affected. You will get into a lot of weird errors and situations simply because you didn’t want to read that boring manual page but remember that it will save a lot of headaches in the long run.