File permissions is a crucial aspect of Linux system security. They determine who can access which files and folders and what actions they can take on them. In this blog post, we will discuss the basics of file permissions in Linux and how to configure them to meet your needs.
Setting permissions on files and folders is an essential task that all Linux users should be familiar with. So let's begin by learning how to view Linux Permissions.
Viewing Linux Permission
Viewing Linux permissions is done using the ls
command with the -l
flag(long listing). For example, the following would show the permissions for the file named "file.txt":
ls -l file.txt
Returns
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
Let's break it down for easy understanding.
col 1 | col 2 | col 3 | col 4 |
---|---|---|---|
-rwxrwxrwx | 1 geekbits geekbits | 0 Aug 21 11:06 | file.txt |
The first column shows the permission bits for the "user", "group", and "other". The next column shows the number of hard links to the file, followed by the owner and group name. In col 3, we have the size of the file in bytes and then the timestamp of when it was last modified. Finally, we have the file name in col 4.
The important part is the permissions bit. It is divided into four columns - The file type, which can be a folder/directory (d) or a file (-), the User, the Group, and Other consecutively.
file type | user | group | other |
---|---|---|---|
- / d | rwx | rwx | rwx |
The "user" is the file owner, the "group" is a group of users that have access to the file, and "other" is everyone else. You can specify the permissions you want to give to the User, Group, or other, as we shall see when setting Linux permissions but first, let us understand the permissions.
Linux Permissions
When a file is created on a Linux system, it is given a set of default permissions. These permissions determine who can access the file and what actions they can take on it. The three main types of permissions are:
- Read (r) - This permission allows a user to view the contents of a file.
- Write (w) - This permission allows a user to modify the contents of a file.
- Execute (x) - This permission allows a user to execute a file or run it as a program.
In addition to these three main permissions, there are also special permissions that can be set on files and folders. These include:
- Setuid (u) - This permission allows a program to run with the permissions of the owner of the file.
- Setgid (g) - This permission allows a program to run with the permissions of the Group that owns the file.
- Sticky bit (t) - This permission prevents users from deleting or renaming files that they do not own.
These special permissions can be very useful in certain situations, but they also come with risks. For example, if a malicious user were to gain access to a setuid program, they could potentially use it to gain elevated privileges on the system. For this reason, it is vital to understand how these permissions work before using them.
How to set Linux Permissions
Now that we've covered the basics of Linux file permissions let's look at how to set them. It can be done using the chmod
command, "change mode." The chmod
command takes two arguments: the file or folder you want to modify and the permission you want to set.
chmod permission file/folder
For example: If we want to change the permission of "file.txt"
ls -l file.txt
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
The file has read, write and execute permissions for the "user", "group", and "other." Let's change that for the Group.
chmod g-w file.txt
-rwxr-xrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
As you can see, the file now has no "write" permission for the "group".
Adding permissions
To add the permission back, you can use the following command:
chmod g+w file.txt
If we list the permissions, the write permission has been added back to the Group.
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
You can do the same for the "other" and "User":
Removing Permissions
chmod u-r, o-rw file.txt
Returns:
--wxrwx--x 1 geekbits geekbits 0 Aug 21 11:06 file.txt
The User cannot read from the file, and "other" cannot read or write the file.
Let's add all the permissions back to the User:
chmod u+r file.txt
-rwxrwx--x 1 geekbits geekbits 0 Aug 21 11:06 file.txt
Copying permissions
You can copy permission from one section to another, e.g., copy the permissions from the "user" to "group" or "other." Let's see it in action.
chmod o=u file.txt
With this command, we are setting the other section to be equal to the user section, which has all permissions, and the results are as follows:
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
So now the "other" section has the same permission as the User.
Remember, when changing file permissions, you must have the proper permissions yourself.
Changing permissions numerically
You can use the octal notation( which uses numbers instead of letters) to specify the permissions to a file.
Example:
The number 000 means no permission, while the number 777 grants total rwx access to everyone. So to remove all permissions from the file, you would type:
chmod 000 file.txt
---------- 1 geekbits geekbits 0 Aug 21 11:06 file.txt
Adding all permissions:
chmod 777 file.txt
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
How does the numerical notation work?
The numerical notation for file permissions is quite simple. A number represents each permission section(user, group, other). For example, the read permission is represented by the number four, the write permission is represented by the number two, and execute permission is represented by the number one.
You use these numbers to turn on permissions.
For example, the number seven (4+2+1) turns on read, write, and execute permissions all at once. The number six (4+2) turns on read and write permissions while leaving execute permission turned off. And so on.
To change a file's permissions numerically, you use the chmod
command followed by the numerical representation of the desired permissions and then the filename. So to give read, write, and execute permissions to filename using numerical notation, you would type:
chmod 777 file.txt
-rwxrwxrwx 1 geekbits geekbits 0 Aug 21 11:06 file.txt
The number 777 grants full rwx access to everyone.
More examples:
chmod 761 file.txt
-rwxrw---x 1 geekbits geekbits 0 Aug 21 11:06 file.txt
7(4+2+1) - gives the user read, write, and execute permissions.
6(4+2) - provides the group with read and write permissions.
1(1) - gives execute permissions to "other."
Example
chmod 740 file.txt
-rwxr----- 1 geekbits geekbits 0 Aug 21 11:06 file.txt
Example
chmod 745 file.txt
-rwxr--r-x 1 geekbits geekbits 0 Aug 21 11:06 file.txt
Conclusion
As you can see, setting file permissions in Linux is a relatively simple task. However, it is essential to understand the basics before using the chmod
command, as improper use could potentially lead to security issues.
Now that we've covered the basics of file permissions, next time, we'll move on to some more advanced topics like setuid programs and how they can be used maliciously. Stay tuned for that.
Thanks for reading!!