Introduction

Every file under UNIX has a precise but customizable set of permissions that define how any user, group, or “everything else” can interact, view, and execute with anything in the system. Understanding UNIX permissions and how they work is imperative when using these operating systems as they quickly turn a procedure into an issue if the operator does not know or misuses them.

How they work

These permissions come as a set of 3 triplets, with each element signifying an instruction, or permission. Each instruction is defined by a specific byte number, and up to a maximum of “seven” bytes per instruction.

If we were to run ls -la in any path of our shell, we will get something similar to this:

-rwxrwxr-- 1 username groupname 469243574 Dec 25 20:48 'file.txt'

So, let’s break it down:

  • The first - “dash” indicates that this entry is a file. A d in place of the dash lets us know that the listing is for a directory.

Then, you see a bunch of letters mixed: rwxrwxr--, but divide each set by three letters. So if we have rwxrwxr--, divide it as such:

rwx | rwx | r--

These are the three triplets I mentioned earlier. And each of them indicates whose permissions they identify and which of those are enabled.

But first, let’s see what the letters mean and what value they have:

  • r identifies read permissions and has a byte value of 4

  • w identifies write permissions and has a byte value of 2

  • x identifies execute permissions and has a byte value of 1

 

IMPORTANT: You must keep in mind that a directory NEEDS execute permissions to work. ‘Accessing’ a folder IS considered EXECUTING it. The same goes for scripts in general.

 

The triplets themselves are divided by:

  • The first set defines owner permissions. The owner of the file or directory.
  • The second set defines group permissions. The group which owns the file or directory and recursively everyone inside the group.
  • The third set defines permissions for everyone else. Including the outside world, if the file or directory is hosted publicly online. For example, someone accessing your website in a folder needs “read” permissions within this triplet to access it.

It is easier to understand them if we think of the letters as “switches.” Once we switch one on inside a triplet, we add its byte value to the total of the triplet. For this reason, a FULL ACCESS permission set can be written as 777 or rwx|rwx|rwx . Switching off appropriate permission removes the byte value from the total.

Linux Permissions

Permissions need to be tailored with logic and need in mind. Always give the bare minimum permissions you expect you need and never more than that. Less is often better than more, so knowing what you’re going to do is imperative when deciding which permissions you need to set.

Everything else from the output defines the following:

  • The number before the username 1 indicates the level of directory and subdirectory that particular file or the folder it’s in
  • The username identifies the owner of that particular item
  • The groupname identifies the particular group item is related to (often the same as the user)
  • The number after the group name indicates the file’s size (shown in bytes, unless you add h to ls -la -> ls -lah which is a human readable argument)
  • Date and hour indicate when the file was last modified. It changes every time the data is modified
  • The last piece of information from the entry is the file’s name itself

Changing file’s permissions

Changing a file’s permission can be done with the chmod command, here’s the extract from tldr:

Give the [u]ser who owns a file the right to e[x]ecute it:
chmod u+x {{file}}

Give the [u]ser rights to [r]ead and [w]rite to a file/directory:
chmod u+rw {{file_or_directory}}

Remove e[x]ecutable rights from the [g]roup:
chmod g-x {{file}}

Give [a]ll users rights to [r]ead and e[x]ecute:
chmod a+rx {{file}}

Give [o]thers (not in the file owners group) the same rights as the [g]roup:
chmod o=g {{file}}

Remove all rights from [o]thers:
chmod o= {{file}}

Change permissions recursively giving [g]roup and [o]thers the abililty to [w]rite:
chmod -R g+w,o+w {{directory}}

I recommend using numbers when dealing with chmod, in a way, it is easier, and it helps you remember what the numbers mean more easily:

chmod 755 /var/www/html

A command like that would set full permissions to the owner of the folder (7), read, and execute (4+1=5) permissions to both the group owning the file and everyone else.

  • The -R flag allows recursion so that everything inside a folder is recursively affected by the command

Changing file’s ownership and group

Changing ownership and group of a file is done with the chown command, here’s the extract from tldr:

Change the owner user of a file/directory:
chown {{user}} {{path/to/file_or_directory}}

Change the owner user and group of a file/directory:
chown {{user}}:{{group}} {{path/to/file_or_directory}}

Recursively change the owner of a directory and its contents:
chown -R {{user}} {{path/to/directory}}

Change the owner of a symbolic link:
chown -h {{user}} {{path/to/symlink}}

Change the owner of a file/directory to match a reference file:
chown --reference={{path/to/reference_file}} {{path/to/file_or_directory}}

Adding a user to a group

With the usermod command, you can add any user to any group. Subsequently, that user will inherit access to everything the group has access to without necessarily being the owner of those files and subject to group permissions.

usermod -a -G group username

  • -a appends the user to the specified group(s) (to be used only with -G)
  • -G allows you to list several groups for the command to act upon

Want to support me?

Find all information right here

You can also support me here:

Credits

  • My mom