Permissions in Linux

Basic File Permissions

Permission Groups

Each file and directory has three user based permission groups:

owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.

group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.

all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

Permission Types

Each file or directory has three basic permission types:

read - The Read permission refers to a user's capability to read the contents of the file.

write - The Write permissions refer to a user's capability to write or modify a file or directory.

execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory.

In a normal file there are three permission attributes: read (r), write (w), and execute (x). There is also a fourth character, "-", that means no permission. These permissions are given to a particular user or group. The read permission lets you read data from the file. The write permission lets you write new data to the file. The execute permission lets you run the file as a program. 

To check the permissions, use the ls -l command.  This command will return a list of all of the filenames and their permissions in the current directory.  The beginning of each line will be a string of letters and dashes that tells you the permissions for that file.

For example, after you run the ls -l command, you will see text that is similar to the following line:

drwxr-xr-x 2 user user 4096 Jan 18 5:58 Desktop

d rwx r-x r-x

At the beginning of every line there is a set of characters that contain permission information; it is found within the red square in the image above. The first character will be a "d" for a directory, or a "-" for a regular file or 'l' for a link. The first set of 3 letters indicates permissions for the owner, which is the first name listed (user). The second set of 3 letters indicates the permissions for the group (user). The third set of letters represents the permissions for everyone else.  The example line above would indicate that user has read, write, and execute access, while the group and everyone else have only read and execute access.

To change the file permissions, you must have privileges to write to the file (as you are making changes to the file). The command to change permissions is chmod. With chmod, you need to specify three items: the user or group you are changing, whether you are adding or removing privileges, and which privileges you are adding/removing. 

First, you specify the user or group with the following letters: user (u), group (g), or all users (a).  Next, you use the operator '+'  or '-' to either add or remove privileges, respectively. Lastly, you use the letters r, w, and x to select the new permissions for the file.

For example, to change the permissions for all users to have read, write, and execute permissions, you would execute: chmod a+rwx FileName.  To remove the write privilege from the owning user, you would execute chmod u-w FileName.

You may alternatively use chmod with numbers instead of letters. You would then use the chmod command with a three digit number. The first digit gives the owner's permissions, the second one the group, and the third everyone else's. The number used is an addition of the three possible permissions; 1 for Execute, 2 for Write, 4 for Read. 

For example, the following command would give the user, the group and everyone else Execute, Write and Read permissions: 

chmod 777 FileName

The next example would give Execute, Write and Read permissions to the user (1+2+4), Read and Write to the group (4+2) and Execute to everyone else (1)

chmod 761 FileName