Understanding Linux File Permissions and Ownerships

From one of our previous articles "How to manage Linux Users and Groups" we discussed on how Linux becomes a multi-user OS, what is a user and a group with their configurations. By design, even though Linux allows multiple users can use the same computer in the same time without affecting others, Linux doesn't allow you to access or modify files belonging to other users. If Linux allows you to do it, that would be a security risk. But somehow they have implemented a security measure to mitigate that security risk. With that we can make sure only desired users and groups can access the relevant files and directories.

If we take a small demonstration. Here, we will log in as a normal user and try to access a root directory.


It gave a permission denied error when accessing. Why ? That's because /root directory is owned by user root. Only a privileged user can access or modify that.

So, Linux introduces two kind of factors which tells who can access or modify a file as well as what level of permissions a user has to access a file.

  1. File Ownership
  2. File Permissions

Learning above two is very essential. We will discuss one by one with examples that suits for you. 

As the first thing, we will take a single file to identify file ownership and permissions. 

Linux file permissions and ownership

File Ownership

* Each an every file and a directory is owned by a User (UID) or named as the owner of the file and a Group (GID). There is one more group named as  Others. 

User

User is the owner of a file or a directory. If you create one, you will be the owner of that file/directory. On the above image, my_password_file is owned by student. Please note that these ownership can be changed as per request. 

Group

A group is a set of users. So group ownership means the file can be accessed for all the users in that group with the permissions that group has.  So everybody in that group will get the same permissions. With the group ownership, we don't need to give access to users manually. If a set of users request access for a file or directory, we can simply create a group of that users and give permissions for that group. That group permissions will inherit to it's users. 

Others

Others means all the rest of users in the system. The permissions set to others will be applicable for all the rest of the users in the system. 

To view the ownership of a file, you can use with a simple ll command as below. 


Here owner and group owner is student.


Here owner and group owner is root. 

To view the ownership of a directory, use ll -ld command as below. 


The owner and group of root directory is also root. 

* Note : You can use these commands to view your groups and your logged in user - id , groups, whoami

How to change the ownership of a file

We use chown command to change the ownership of a file or directory. There are some ways of using chown command as below. 

1) To change the owner only of a file
syntax : chown <options> <new user> <file name>

2) To change both owner and the group of a file
syntax : chown <options> <new user>:<new group> <file name>

3) To change only the group of a file
syntax : chown <options> :<new group> <file name>

* Colon (:) is used to separate the file owner and group owner. And if changing only group owner, in front of the group owner name we put a colon like above.   
* Another command for changing group owner is chgrp. The syntax is as below. 

syntax : chgrp <options> <group name> <file name>

* Note : If you want to change the ownership to root, you must use sudo with the command. Also you can't change the owner to someone-else that you don't own. 

How to change the ownership of a directory and it's files inside of it ?

We can use changing ownership recursively. It is easy. Just you can use option -R with the chown command. 

eg : Guess we have a directory named test and it's owner and group owner is user student. Inside of test directory we have created files as below. 




So, i need to change the permission of that directory and it's files from student user to user osanda. 

chown command in linux


* For chgrp command also you can use -R option to change the group ownership recursively. 

File Permissions

In Linux, Each an every file and directory have three types of permissions assigned for above mentioned owners, group owners and other group. 
  • Read Permission (r) - Can read the files, Can list files in the directory. 
  • Write Permission (w) - Can modify the files, Can create,modify,delete files in the directory.
  • Execute Permission (x) - Can execute the file, Can enter to the directory. 
Note : The permissions are changing it's behavior when considering whether it is a file or a directory. I have listed that on the above how the permissions understand when it is in a file and when it is in a directory. 

We will take an example to see how this looks in Linux. 


On the above image, the file permissions for my_password_file is shown within an arrow.

linux file permissions and ownership


File type represents with a symbol or a letter to identify what kind of file is that. There are some notations. Some of them are as below.

d : directory
-  : file
l  : link

Every user,group and other group has rwx perms has assigned for a file/directory as previously mentioned. These 3 characters has some values. They represents in the power of number 2.

r - 2 power 2 = 4
w -2 power 1 = 2
x - 2 power 0 = 1


So, the sum of r,w,x is 4 + 2 + 1 = 7.

Because of that, the highest permission level that any user can have is 7, which mean rwx.

eg :
linux file permissions with numeric format.

Note : 0 means no permissions. If a user doesn't has write access, w should be equal to zero. 

By using the above information, we can give permissions to different users.

* As root is a super user, root can read,write,execute any file/directory in the system. 

How to change file permissions

For changing file permissions we use a command named chmod. Meaning change mode. 

syntax : chmod <options> <permissions> <file name>

There are two ways of using chmod command. 
  1. Absolute mode
  2. Symbolic mode
Absolute mode

Here, we represent permissions in numeric form. The perms in numbers like 774, 664, 777, 600. 

eg : chmod 775 file.txt 

That will give read, write and execute perms for the owner of the file, read, write and execute perms to the owning group and read and execute perms to others ( 5 = 4 + 1 )

Symbolic mode

Here, we give perms with the owner directly with below symbols. 

owner : u
group : g
others : o
all : a
+ : add perms
- : remove perms
= : This overwrites all the perms with new. 

eg :

1) chmod a+x file.txt  - This adds execute perms to all the users
2) chmod o-wx file.txt  - This removes write and execute perms from others
3) chmod u+rwx,g+rw,o+r file.txt - This adds multiple perms for multiple classes. 

How to set perms recursively

We can use -R option to set perms recursively as below. 

chmod -R <perms> <file name>
 
So, from this article we discussed about most of the things regarding file ownership and permissions with examples and how to change those as well. Please refer more with man pages like man chmod, man chgrp, man chown. 


Other resources :

Please feel free to ask if you have any questions.

Cheers!



Comments

Popular posts from this blog

Different types of users in linux

How to manage Linux Users and Groups