If you’ve ever tinkered with a Unix-like system, you’ve encountered ownerships and permissions. Every file and folder on the operating system are owned by a user, and the group that the user belongs to. Furthermore, every file and folder will have specific permissions allowed to the user, other users in that group, and everyone else.
Viewing Permissions & Ownership
To see the permissions of files and directories in Linux, in terminal/console/shell use: ls -l
The first character ‘d’ represents the filetype (directory).
The next nine characters represent the permissions:
The first three characters (rwx) indicate the permissions for the owner of the file: read, write, and execute.
The next three (r-x) indicate the permissions for the group that owns the file: read and execute, but not write.
The last three (r-x) indicate the permissions for everyone else: read and execute, but not write.
The next column (‘3’, ‘2’, ’11’, ‘2’) indicates the number of hard links to the file/folder.
The following column is the user that owns the file (root).
The next column is the group that owns the file (root).
Next, is the size of the file in bytes. Note, that the size of directories will always output 4096 bytes, as ls -l does not show you the size of the contents of the files within. Use du -hd 1 instead.
The date is next.
Lastly is the file/folder name.
Filetypes
The very first character in the output of ls -l is the filetype. Here is a list of different filetypes you can encounter:
- – : This denotes a regular filetype.
- d : Directories
- l : Symbolic links
- b : Block devices such as hard disks or USB drives. Block devices are typically represented by device files in the
/devdirectory, such as/dev/sdaor/dev/sdb. - c : Character devices such as a keyboard or mouse. Character devices are typically represented by device files in the
/devdirectory, such as/dev/ttyor/dev/lp0. - p : Named devices (or FIFOs) are special files that allow inter-process communication
- s : Sockets are special files that allow communication between processes over a network or a local computer
Some devices, such as tape drives or network interfaces, can be represented as both block devices and character devices, depending on the type of access required.
Understanding Permissions
The permissions of the file can be easily remembered as:
- r : Read
- w : Write
- x : Execute
In many cases you will see r/w/x written out as a numerical value. The numerical syntax takes a total of three digits: the first cites permissions of the owner, next is the group, then is everyone else.
r = 4
w = 2
x = 1
- = 0For each permission group, you would add the numbers together to grant wanted permissions. For example, if I want to give full read, write, and execute permissions to the owner [4 + 2 + 1 = 7], only read and execute permissions to the owner-group [4 + 1 = 5], and no permissions to everyone else on the system [0], my numerical syntax for permissions would be 750.
rwx = 7
rw- = 6
r-x = 5
r-- = 4
-wx = 3
-w- = 2
--x = 1
--- = 0Changing permissions
To update permissions on a file or folder, first you must be logged in as a user with enough privileges to handle such tasks. For example, you’re not going to be able to change permissions of a file owned by root when logged in as a non-superuser.
To update permissions in Linux, you can use chmod and chown. The letter or numeric syntax may be used.
chmod is used to update the permissions provided to the existing user, group, or others. The syntax takes the form of chmod [who][give/take-away][permission] [filename]. For example:
chmod u+r file.phpIn this example, we are giving read permissions to the owner for file.php.
Look at the chart below to interpret the possible options:
Symbol Meaning
------+----------------
u User/owner
g Group
o Other/everyone else
a All users (equivalent to "ugo")
------+----------------
+ Add permission(s)
- Remove permission(s)
= Set permission(s) explicitly
------+----------------
r Read permission
w Write permission
x Execute permissionChanging ownerships
In addition to changing file permissions, you may also need to update file ownership. Ownership is important because it determines which user or group has the ability to access and modify the file. To change ownership in Linux, you can use the chown command.
The syntax of chown is straightforward. It takes the form of chown [user]:[group] [filename]. For example:
chown bob:developers file.php In this example, we are changing the ownership of file.php to the user “bob” and the group “developers”.
If you want to change only the owner or the group, you can use the colon (:) to separate the two. For example:
chown bob file.phpIn this example, we are changing the owner of file.php to the user “bob”.
Or:
chown :developers file.phpIn this example, we are changing the group of file.php to the group “developers”.
Note that you must be logged in as a user with enough privileges to change ownership of a file. If you don’t have the necessary privileges, you’ll need to use the sudo command to run chown with superuser permissions.
If you try to change the group ownership of a file to a group that the user is not a member of, you’ll receive an error message similar to “chown: invalid group: ‘newgroup'”. In this case, you’ll need to add the user to the group first, using the usermod or the gpasswd command, before you can use chown to change the group ownership of the file.
For example, to add the user “bob” to the group “newgroup”, you can use the following command:
sudo usermod -aG admins bobAfter the user is added to the group, you can then change the group ownership of the file using the chown command as follows:
sudo chown :admins file.phpIn summary, changing file permissions and ownerships are important tasks that you may need to perform when working with files and folders in Linux. The chmod and chown commands can be used to update permissions and ownerships respectively. Make sure you have the necessary privileges before attempting to make any changes.