Understanding Linux File Permissions

Linux and UNIX file permissions are possibly one of the hardest things for a beginner to understand, so here in this post I am going to try and make you understand them! It will cover using chmod correctly as well as show you how to understand the permission strings and chmod’s number system.

What are permissions?

On a Linux or UNIX server, every single file or directory has a set of permissions associated with them, dictating who is allowed to ‘do things’. Every file and folder has an ‘owner’ and a ‘group’ tied to them, the owner is usually the user who created the file, and the group will be a group they are part of, but all of these can be changed using chown which will also be covered later.

In total there are three different types of user that can ‘do things’ to files, the ‘owner’ and ‘group’ of course, then there’s another type that isn’t strictly associated with a file as they are just called ‘other’ users which means every other user on the server.

What ‘things’ can they do?

There are three types of permission that can be applied to a file or folder, four if you wish to include having no permissions.

Read – The file can be read, or the contents of the folder can be read.

Write – The file can be written to, or changed, and for folders this means you can create or delete files inside.

Execute – The file can be ran if it’s an executable, or folders can be accessed.

You may notice ‘Read’ and ‘Execute’ seem to contradict when referring to folders.

If you set a read permission on a folder but no execute, you will be able to see the contents of a folder, but you can’t “access” it, such as changing directory to it.

So why do I need to set permissions correctly?

In the past, before I put the effort into learning the permissions system properly, I used to set files and folders to be readable, writeable and executable by everyone. It’s a very lazy way to make things play, and if you are on a system that isn’t working with other users, it’s possible to get away with it for a while.

Some applications will of course need access to files and folders to do different tasks. A web server for example will need to access all of the folders and files where you have stored your web content. If you use a server side language such as PHP, the process manager will need to have the correct permissions to execute files.

On the other hand though, some applications will require you to set permissions securely and properly for them to work. SSH when using public-key authentication (which I covered in an article) for example, in StrictMode it will require the permissions to be correct or it won’t let you authenticate.

Permission Strings

Now we know the basics of permissions, we can move on to understanding how to set them.

Permissions are represented on Linux and UNIX using a string of characters which you may recognise, they can be seen when using FTP programs alongside a list of files, or they can also be seen in the command line when using a command such as ls -lah. They probably looked like this:

drwxr-xr-x

The first character in that string represents the file type, it could be any of these:

–  = Regular File
d = Directory
l = Symbolic Link
s = UNIX Domain Socket
p = Named Pipe
c = Character Device File
b = Block Device File

The rest of the nine characters in the string represent the file’s permissions divided into the three user types (In this order: ‘Owner’, ‘Group’ and ‘Other’), each consisting of three characters of course.

So the first three characters represent the ‘Owner’ permissions. You get the drift?

The first character always represents ‘Read’ permissions, the second ‘Write’ and the third is ‘Execute’.

The characters are as follows, they are very self explanatory:

r = Read
w = Write
x = Execute
= None

Example: So lets make use of the example string from above again.

drwxr-xr-x

From that permission string, we can see that it is a directory/folder that has read, write and execute permissions for the ‘Owner’, but only has read and execute permissions for both the ‘Group’ and ‘Other’ users.

CHMOD Numbers

When changing file permissions, you can use the chmod command in two different ways. If you want, you can use the string method described in the section above, or you can use the numbering system which we will move onto now.

The number method is much faster once you understand it, but make sure you understand the string method first as it will help you to understand the numbers.

chmod 755 /myfolder

The command above will change the permissions of ‘myfolder’ to 755, which in string format is “drwxr-xr-x“. If you apply the -R flag to the command, it becomes recursive and changes everything inside the folder to the same permissions too.

So what do the numbers mean?

4 = Read (r)
2 = Write (w)
1 = Execute (x)
0 = None ()

To get the permission setting you want, you can add those numbers together. For example, if you want “rwx” permissions, 4 + 2 + 1 = 7. If you wanted just “rx” permissions you would do 4 + 1 = 5.

Just like the permission strings, the numbers are in the order of ‘Owner’, ‘Group’ and ‘Other’. So with the permission 755, the 7 represents the owner’s permissions, the first 5 represents group permissions and the tailing 5 represents everyone else’s permissions.

Changing Owner/Group

Now you know how permissions work, you may understand it’s important to have the correct owner and group set on a file or folder.

There is a very simple command to do this, chown, you can change both the owner and group using this command.

chown -R bob:bob /myfolder

So the command above is changing the folder ‘myfolder’ to be owned by the user ‘Bob’ and the group ‘Bob’. It also has the recursive flag set (-R) which means that all files and folders inside ‘myfolder’ will be under Bob’s ownership.

Conclusion

You now hopefully have a better understanding of the permissions system in Linux and UNIX. This will make life so much easier when it comes to setting up other users and applications on your server, and it will lead to better security.

If you have any issues with my post, please do leave me a comment below, it will be most appreciated. I’d also love to know if you enjoyed my post!