Explaining Linux File Permissions

Here, file permissions are core to the security model in Linux systems. They determine the accessibility of files and directories on a system (who can access them and how ). This blog provides an overview of Linux file permissions, how they work, and how to change them.

How To View File Permissions in Linux?

The ls command along with its – l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

 $ ls -l

 drwxr-xr-x. 4 root root    68 Jun 13 20:25 tuned

 -rw-r–r–. 1 root root  4017 Feb 24, 2022, vimrc

Here are the components of the Vimrc listing:

  • File type:  – (no special type of file)  
  • Permission settings:  rw-r–r–
  • Extended attributes:  dot (.)
  • User owner: root
  • Group owner: root

The tuned listing is for a d, or directory-type file. There are other file types as well, but these two are the most common

Reading file permissions 

This section is about the permission settings on a file. The permissions from the vimrc listing are:

rw-r–r–

This string is actually an expression of three different sets of permissions:

rw- ,  r– , r – –  

  • The first set of permissions:  the owner of the file. 
  • The second set of permissions: the user group that owns the file.
  • The third set of permissions: referred to as “others.” 
  • All Linux files belong to an owner and a group.

Permissions are different for different types of people, accordingly they can interact with a file. Each user gets an expression that includes the three basic types of permissions (read, write, and execute).

 For example, if  the owner of the file is given the following permissions:

rw- 

In the example above, 

  • Read (r) permission and Write (w) permission has been granted on the file. 
  • The execute permission (x) is not granted, which is why there’s a sign in the expression (disabled permission).

Using Octal Values To Specify Permissions

 In numeric mode,  file permissions are represented in numbers. A three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

  • r (read): 4
  • w (write): 2
  • x (execute): 1

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

  • Owner: r-x = 4+0+1 = 5
  • Group: r– = 4+0+0 = 4
  • Others: r– = 4+0+0 = 4

The results produce the three-digit value 544.

Role of Linux file permissions (what do they do?)

  • Read (r)

Read permission is used to access the file’s contents. You can use commands like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file’s contents to make a duplicate of it.

  • Write (w)

Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (> or >>) to change the contents of a file. Without written permission, changes to the file’s contents are not permitted. Sometimes, pipe ( | ) and tee are also used as commands

  • Execute (x)

Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts and a variety of interpreted languages.

The way to execute the contents of a file without execute permission would be invoking a Bash shell script, where you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute : 

$ bash script.sh

The executable being run is bash. The script.sh file is read by the Bash interpreter, and its commands are executed.

Modifying file permissions  

You can modify file and directory permissions with the chmod command, which stands for “change mode.” 

  •  To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. 
  • To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

   $ chmod ug+rwx file1.txt

   $ chmod o+r file2.txt

This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file’s group, chmod o represents other users not in the file’s group. For all users, use chmod a. Also, chown command and the chgrp command can be used to change the user owner and group ownership of a file respectively.

What are special file permissions?

Special file permissions are a set of permissions that allow a file to be executed with the privileges of the owner or group, regardless of the user who is running the file. There are three types of special file permissions:

  • Set user ID (SUID): When this bit is set, any user who runs the file will be granted the privileges of the file’s owner. This is often used for programs that need to have elevated privileges, such as password hashes or compilers.
  • Set group ID (SGID): When this bit is set, any user who runs the file will be granted the privileges of the file’s group. This is often used for programs that need to access shared resources, such as web servers or file-sharing programs.
  • Sticky bit: When this bit is set on a directory, only the owner of the file or the superuser can delete or rename files in the directory. This is often used for directories that contain temporary files, such as /tmp.

Special file permissions can be set using the chmod command. 

For example, to set the SUID bit on a file, you would use the following command:

chmod u+s filename

To set the SGID bit, you would use the following command:

chmod g+s filename

To set the sticky bit, you would use the following command:

chmod +t filename

How special permissions can be risky?

It is important to note that special file permissions can be a security risk. If a malicious user is able to gain access to a file with SUID or SGID permissions, they could potentially gain elevated privileges on the system. As such, it is important to only use special file permissions when absolutely necessary and to take steps to secure the files that have these permissions set.

Conclusion

In Linux, files and directories have permissions that control who can access them and what they can do with them. There are three types of permissions: read, write, and execute. The owner of the file or directory has the most permissions, followed by the group that owns the file or directory, and then everyone else. Permissions can be changed using the chmod command.

Posted

in

by

Tushar Tyagi (Software Developer)

Tags:

, , , , ,

Recent Post

  • Behind the Scenes: Building a Multi-Agent System to Handle 80% of Support Tickets Autonomously

    Let’s face it—support tickets are the silent killers of productivity. Behind every “Where’s my order?” or “I forgot my password” lies a bloated system of repetitive manual work, overworked agents, and frustrated customers stuck in virtual queues. Now, consider this: what if 80% of those tickets never needed a human in the first place? In […]

  • Agentic AI Explained: Definition, Benefits, Challenges and Use Cases

    Artificial Intelligence (AI) has evolved significantly, transitioning from rule-based systems to more dynamic, learning-based models. Among the latest advancements is Agentic AI, an AI paradigm that enhances autonomy, decision-making, and self-improvement capabilities. Unlike traditional AI, which primarily follows predefined rules or models, Agentic AI exhibits goal-oriented behavior, adapts to complex environments, and makes decisions with […]

  • AI in payment: Key applications, advantages, and regulatory considerations

    The financial landscape is undergoing a profound transformation, driven by the rapid advancements in artificial intelligence (AI). From enhancing security to streamlining transactions, AI is revolutionizing how we make payments, making the process faster, safer, and more seamless. The global AI in payments market is projected to reach an impressive USD 12.7 billion by 2026, […]

  • Generative AI for IT: Integration approaches, use cases, challenges, ROI evaluation and future outlook

    Generative AI is a game-changer in the IT sector, driving significant cost reductions and operational efficiencies. According to a BCG analysis, Generative AI (GenAI) has the potential to deliver up to 10% savings on IT spending—a transformation that is reshaping multiple facets of technology. The impact is especially profound in application development, where nearly 75% […]

  • Generative AI in Manufacturing: Integration approaches, use cases and future outlook

    Generative AI is reshaping manufacturing by providing advanced solutions to longstanding challenges in the industry. With its ability to streamline production, optimize resource allocation, and enhance quality control, GenAI offers manufacturers new levels of operational efficiency and innovation. Unlike traditional automation, which primarily focuses on repetitive tasks, GenAI enables more dynamic and data-driven decision-making processes, […]

  • Generative AI in Healthcare: Integration, use cases, challenges, ROI, and future outlook

    Generative AI (GenAI) is revolutionizing the healthcare industry, enabling enhanced patient care, operational efficiency, and advanced decision-making. From automating administrative workflows to assisting in clinical diagnoses, GenAI is reshaping how healthcare providers, payers, and technology firms deliver services. A Q1 2024 survey of 100 US healthcare leaders revealed that over 70% have already implemented or […]

Click to Copy