Explaining Linux File Permissions

Here, file permissions are core to the security model in Linux systems. They determine the accessibility of files and directories on a system (who can access them and how ). This blog provides an overview of Linux file permissions, how they work, and how to change them.

How To View File Permissions in Linux?

The ls command along with its – l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

 $ ls -l

 drwxr-xr-x. 4 root root    68 Jun 13 20:25 tuned

 -rw-r–r–. 1 root root  4017 Feb 24, 2022, vimrc

Here are the components of the Vimrc listing:

  • File type:  – (no special type of file)  
  • Permission settings:  rw-r–r–
  • Extended attributes:  dot (.)
  • User owner: root
  • Group owner: root

The tuned listing is for a d, or directory-type file. There are other file types as well, but these two are the most common

Reading file permissions 

This section is about the permission settings on a file. The permissions from the vimrc listing are:

rw-r–r–

This string is actually an expression of three different sets of permissions:

rw- ,  r– , r – –  

  • The first set of permissions:  the owner of the file. 
  • The second set of permissions: the user group that owns the file.
  • The third set of permissions: referred to as “others.” 
  • All Linux files belong to an owner and a group.

Permissions are different for different types of people, accordingly they can interact with a file. Each user gets an expression that includes the three basic types of permissions (read, write, and execute).

 For example, if  the owner of the file is given the following permissions:

rw- 

In the example above, 

  • Read (r) permission and Write (w) permission has been granted on the file. 
  • The execute permission (x) is not granted, which is why there’s a sign in the expression (disabled permission).

Using Octal Values To Specify Permissions

 In numeric mode,  file permissions are represented in numbers. A three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

  • r (read): 4
  • w (write): 2
  • x (execute): 1

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

  • Owner: r-x = 4+0+1 = 5
  • Group: r– = 4+0+0 = 4
  • Others: r– = 4+0+0 = 4

The results produce the three-digit value 544.

Role of Linux file permissions (what do they do?)

  • Read (r)

Read permission is used to access the file’s contents. You can use commands like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file’s contents to make a duplicate of it.

  • Write (w)

Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (> or >>) to change the contents of a file. Without written permission, changes to the file’s contents are not permitted. Sometimes, pipe ( | ) and tee are also used as commands

  • Execute (x)

Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts and a variety of interpreted languages.

The way to execute the contents of a file without execute permission would be invoking a Bash shell script, where you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute : 

$ bash script.sh

The executable being run is bash. The script.sh file is read by the Bash interpreter, and its commands are executed.

Modifying file permissions  

You can modify file and directory permissions with the chmod command, which stands for “change mode.” 

  •  To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. 
  • To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

   $ chmod ug+rwx file1.txt

   $ chmod o+r file2.txt

This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file’s group, chmod o represents other users not in the file’s group. For all users, use chmod a. Also, chown command and the chgrp command can be used to change the user owner and group ownership of a file respectively.

What are special file permissions?

Special file permissions are a set of permissions that allow a file to be executed with the privileges of the owner or group, regardless of the user who is running the file. There are three types of special file permissions:

  • Set user ID (SUID): When this bit is set, any user who runs the file will be granted the privileges of the file’s owner. This is often used for programs that need to have elevated privileges, such as password hashes or compilers.
  • Set group ID (SGID): When this bit is set, any user who runs the file will be granted the privileges of the file’s group. This is often used for programs that need to access shared resources, such as web servers or file-sharing programs.
  • Sticky bit: When this bit is set on a directory, only the owner of the file or the superuser can delete or rename files in the directory. This is often used for directories that contain temporary files, such as /tmp.

Special file permissions can be set using the chmod command. 

For example, to set the SUID bit on a file, you would use the following command:

chmod u+s filename

To set the SGID bit, you would use the following command:

chmod g+s filename

To set the sticky bit, you would use the following command:

chmod +t filename

How special permissions can be risky?

It is important to note that special file permissions can be a security risk. If a malicious user is able to gain access to a file with SUID or SGID permissions, they could potentially gain elevated privileges on the system. As such, it is important to only use special file permissions when absolutely necessary and to take steps to secure the files that have these permissions set.

Conclusion

In Linux, files and directories have permissions that control who can access them and what they can do with them. There are three types of permissions: read, write, and execute. The owner of the file or directory has the most permissions, followed by the group that owns the file or directory, and then everyone else. Permissions can be changed using the chmod command.

Posted

in

by

Tushar Tyagi (Software Developer)

Tags:

, , , , ,

Recent Post

  • How Reinforcement Learning is Shaping the Next Generation of AI Chatbots?

    AI chatbots are no longer just about answering “What are your working hours?” or guiding users through FAQs. They’re becoming conversation partners, problem solvers and even reporting managers and sales agents. What’s driving this transformation? Enter Reinforcement Learning (RL)—a type of machine learning that’s changing the way chatbots think, learn, and respond. At Codalien Technologies, […]

  • AI Chatbots for Sales Team Automation: The Critical Role of AI Sales Assistants in Automating Your Sales Team

    Sales teams are the heart of any successful business, but managing them effectively can often feel like trying to juggle flaming swords. The constant pressure to generate leads, maintain relationships, and close deals leaves your team overwhelmed, spending more time on administrative tasks than actual selling. Here’s where AI-powered sales assistants step in to completely […]

  • Transforming HR with AI Assistants: The Comprehensive Guide

    The role of Human Resources (HR) is critical for the smooth functioning of any organization, from handling administrative tasks to shaping workplace culture and driving strategic decisions. However, traditional methods often fall short of meeting the demands of a modern, dynamic workforce. This is where our Human Resource AI assistants enter —a game-changing tool that […]

  • How Conversational AI Chatbots Improve Conversion Rates in E-Commerce?

    The digital shopping experience has evolved, with Conversational AI Chatbots revolutionizing customer interactions in e-commerce. These AI-powered systems offer personalized, real-time communication with customers, streamlining the buying process and increasing conversion rates. But how do Conversational AI Chatbots improve e-commerce conversion rates, and what are the real benefits for customers? In this blog, we’ll break […]

  • 12 Essential SaaS Metrics to Track Business Growth

    In the dynamic landscape of Software as a Service (SaaS), the ability to leverage data effectively is paramount for long-term success. As SaaS businesses grow, tracking the right SaaS metrics becomes essential for understanding performance, optimizing strategies, and fostering sustainable growth. This comprehensive guide explores 12 essential SaaS metrics that every SaaS business should track […]

  • Bagging vs Boosting: Understanding the Key Differences in Ensemble Learning

    In modern machine learning, achieving accurate predictions is critical for various applications. Two powerful ensemble learning techniques that help enhance model performance are Bagging and Boosting. These methods aim to combine multiple weak learners to build a stronger, more accurate model. However, they differ significantly in their approaches. In this comprehensive guide, we will dive […]

Click to Copy