Explaining Linux File Permissions

Here, file permissions are core to the security model in Linux systems. They determine the accessibility of files and directories on a system (who can access them and how ). This blog provides an overview of Linux file permissions, how they work, and how to change them.

How To View File Permissions in Linux?

The ls command along with its – l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

 $ ls -l

 drwxr-xr-x. 4 root root    68 Jun 13 20:25 tuned

 -rw-r–r–. 1 root root  4017 Feb 24, 2022, vimrc

Here are the components of the Vimrc listing:

  • File type:  – (no special type of file)  
  • Permission settings:  rw-r–r–
  • Extended attributes:  dot (.)
  • User owner: root
  • Group owner: root

The tuned listing is for a d, or directory-type file. There are other file types as well, but these two are the most common

Reading file permissions 

This section is about the permission settings on a file. The permissions from the vimrc listing are:

rw-r–r–

This string is actually an expression of three different sets of permissions:

rw- ,  r– , r – –  

  • The first set of permissions:  the owner of the file. 
  • The second set of permissions: the user group that owns the file.
  • The third set of permissions: referred to as “others.” 
  • All Linux files belong to an owner and a group.

Permissions are different for different types of people, accordingly they can interact with a file. Each user gets an expression that includes the three basic types of permissions (read, write, and execute).

 For example, if  the owner of the file is given the following permissions:

rw- 

In the example above, 

  • Read (r) permission and Write (w) permission has been granted on the file. 
  • The execute permission (x) is not granted, which is why there’s a sign in the expression (disabled permission).

Using Octal Values To Specify Permissions

 In numeric mode,  file permissions are represented in numbers. A three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

  • r (read): 4
  • w (write): 2
  • x (execute): 1

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

  • Owner: r-x = 4+0+1 = 5
  • Group: r– = 4+0+0 = 4
  • Others: r– = 4+0+0 = 4

The results produce the three-digit value 544.

Role of Linux file permissions (what do they do?)

  • Read (r)

Read permission is used to access the file’s contents. You can use commands like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file’s contents to make a duplicate of it.

  • Write (w)

Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (> or >>) to change the contents of a file. Without written permission, changes to the file’s contents are not permitted. Sometimes, pipe ( | ) and tee are also used as commands

  • Execute (x)

Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts and a variety of interpreted languages.

The way to execute the contents of a file without execute permission would be invoking a Bash shell script, where you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute : 

$ bash script.sh

The executable being run is bash. The script.sh file is read by the Bash interpreter, and its commands are executed.

Modifying file permissions  

You can modify file and directory permissions with the chmod command, which stands for “change mode.” 

  •  To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. 
  • To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

   $ chmod ug+rwx file1.txt

   $ chmod o+r file2.txt

This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file’s group, chmod o represents other users not in the file’s group. For all users, use chmod a. Also, chown command and the chgrp command can be used to change the user owner and group ownership of a file respectively.

What are special file permissions?

Special file permissions are a set of permissions that allow a file to be executed with the privileges of the owner or group, regardless of the user who is running the file. There are three types of special file permissions:

  • Set user ID (SUID): When this bit is set, any user who runs the file will be granted the privileges of the file’s owner. This is often used for programs that need to have elevated privileges, such as password hashes or compilers.
  • Set group ID (SGID): When this bit is set, any user who runs the file will be granted the privileges of the file’s group. This is often used for programs that need to access shared resources, such as web servers or file-sharing programs.
  • Sticky bit: When this bit is set on a directory, only the owner of the file or the superuser can delete or rename files in the directory. This is often used for directories that contain temporary files, such as /tmp.

Special file permissions can be set using the chmod command. 

For example, to set the SUID bit on a file, you would use the following command:

chmod u+s filename

To set the SGID bit, you would use the following command:

chmod g+s filename

To set the sticky bit, you would use the following command:

chmod +t filename

How special permissions can be risky?

It is important to note that special file permissions can be a security risk. If a malicious user is able to gain access to a file with SUID or SGID permissions, they could potentially gain elevated privileges on the system. As such, it is important to only use special file permissions when absolutely necessary and to take steps to secure the files that have these permissions set.

Conclusion

In Linux, files and directories have permissions that control who can access them and what they can do with them. There are three types of permissions: read, write, and execute. The owner of the file or directory has the most permissions, followed by the group that owns the file or directory, and then everyone else. Permissions can be changed using the chmod command.

Posted

in

by

Tushar Tyagi (Software Developer)

Tags:

, , , , ,

Recent Post

  • Generative AI for IT: Integration approaches, use cases, challenges, ROI evaluation and future outlook

    Generative AI is a game-changer in the IT sector, driving significant cost reductions and operational efficiencies. According to a BCG analysis, Generative AI (GenAI) has the potential to deliver up to 10% savings on IT spending—a transformation that is reshaping multiple facets of technology. The impact is especially profound in application development, where nearly 75% […]

  • Generative AI in Manufacturing: Integration approaches, use cases and future outlook

    Generative AI is reshaping manufacturing by providing advanced solutions to longstanding challenges in the industry. With its ability to streamline production, optimize resource allocation, and enhance quality control, GenAI offers manufacturers new levels of operational efficiency and innovation. Unlike traditional automation, which primarily focuses on repetitive tasks, GenAI enables more dynamic and data-driven decision-making processes, […]

  • Generative AI in Healthcare: Integration, use cases, challenges, ROI, and future outlook

    Generative AI (GenAI) is revolutionizing the healthcare industry, enabling enhanced patient care, operational efficiency, and advanced decision-making. From automating administrative workflows to assisting in clinical diagnoses, GenAI is reshaping how healthcare providers, payers, and technology firms deliver services. A Q1 2024 survey of 100 US healthcare leaders revealed that over 70% have already implemented or […]

  • Generative AI in Hospitality: Integration, Use Cases, Challenges, and Future Outlook

    Generative AI is revolutionizing the hospitality industry, redefining guest experiences, and streamlining operations with intelligent automation. According to market research, the generative AI market in the hospitality sector was valued at USD 16.3 billion in 2023 and is projected to skyrocket to USD 439 billion by 2033, reflecting an impressive CAGR of 40.2% from 2024 […]

  • Generative AI for Contract Management: Overview, Use Cases, Implementation Strategies, and Future Trends

    Effective contract management is a cornerstone of business success, ensuring compliance, operational efficiency, and seamless negotiations. Yet, managing complex agreements across departments often proves daunting, particularly for large organizations. The TalkTo Application, a generative AI-powered platform, redefines contract management by automating and optimizing critical processes, enabling businesses to reduce operational friction and improve financial outcomes. […]

  • Generative AI in customer service: Integration approaches, use cases, best practices, and future outlook

    Introduction The rise of generative AI is revolutionizing customer service, heralding a new era of intelligent, responsive, and personalized customer interactions. As businesses strive to meet evolving customer expectations, these advanced technologies are becoming indispensable for creating dynamic and meaningful engagement. But what does this shift mean for the future of customer relationships? Generative AI […]

Click to Copy