Explaining Linux File Permissions

Here, file permissions are core to the security model in Linux systems. They determine the accessibility of files and directories on a system (who can access them and how ). This blog provides an overview of Linux file permissions, how they work, and how to change them.

How To View File Permissions in Linux?

The ls command along with its – l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

 $ ls -l

 drwxr-xr-x. 4 root root    68 Jun 13 20:25 tuned

 -rw-r–r–. 1 root root  4017 Feb 24, 2022, vimrc

Here are the components of the Vimrc listing:

  • File type:  – (no special type of file)  
  • Permission settings:  rw-r–r–
  • Extended attributes:  dot (.)
  • User owner: root
  • Group owner: root

The tuned listing is for a d, or directory-type file. There are other file types as well, but these two are the most common

Reading file permissions 

This section is about the permission settings on a file. The permissions from the vimrc listing are:

rw-r–r–

This string is actually an expression of three different sets of permissions:

rw- ,  r– , r – –  

  • The first set of permissions:  the owner of the file. 
  • The second set of permissions: the user group that owns the file.
  • The third set of permissions: referred to as “others.” 
  • All Linux files belong to an owner and a group.

Permissions are different for different types of people, accordingly they can interact with a file. Each user gets an expression that includes the three basic types of permissions (read, write, and execute).

 For example, if  the owner of the file is given the following permissions:

rw- 

In the example above, 

  • Read (r) permission and Write (w) permission has been granted on the file. 
  • The execute permission (x) is not granted, which is why there’s a sign in the expression (disabled permission).

Using Octal Values To Specify Permissions

 In numeric mode,  file permissions are represented in numbers. A three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it:

  • r (read): 4
  • w (write): 2
  • x (execute): 1

For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this:

  • Owner: r-x = 4+0+1 = 5
  • Group: r– = 4+0+0 = 4
  • Others: r– = 4+0+0 = 4

The results produce the three-digit value 544.

Role of Linux file permissions (what do they do?)

  • Read (r)

Read permission is used to access the file’s contents. You can use commands like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file’s contents to make a duplicate of it.

  • Write (w)

Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (> or >>) to change the contents of a file. Without written permission, changes to the file’s contents are not permitted. Sometimes, pipe ( | ) and tee are also used as commands

  • Execute (x)

Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts and a variety of interpreted languages.

The way to execute the contents of a file without execute permission would be invoking a Bash shell script, where you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute : 

$ bash script.sh

The executable being run is bash. The script.sh file is read by the Bash interpreter, and its commands are executed.

Modifying file permissions  

You can modify file and directory permissions with the chmod command, which stands for “change mode.” 

  •  To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. 
  • To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example:

   $ chmod ug+rwx file1.txt

   $ chmod o+r file2.txt

This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file’s group, chmod o represents other users not in the file’s group. For all users, use chmod a. Also, chown command and the chgrp command can be used to change the user owner and group ownership of a file respectively.

What are special file permissions?

Special file permissions are a set of permissions that allow a file to be executed with the privileges of the owner or group, regardless of the user who is running the file. There are three types of special file permissions:

  • Set user ID (SUID): When this bit is set, any user who runs the file will be granted the privileges of the file’s owner. This is often used for programs that need to have elevated privileges, such as password hashes or compilers.
  • Set group ID (SGID): When this bit is set, any user who runs the file will be granted the privileges of the file’s group. This is often used for programs that need to access shared resources, such as web servers or file-sharing programs.
  • Sticky bit: When this bit is set on a directory, only the owner of the file or the superuser can delete or rename files in the directory. This is often used for directories that contain temporary files, such as /tmp.

Special file permissions can be set using the chmod command. 

For example, to set the SUID bit on a file, you would use the following command:

chmod u+s filename

To set the SGID bit, you would use the following command:

chmod g+s filename

To set the sticky bit, you would use the following command:

chmod +t filename

How special permissions can be risky?

It is important to note that special file permissions can be a security risk. If a malicious user is able to gain access to a file with SUID or SGID permissions, they could potentially gain elevated privileges on the system. As such, it is important to only use special file permissions when absolutely necessary and to take steps to secure the files that have these permissions set.

Conclusion

In Linux, files and directories have permissions that control who can access them and what they can do with them. There are three types of permissions: read, write, and execute. The owner of the file or directory has the most permissions, followed by the group that owns the file or directory, and then everyone else. Permissions can be changed using the chmod command.


Posted

in

by

Recent Post

  • What Is Synthetic Data? Benefits, Techniques & Applications in AI & ML

    In today’s data-driven era, information is the cornerstone of technological advancement and business innovation. However, real-world data often presents challenges—such as scarcity, sensitivity, and high costs—especially when it comes to specific or restricted datasets. Synthetic data offers a transformative solution, providing businesses and researchers with a way to generate realistic and usable data without the […]

  • Federated vs Centralized Learning: The Battle for Privacy, Efficiency, and Scalability in AI

    The ever-expanding field of Artificial Intelligence (AI) and Machine Learning (ML) relies heavily on data to train models. Traditionally, this data is centralized, aggregated, and processed in one location. However, with the emergence of privacy concerns, the need for decentralized systems has grown significantly. This is where Federated Learning (FL) steps in as a compelling […]

  • Federated Learning’s Growing Role in Natural Language Processing (NLP)

    Federated learning is gaining traction in one of the most exciting areas: Natural Language Processing (NLP). Predictive text models on your phone and virtual assistants like Google Assistant and Siri constantly learn from how you interact with them. Traditionally, your interactions (i.e., your text messages or voice commands) would need to be sent back to […]

  • What is Knowledge Distillation? Simplifying Complex Models for Faster Inference

    As AI models grow increasingly complex, deploying them in real-time applications becomes challenging due to their computational demands. Knowledge Distillation (KD) offers a solution by transferring knowledge from a large, complex model (the “teacher”) to a smaller, more efficient model (the “student”). This technique allows for significant reductions in model size and computational load without […]

  • Priority Queue in Data Structures: Characteristics, Types, and C Implementation Guide

    In the realm of data structures, a priority queue stands as an advanced extension of the conventional queue. It is an abstract data type that holds a collection of items, each with an associated priority. Unlike a regular queue that dequeues elements in the order of their insertion (following the first-in, first-out principle), a priority […]

  • SRE vs. DevOps: Key Differences and How They Work Together

    In the evolving landscape of software development, businesses are increasingly focusing on speed, reliability, and efficiency. Two methodologies, Site Reliability Engineering (SRE) and DevOps, have gained prominence for their ability to accelerate product releases while improving system stability. While both methodologies share common goals, they differ in focus, responsibilities, and execution. Rather than being seen […]

Click to Copy