Understanding Permissions in Linux

The Linux operating system, like other Unix-based systems, allows multiple users to operate simultaneously without interfering with each other, and all these activities take place on a single server or host. If individuals have uncontrolled access to each other’s files or those of other users, the risk of disclosing important information of a user or even damaging some of the files of each user increases.

To prevent this problem, the Unix operating system offers the file permission feature. The file permission feature determines how much access a user has to make changes (or even delete it) to a specific file or directory.

In this tutorial, we will explain how to view and change file permissions in Linux.

How to Check Permissions in Linux

Before editing the permissions for a file, you need to find the permission settings in Linux. There are two ways to check these permissions:
Using the graphical user interface (GUI) or using the command-line interface (CLI)

Checking Permissions Using GUI
Finding the permission details for a file or directory is very simple using the GUI.

• First, open File Explorer in your Linux operating system and find the desired file or directory. Then right-click on it and select the Properties option.
• Select the Permissions tab.

In the Permissions tab, the file access information can be changed in three sections:
Owner; the user who created the file or directory
Group; the group to which the owner belongs
Others; all users related to the system

For each file, the owner of that file can grant access to other users or even restrict them from accessing their file.

In our example, the owner of the text.txt file has read and write access to the file. This means they can both open and edit the file. While other users have read-only access to the file. This means that users can open the file and view its contents, but they cannot edit it.

Checking Permissions Using the ls Command in Command-Line
If you intend to check permissions via the Command-Line, you can use the ls command to view information about a file or directory. By adding the -l option to this command, you can view the information of a file or directory on a single line.

ls -l [file_name]

For example, we want to view the information for the file text.txt:

ls -l test.txt

The output includes the following information:

• File Permissions.
• The name of the file’s owner or creator.
• The group to which the file owner belongs.
• The date the file was created.

How to Read Permissions in Linux

Permissions in Linux are displayed using several symbols that determine which users have access to read, write, or execute a file. Knowing these symbols is crucial for managing access to your system’s resources.

Permissions are categorized into three different groups:

• Owner of the file or directory
• Group associated with the file or directory
• All system users

Each section has three different types of access: read, which is identified by the symbol r, write, which is identified by the symbol w, and execute, which is identified by the symbol x. These permissions specify what can be done with a file or directory.

For example, an access mode for a file might look like this:

-rw-r--r--

• The first character indicates the file type; a regular file is indicated by (-), a directory by (d), and a symbolic link, which points to another file or directory in the system, is indicated by (i).
• The next three characters indicate the permission level that the owner of that file or directory has.
• The next three characters refer to the access level of the group to which the owner belongs.
• The last three characters indicate the access level of other system users to the file or directory.

Permission Groups

There are three distinct groups of users for granting access in Linux: Owner, Group, and all users.

• Owner; The owner of a file or directory is the user who created that file. By default, the owner has full access to their file or directory, which includes read, write, and execute permissions.
• Group; Every file or directory in Linux belongs to a group. Users who belong to this group have the access rights defined for the users of this group. Groups provide more precise control over file and directory access, especially in environments with multiple users.
• All Users; The last section of the access groups provides the access level for all system users, except for the owner of the group. These permissions are granted to users who are not part of the group associated with the file or directory.

Permission Types

There are three types of permissions for files and directories in Linux: read, write, and execute.

• Read (r); Read access allows users to view the content of a file or view the files in a directory.
• Write (w); Write access allows users to edit the content of a file. These edits can include writing new content, editing existing content, or even deleting it.
• Execute (x); With execute access, users can execute files on the system. Executing a file requires it to be run as a script or as a program.

Special Permissions

setuid (Set User ID) Permission
The setuid permission allows users to execute a file with the permissions applied to the file’s owner, rather than the user’s own permissions. setuid is typically used for executable files that need to be executed with elevated privileges.

setgid (Set Group ID) Permission
Similar to setuid, this command allows a user to execute a file with the permissions applied to the file’s group. setgid is used for directories to ensure that files inherit the directory’s group attributes.

sticky bit Permission
When the sticky bit permission is applied to a directory, only the creator of the files in that directory and the root user of the system will be able to delete the files in that directory. Even if other users have the necessary permissions to delete the files, they will not be able to delete them with this permission in the directory. This permission is generally applied in main directories such as /tmp to prevent sabotage by other users.

How to Change Permissions in Linux

Changing permissions in Linux is done in two ways: absolute mode and symbolic mode.

Each mode has its own approach to applying permissions. In both modes, we use the chmod command.

chmod [permission] [file_name/directory]

Symbolic Mode
In this mode, we use English alphabet letters to apply permissions to different groups for a file. In defining these permissions, we use the letter u for the user and owner of the file, the letter g for the group, and o for other cases where we need to apply permissions to them.

Other letters that are placed in front of each of these letters indicate the level of access applied to that section. To do this, we put an = sign in front of the letter related to that class or section, and then define the access level for reading or read with the letter r, for writing or write with the letter w, and for execution or execute with the letter x.

For example, we use the following command to apply full permissions to a file in all sections:

chmod u=rwx,g=rwx,o=rwx [file_name]

To set the permissions for the test.txt file to the state described in the previous text:

• Read and write access for the user
• Read access for group members
• Read access for other system users

We use this command:

chmod u=rw,g=r,o=r test.txt

Absolute Mode
In absolute mode, we use the octal number system, or base 8, to apply permissions to your files. This mode is faster because it is less complex than the commands related to symbolic mode.

Instead of symbols or letters, absolute mode uses a number system to apply permissions:

• The number 4 means read access
• The number 2 means write access.
• The number 1 means execute access.
• The number 0 means that no access is granted.

These numbers are added together to determine the access level. So the possibilities are as follows:

• The number 7 means granting read, write, and execute access.
• The number 6 means granting read and write access.
• The number 5 means granting read and execute access.
• The number 4 means granting read access.

Since you have to define access for each level (read, write, and execute access), the access command consists of three numbers. Each number represents the amount of access you grant to the user.

In symbolic mode, we used letters and symbols to apply access levels. Now we want to do this using absolute mode. To apply the same permissions to the test.txt file, we enter the command as follows:

chmod 644 test.txt

How to Change the Ownership of a File or Directory in Linux

Besides changing the permissions of a file or directory in Linux, you may also need to change their ownership. Both cases require root access.

Changing File Ownership
To change the ownership of a file, we use the chown command:

chown [user_name] [file_name/directory]

In this command, replace the [user_name] section with the username of the new owner of the file.

Changing Group Ownership
Also, to change the ownership of a group, we use the chgrp command:

chgrp [group_name] [file_name/directory]

You need to replace the [group_name] section with the name of the group that you want to own the files.