Linux File and Directory Permissions Explained

Linux is a multiuser operating system thus, multiple users can interact with the same computer at the same time using Linux. Being a multiuser operating system, it is important for Linux to guarantee the security and privacy of the files belonging to different users.

To achieve this, Linux has an elaborate system to handle file and directory permissions. This way, Linux users can control access to files by different users and what actions users can take when using the computer.

As a Linux user, it is crucial to understand how Linux handles file and directory permission and how you can work with the different available permissions to secure your files and guarantee the functionality of your computer. To understand how Linux manages file and directory permissions, let us first look at the different categories of users in a Linux operating system.

Category of Users in Linux

The first category of users are owners of a file or a directory. Each file or directory in Linux has one owner. This owner is usually granted more permissions to their file or directory. The owner of a file is usually indicated by the letter u for user.

In Linux, multiple users can be put into a group and given permissions to files as a group. These are known as group owners and are represented by the letter g.

For instance, if you have a file with book recommendations and you want to give several users similar permissions to the file, an easy way to do this is to put the users in a group and give permissions to the group as a whole.

The other category of users is known as others and is represented by the letter o. These are users who don’t own the file and are also not part of a group with permissions to the file. Other represents everyone else in the system.

All users in a computer, that is owners of files, users in groups, and other users can specify using the letter a.

Create and Add a New User in Ubuntu Linux

Let us look at how you can create and add a new user in Ubuntu Linux. To follow along in this tutorial, please create a new user too.

1. Open Settings and on the left menu bar, click on User then click on Unlock and provide your password when prompted. You need to click on Unlock so that you can add a new user. By default, this functionality is locked.

2. Once unlocked, you’ll see an option Add User, Click on it to add a new user

3. To create a new user, provide their Full Name and user name, select Set a password now, and set their password. Additionally, make sure the account type is set to Administrator, then click on Add to add a user.

4. You should see a new user account you just created show up as shown below.

Linux File and Directory Permissions

Permissions refer to the rules that govern access to files and directories and the actions that can be performed on them by different users. Linux has three main permission categories:

1. Read(r) – allows a user to view the contents of a file and list the contents of a directory
2. Write(w) – allows a user to modify the content of a file. With directories, the write permissions allow a user to modify the content of a directory, such as by creating, deleting, renaming, or moving files and subdirectories in the directory. However, write permissions with directories only works if the user also has execute permissions.
3. Execute(x) – Execute permissions means that a file can be treated as a program that can be executed. With directories, the execute permission allows a user to enter or ‘cd’ into the directory.

The read, write, and execute permissions are assigned to the three categories of users available in Linux.

You may also read how to remove files and directories in Linux

Long Listing in Linux

To view the contents of a file in a Linux directory, we typically run the ls command. However, this only lists the files and directories available and does not provide any additional information.

To view more information about the contents s you need to use the long listing format. To do this, run the ls command with the -l flag. This will give you the file permissions, owners of a file, and group owners to a file as shown below:

In Ubuntu, by default, if no group has been created, the group name is the same as the owner of the file.

To create a group, we use the command addgroup. To add a group called editors, execute the following command and provide a password when prompted

sudo addgroup editors

sudo allows us to run commands as the root user, who is a super user with privileges to execute changes that affect all users of the computer.

To add users to a group we use the following syntax:

adduser <user> <group>

Therefore to add both belmont and madici to the editors group, we execute

sudo adduser belmont editors

sudo adduser madici editors

To see the groups a user belongs to, execute:

groups <username>

The result of the above commands is shown below:

Let us now look at File attributes which tell us about the file types and permission on file. a.

File Attributes in Linux

In Linux, file attributes consist of exactly ten characters. The first character indicates the type of file. Some of the common first characters representing different files include:

• d indicates a directory
• – indicates a regular file eg text files
• c indicates a character special file
• l indicates a symbolic link
• b indicates a block special file

The remaining nine characters are used to show the permissions of the owner, group owner, and other users. The nine characters are divided into groups of three. The first group indicates the permissions of the owner, the second group indicates the permissions of the group owner and the last three indicate permissions for others, that is every other user in the computer.

Permissions, for each category are indicated starting with the read, then write, and finally the execute permission. The read permission is indicated by the letter r, write permission by the letter w, and execute permission by the letter x.

The – symbol is used in case a user does not have a particular permission. For instance, rw- for the group owner means that they have both read and write permissions but don’t have the execute permission on that directory(d).

Changing File Permissions Using Symbolic Notation

To change the permissions on a file or directory, we use the chmod command and specify who we are changing the permissions for.

This can be the owner of the file represented by the letter u for the user, the group owner represented by the letter g, or other users represented by the letter o. We can also target all three categories of users by using the letter a, which means all the above.

The next thing we specify is the change we are making. To add a permission we use +(plus sign). To remove a permission we use – (minus sign). The final thing we provide is the permissions we are adding using r,w, or x to represent the three available permissions.

To see this in action, create a directory called books using the command below

mkdir books

Enter, or ‘cd’ into the directory:

cd books

Create a file called readingList.txt

touch readingList.txt

Long list the content of the books directory by executing:

ls -l

The output is as shown:

The file we created is a regular file, indicated by first –, the owner and group owner have read and write permissions, while other users have only read permission. To grant other users the permission to write to the file, we’d execute the following command:

chmod o+w readingList.txt

To see if the permissions for other users have changed, execute

ls -l

Output:

Notice that the file permission of other users has changed from r– to rw- which means that they now have write permission.

To add execute permissions to the owner(user) of the file execute:

chmod u+x readingList.txt

To remove write permissions from the group owners, execute:

chmod g-w readingList.txt

To remove read permissions from all users so that no one can view the file, execute:

chmod a-r readingList.txt

To add back read permission for the owner of the file, execute:

chmod u+r readingList.txt

To add a write and execute permissions to the group owner of the file execute:

chomod g+wx readingList.txt

Changing Permissions Using the Octal Notation

In Linux, each of the three available permissions has only two possible values. The read permission can only be r or – , the write permission can only be w or –, and the execute permission can only be x or –.

Therefore, these permissions can be thought to be either on or off and, therefore, be represented using binary numbers, which have only two available values. That is 1 for on or true and 0 for off or false. There, a permission such as rw– can be represented as 110 using binary numbers.

Therefore, for any given category of user, three binary numbers are enough to present all their permissions. For instance, the permission for the owner, group, and other rwxrw-r– can be represented as 111110100 using a binary number.

However, to avoid writing binary number, which is long and easily confusing, a better alternative is to use Octal numbers.

Octal numbers have a base of 8 and thus have only 8 possible values. Each octal number maps to exactly three binary digits.

Therefore, a permission such as rw- can be represented as 110 in binary. The octal equivalent of 110 is 6, and thus 6 can be used to represent rw-. Octal numbers can be used to represent the read, write, and execute permissions of the owner, group, and others as shown below:

Instead of writing long binary digits, it is better to represent permissions using octal numbers. Therefore, all the permissions of the owner, group, and others are represented using single octal numbers, as shown in the diagram above.

The advantage of using the octal notation to set permissions is that it allows you to set the permission for all your users at once, unlike in symbolic notation, where you can only set the permission of a single user at a time.

However, using octal notation takes some time and practice to be able to recall what each octal number resolves to. That said, feel free to refer to the diagram above whenever you use octal notation. Let us look at several examples of changing permissions using the octal notation

To give all users, that is, the owner, group owner, and other users, read, write, and execute permission to readingList.txt, execute:

chmod 777 readingList.txt

To check if the permissions have been changed, execute:

ls -l

Output:

total 0
-rwxrwxrwx 1 madici madici 0 Sep  6 05:45 readingList.txt

Notice that now the owner, group, and other users have permission to read, write, and execute readingList.txt.

To remove write permissions from both the group owner and others, execute:

chmod 755 readingList.txt

To remove the execute permission from the owner and others execute:

chmod 654 readingList.txt

Special Permissions in Linux

Linux has three special permissions that can be applied to files and directories in addition to the standard read, write, and execute permissions. These permissions provide advanced functionality for access control and allow users with fewer privileges to execute files and commands with higher privileges, just like the owner of the file or the group owner.

The special permissions include:

• Set User ID(SUID) – the SUID permission allows a user to execute a file or program with the privileges of the owner of the, and not those of the user executing it. This is useful when standard users need to perform tasks that require elevated privileges.
• Set Group ID(SGID) – the SGID permission allows a user to execute a file with the permissions of the group owner of the file, rather than the permissions of their actual group.
• Sticky Bit – The sticky bit is permission usually set to directories to ensure that files in the directory can only be deleted by the actual owner of the directory, the owner of that particular file or the root user.

The three special permissions can be used alongside the standard permissions: read, write, and execute.

Conclusion

Permissions are an important concept in Linux, even if your computer does not have multiple users. Understanding permission is important in ensuring control, security, and privacy of the data stored in a Linux system and its functionality. Therefore, consider familiarising yourself with permissions by practicing what you’ve learned about permissions in this article.

You may also explore how to use Linux commands on Windows.