How do linux permissions work

In Unix, when permissions are configured the server allows you to define different permissions for each of these three categories of users.

In a Web server environment permissions are used to control which Web site owners can access which directories and files.

The first entry is the name of the file, the next entry is your username on the server, the second entry is the group that you are a member of and the last entry is the permissions assigned to that this file or directory. If you notice, I have intentionally spaced out the permissions section, I have grouped the 9 characters into 3 sets of 3. This separation is key to how the permissions system works. The first set of 3 permissions rwx relate to the username seen above, the second set of 3 permissions r-x relate to the usergroup seen above and the final set of 3 permissions r-x relate to anyone else who is not associated with the username or groupname.

The Owner User is normally you, these permissions will be enforced on your hosting account name. The Group permissions will be enforced on other people that are in the same group as you, within a hosting environment, there is very rarely other people in the same group as you. This protects your files and directories from being made available to anybody else who may also have a hosting account on the same server as you.

The Other permissions, these will be enforced on anybody else on the server that is either not you or not in your group. So in a Web Serving environment, remembering that no-one else is normally in your group, then this is everybody else accessing the server except for you. Each of the three sets of permissions are defined in the following manner;. As many of you already know, permissions are normally expressed as a numeric value, something like or Each character of the permissions are assigned a numeric value, this is assigned in each set of three, so we only need to use three values and reuse them for each set.

Now that we have a value that represents each permission, we can express them in numeric terms. The values are simply added together in the respective sets of 3, which will in turn give us just three numbers that will tell us what permissions are being set. Ok great. Well, where does that come from? The umask is used in combination with the octal permission assignment to determine how to assign permissions to files and folders on creation.

There are a few places to tinker with umask in Linux based on the distribution in use, and the user you are logged in as. The takeaway however, is that the umask is most commonly set to , giving us folders of , and files of upon creation.

You start with the permission, then subtract the umask. Now how come files come out as ? This is because Linux simply strips the executable bit immediately upon creation to remove any security risk for files. Just when you thought there was nothing else to learn about permissions in Linux, along comes the setuid bit, the setgid bit, and the sticky bit. The setuid bit is used on executable files. It is also sometimes known as set user id.

If this bit is set, the file will run as the owner of the file. What does this mean? Well, suppose there is a file on the system that is owned by root. Along you come as a user account, and you run that executable file. GUID is used on both executables and folders. Group user id works similar to suid in that it alters permissions whether it is set or not. If it is set on an executable file, then the file runs with the permissions of whatever group owns the file.

When applied to folders, the result is that any files or folders created within the parent folder will be owned by the group. In other words, all new files or folders will inherit group ownership from whatever group ownership the parent folder has. Finally, we have the sticky bit.

What it does is to say that only the owner of a file or folder, can delete that file or folder. Well guess what. Now when we say users, these often refer to the user processes used by applications, not actual human users. You are surely familiar with the format of , or , to represent permissions in Linux. Well what about the times you see 4 digits like , or ? We already had a look at how to calculate permissions using octal for the User, Group, and Other.

Recall our list:. Now you can simply add the numbers up to understand what is set. For example has the sticky bit set, has the guid set, has the suid set, and has both the suid and sticky bit set. The built in ping program is a good example of the SUID bit being set.

By using this website you agree to our use of cookies. Photo by Min An from Pexels. Managing access to resources is a fundamental task for sysadmins. This responsibility consists of three components: identities, resources, and permissions. This article covers several user, group, and file management commands to control access to resources. The article uses a "How do I…?

Specifically, I cover the following topics:. I've been in IT for about 25 years, and most of that time was spent as a technical trainer. That means that the things that I write are usually structured as some sort of lab or other hands-on opportunity.

It's just how I cover material. With that in mind, I'll assume you have a couple of identities and resources to experiment with as you read the rest of the article. You can use the following commands to set up a playground. It's best to do this on a virtual machine rather than your personal Linux box, but these tasks are relatively harmless.

Create two new users and two new groups to work with. Note that you do not need to configure passwords for the users in this exercise, as you won't log on with those accounts. Note : You would use the passwd user01 command to set the user's password.

You are ready to work with the commands and concepts below. When you've completed the article and learned the techniques I've covered, delete the two user accounts, the groups, and the playground directory.

Use the mkdir command to create directories. The touch command is one of many ways to create files. Note : The goal here is to create the data directory, but the given path's data directory does not yet exist. The -p option creates parent directories as needed to complete the path.

In the playground directory, display the current owner and group associated with the Resources directory and the files. The ls -l command displays directory contents in long format. The long format contains both permissions and ownership. When the ls command is executed after running the command, then the user ownership is given to fahmida , and the group ownership is given to pygroup.

Here, the ownership of the user is fahmida , and the ownership of the group is pygroup of c2. When the ls command is executed after running the command, then the ownership of both user and group remains unchanged.

Linux users can change the file permission and ownership in multiple ways, which are shown by using different Linux commands in this article. Another command exists in Linux to change the ownership of group users only for the file. The command is chgrp that is not explained here.

The task of the chgrp command can be done easily by using the chown command. I hope the concept of the file permission and ownership of the file and folder in the Linux operating system will be cleared after reading this article.

About the author Fahmida Yesmin I am a trainer of web programming courses. I like to write article or tutorial on various IT topics. Linux operating system, which is a clone of UNIX, is developed to handle multiple users with multi-tasking features. This means than more than one user can work in this operating at the same time when the computer is attached to a network or Internet.

The remote users can connect with the computer that contains the Linux operating system through SSH and work on the system. It is very important to maintain security when multiple users work in the same operating system at the same time.

Many built-in security features exist in the Linux operating system that can be used when local or remote access is granted from different users. The Linux users have to understand the concept of file permissions and the ownership of the file to provide security at the file system level. How the Linux users can view and modify the permissions, and the ownership of the file and folders is shown in this article.

Prerequisites: The users have to know the way of running the command from the terminal and the basic knowledge of creating files and folders in the Linux operating system to run and understand the commands used in this article.

Content of this article: The following concept and tasks related to the file permission and ownership are covered in this article. Types of Users Permission Types Check Permissions Change permission using chmod Change ownership using chown Types of Users: Three types of users exist in the Linux operating system, which is mentioned below. Owner: The user who creates the file or folder is the owner of that file or folder, and the owner can permit the other types of users to access that file and folder.

Group: Each user can belong to a particular group in Linux. Permission Types: Three permission types exist in the Linux system, which is mentioned below. Read: This permission is used to read any file or folder only. Write: This permission is used to write, append, or override any file or folder. Execute: This permission is used to execute any file only. Check Permissions: Run the following command to check the permissions of all files and fodders of the current directory.