Linux Permissions 101

This is a short introduction to Linux file and folder permissions.
If you’ve got any suggestions or feedback for this article, message me here.
E&OE*. Use these commands at your own risk**!

The best way to learn anything on Linux, is by doing.

So if you are worried about breaking something, then install Linux on a usb drive and boot from that for testing.

Where “shell” we begin ?

Open a terminal window by pressing Ctrl + Alt + T

Then type: ls -l  #lower case L

You should get something like this:

The letters at the start of each line ( -rwxr-xr-x ) tell us whether it’s a file or a folder and what permissions are set for that file or folder.

Each character position is called a permissions bit, with the exception of the first character which simply defines the file type. If the first character (type) is the letter d, then it’s a folder. Otherwise if the first character is a – (dash), then it’s a file.  As a side note, files and folders will most likely be different colours, for example on my system it’s green for executables (scripts), blue for folders and red for all other files. It may vary depending on what version of Linux you’re running.

The owner-username and group show you which user owns that file or folder and which group also has access to it. Although, if you are looking at your home directory you might just see your username as owner and again as group, that’s perfectly normal. Your web servers html folder on the other hand might need the www-data group assigned to it.  Which is why you have separate permission bits, so you can for example give yourself (Owner) full access (rwx), your web server (Group) read-execute (r-x) and everything else (Other) read-only (r–). You can change the Owner and Group using the chown command, which we will cover later.

Now back to those permission bits. Here’s how you know what is what:

There are 3 parts to the permission bits. They are: Owner, Group and Other (aka World).

Each part has 3 bits, which are (r)Read , (w)Write and (x)eXecute . Always in that order.

For example: -rwxr–r– would give the Owner read, write and execute permissions but read-only for Group and Other.

Another example: dr–r–r– would give Owner, Group and Other read-only access to that folder (remember the d type is folder)

Each permission bit has a value when set: r = 4 , w = 2 , x = 1 (read , write , execute).

If we take the first example and explode it, we get this:   -  rwx  r--  r--  (type, owner, group, other)

So how do we get from -rwxr–r– to 744 .

We simply add up the values for each permission bit respectively for Owner, Group and Other. Like this:

Note: Permission bits will always be Owner, Group and Other, in that order.

Below we have an exploded example with both the letter and numerical values for each permission bit.

Now let’s say that we wanted to give Group read, write and execute permissions. We would do it like this:

chmod 774 /home/hayward/file.txt #Group is now equal to 4+2+1 (read, write and execute).

If we wanted to set those same permissions on a directory instead, we would do it like this:

chmod 774 /home/hayward/documents #Changes permission on that folder.

chmod 774 -R /home/hayward/documents #Changes permissions for all files and folders recursively.

There’s one more command you should learn for setting file and folder permissions.

chown user:group -R /home/hayward/documents #Sets the user and group owners for that file or folder.

chown username file.txt #Sets the owner of file.txt to username.

chown sets who owns the file or folder.

chmod sets the permissions (what the owner, group and other can do with the file or folder).

You may need to use sudo or be root to use chmod and chown on your system. If you get stuck or have a question, please ask in the comments below. Please keep in mind that I’m not responsible for any damage you cause by using these commands. Using sudo or being logged in as root should be done so with extreme caution.

Also, one last bit of advice.  Never , ever , ever , set file or folder permissions to 777 .
Why ? Have a think about it. Answers on a postcard please :p

 

* Errors and Omissions Excepted.
** We are not responsible for any damage or loss of data caused as a result of using any of the commands on this page.