File permissions, groups and access control

There are three types of permissions namely r(read), w(write), x(execute).

  • Read permission - in context of a file, this means you can read (and thus copy) the file. If you have read permission on a directory, you can see the contents of the directory (usually with ls command).
  • Write permission - on file means you can change the contents of the file. Write permission on a directory means you can create or delete files/directories in that directory.
  • Execute permission - If a file has execute permission you can run it just like a command. Usually, shell scripts, if they are used like commands, need x permission for the user. Execute permission on a directory means you can change to that directory using cd command.

On Linux (and unix flavors) users can be put in groups. A given set of users works on the files owned by a certain group. One user can be member of many groups. Access control becomes effective with proper use of groups and permissions. Long listing format (ls -l) shows the permissions on a file/directory.

The output is of the following form
-rw-rw-r-- 1 abcd web 25761 Nov 8 2004 temp.html
drwxrwxr-x 2 abcd web 4096 Oct 7 16:06 temp_files

The first field shows the permissions on the files. Second field shows number of files in the corresponding directory. Third field (abcd) is the owner of the file. Next is the name of the group. Other fields are file-size, modification time and filename in the same order.

The permissions field consists of 10 characters. First denotes the file-type. '-' for a plain file, 'd' for a directory. Following three characters show permissions of the owner of the file. In our case, the owner is 'abcd' and his permissions are 'rw-' (read, write but no execute). Following three characters are for the group (web). In our case, all members of this group have rw- permissions i.e. the same as the owner. Next three charaters are for others. Others have just 'read' permission.

Types of files

  • d - directory
  • l - link
  • p - pipe
  • b - block special device
  • c - character special device

Changing permissions

Only owner or root (administrator) can change permissions on a file. Following are some illustrations.

  • chgrp web somefile
    changes group of the file to web.
  • chmod g+w somefile,
    gives write permission on somefile to group.
  • chmod +x some_script
    gives execute permission to all on some_script. Typically, shell scripts or some other executable files are given execute permissions.
  • chmod o-x some_script
    removes execute permission for others (but retains for the owner and the group)
If in chmod command permissions start with a letter, following are the meanings of these letters
  • u - user or owner of the file
  • g - group members
  • o - others (rest of the world)
  • a - all

What does the following command mean then ?

chmod 664 some_filename

Permissions can also be set using octal value for the three bit pattern. Using this method, permissions on a file can be set in one go. r, w and x have corresponding values.

  • r = 4
  • w = 2
  • x = 1
Therefore, the above command assigns 6=4+2 i.e. 'read' and 'write' to the owner of the file, same for group whereas others have just 4 i.e. 'read' permissions on the file. To get more information on changing permissions refer the man page of chmod.

Back to Linux Tips