File Permission in Linux
File Permission specifies what a user can do and what she can not do with the file. Different permissions level are :
read : view the content of the file.
write : Update or write in the file.
execute : run it as a script or a program.
When we create a new file in Linux say with touch command the default permission is : -rw-rw-r. The permission can be viewed with the command ls -l <FilePath>
dipankar@dipankar:~$ touch manish.txt
dipankar@dipankar:~$ ls -l manish.txt
-rw-rw-r — 1 dipankar dipankar 0 Mar 16 22:28 manish.txt
As you can see, there are 3 part in the permission. These 3 parts are corresponding to three sets of users.
The First part is owner. This is the user who created the file. This user can grant ownership of this file to other users also.
The Second part is group. Every file belongs to a single group.
The third part is group of users are every users other than owner or group users.
The first character signifies the type : file or directory. if it is “-” then it is a file, if it is “d” then it is a folder.
- rw-rw-r — : The highlighted part shows the permission of the owner.
- rw-rw-r — : The highlighted part shows the permission of the group.
- rw-rw-r — : The highlighted part shows the permission of the others.
Now we can see that there are 3 part in this file permission separated by hyphen. There are 3 character in each part which corresponds to r( read), w( write ), and x( execute ). A r in the first position means you have the permission to read. A w in the second position means you have the permission to write. A x in the third position means that that you may execute the file.
So there are 2 to the power 9 = 512 different possible values for the permission. The read, write and execute permission in Linux are generally independent. So, Having write permission doesn't implies you have read permission also.
For each section the possible values are :
000, 001, 010, 011, 100, 101, 110, 111.
000 : No permission ( 0 )
001 : Can execute, but can’t read and write. ( 1)
010 : Can write, but can not read. ( 2)
011 : Can Write and execute and but can not read. ( 3)
100 : Can read, but can not write or execute. ( 4)
101 : Can read and execute but can not make changes to file. ( 5 )
110 : Can read and write but can not execute a file. ( 6 )
111 : read, write and execute. ( 7 )
rw-rw-r — 1 dipankar dipankar 0 Mar 16 22:28 manish.txt.
In the above line the first dipankar is the owner and the second apperance of the dipankar is the login group of the file.
To change file owner and group we use the command chown in Linux.
If only an owner (a user name or numeric user ID) is given, that user is made the owner of each given file, and the files’ group is not changed.
If the owner is followed by a colon and a group name (or numeric group ID), with no spaces between them, the group ownership of the files is changed as well.
If a colon but no group name follows the user name, that user is made the owner of the files and the group of the files is changed to that user’s login group.
If the colon and group are given, but the owner is omitted, only the group of the files is changed; in this case, chown performs the same function as chgrp.
If only a colon is given, or if the entire operand is empty, neither the owner nor the group is changed.
Change the owner of the file : chown <newUser> <filePath>
Change the group of the file : chown :<newGroup> <FilePath>
Change both owner and group : chown <newUser>:<NewGroup> <FilePath>
Change permission of a file :
u — user
g — group
o — other (world)
r — read
x — execute
chmod u+x g+rw o+r <filePath>
u+x => the current user is given executable permission. if it were u+r => it would mean the user has read permission. if it were u+w=> the user has write permission. if it were u+rwx => the current user has read write and execute permission.
g+r => the login group has read permission. g+rw => read write permission to the login group. g+rwx => read write and execute permission to the group.
o+r => the users other than current user and login group users has read permission. o+rw => read write permission to the others. o+rwx => read write and execute permission to the others.
chmod <numA><numB><numC> <FilePath>
numA, numB and numC => it can be a number 0 to 7, whose permission are described above as 000, 001, 010, 011, 100, 101, 110 and 111.