A Primer on Linux File Permissions

November 10, 2016 | Views: 3829

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Everything in Linux is a file. Access to the files is controlled by assigning permissions on the basis of file owner, a group of users, or all users. Three types of permissions can be assigned to a file – read (r), write (w) and execute (x).

To view the permissions for all files in a directory, type the following in terminal:

root@kali:~# ls -l

You can see multiple rows of data, with each row having 9 columns. The filename is displayed on the right most column.

To view the permissions of one particular file, type the following in terminal:

root@kali:~# ls -l <filename>

One row of data, having 9 columns is displayed.

Now let us try to understand these columns.

In the first column, we have something like -rw-r–r– or drwxr-xr-x. This is the “permission string” having 10 characters.
-> The first character denotes the file type.
d: denotes a directory
l: denotes that the file is linked to another file (Symbolic Link – read google)
-: denotes a normal data file, could be a text file, audio/video file or graphics image.
-> The next three characters(2,3,4) denote the permissions for owner of the file.
-> The next three characters(5,6,7) denote the permissions for group users.
-> The next three characters(8,9,10) denote the permissions for all users.
Characters 2,5,8 are used to denote READ permission (r) and have a numerical value of 4.
Characters 3,6,9 are used to denote WRITE permission (w) and have a numerical value of 2.
Characters 4,7,10 are used to denote EXECUTE permission (x) and have a numerical value of 1.

Below is a chart to understand the permission string better:

Permission string in segments:     _ | _ _ _  | _ _ _ | _ _ _

Character Position in the string:   1 | 2 3 4  | 5 6 7 | 8 9 10                                                                      |
Permission assigned:                       | r w x  | r w x | r w x
Numerical value of permission:        4 2 1    4 2 1   4 2 1

For example:

  1. -rw-r–r– permission on a file denotes that it is a normal data file; has read permissions for owner, group users and all users; and has write permission only for the owner.
  2. drwxr-xr-x permission on a file denotes that it is a directory; has read and execute permission for owner, group users and all users; and has write permission only for the owner.

The second column indicates the number of links for the file. ‘Links’ is an advanced concept in Linux, where more than one filename can be used to refer to one file.

The third column gives the name of the owner of the file.

The fourth column gives the name of the group this file belongs to.

The fifth column gives the file size in bytes. If we run this command, root@kali:~# ls -hl , the file size is displayed in a readable form, i.e. in kilobytes and megabytes.

The sixth, seventh and eighth columns display the creation time for the file. The ninth column represents the filename. Can we modify the permissions for a file?

Yes, it is possible, but only the root user can do it. The ‘chmod’ command is used to modify the permissions of a file. The basic syntax for ‘chmod’ is as follows:

root@kali:~# chmod <permissions> <file>

Here the <permissions> parameter is a 3 digit number, where each digit represents the numerical sum of the permissions assigned for owner, group users and all users respectively.

Consider the value 777. The first 7 on the left denotes that read(4), write(2) and execute(1) permissions have been assigned to the owner [4+2+1=7]. Similarly we calculate for group users (second digit) and all users (third digit on the right).

Consider the value 764. The first 7 denotes that read(4), write(2) and execute(1) permissions have been assigned to the owner [4+2+1=7]. The second 6 denotes that read (4) and write (2) permissions have been assigned to group users [4+2=6]. The third 4 denotes that only read (4) permissions have been assigned to all users.

Hope you get how it works!

Now let us try to modify the permissions for a file.

We have a file “data.txt” which returned the following output with “ls -l”.

-rw-r–r–  1 root root        0 Oct  8 12:03 data.txt

Let us give executable permissions for the owner alone.

root@kali:~# chmod 744 data.txt

Now the following output is returned with “ls -l”.

-rwxr–r–  1 root root        0 Oct  8 12:03 data.txt

Here the owner already has read(4) and write(2) permissions [4+2=6]. We just update the value to have execute (1) permission also, by giving first value as 7 after chmod. Group users and all users already have read(4) permission only, since we do not want to modify it, we just specify 44 in chmod command.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. You didn’t mention the “Set User ID” and the “Set Group ID” which a very important things to know (and to deal with)

  2. Great Tip. Let me try to explain why you might want to have all 8 options

    For simplicity, let’s say this is the group rights
    1) 000 (No Read, Write, or Execute Permissions) This file should be non-existent to all members of the group.
    2) 001 (No Read, Write, only Execute) People in the group are going to be given instructions on what the program does, but the program contains sensitive information, so we are only going to allow people to run it.
    3) 010 (No Read, No Execute, but Write), If a system file allows you to append, and contains sensitive information, we would use this permission.
    4) 011 (No read, but Write and Execute) We would use this permission if we have some initialization that we want to keep secret but we want people to use our file and to execute all of it (so they must go though our code), we would use this permission.
    5) 100 (Read, nut no write nor execute permission) Documentation for the group that you don’t trust should have this permission
    6) 101 (Read and Execute, but not Write) Open source code that we don’t want messed with.
    7) 110 (Read and Write, but not Execute) The information in the file is public and can be changed, but we don’t trust the users to not write / execute a virus
    8) 111 (Read, Write, Execute) Complete trust of the group, think GIT

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel