A beginner's guide to Linux permissions

Linux security permissions designate who can do what with a file or directory.
209 readers like this
209 readers like this
Why the operating system matters even more in 2017

Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0

One of the main benefits of Linux systems is that they are known to be less prone to security vulnerabilities and exploits than other systems. Linux definitely gives users more flexibility and granular controls over its file systems' security permissions. This may imply that it's critical for Linux users to understand security permissions. That isn't necessarily true, but it's still wise for beginning users to understand the basics of Linux permissions. 

View Linux security permissions

To start learning about Linux permissions, imagine we have a newly created directory called PermissionDemo. Run cd inside the directory and use the ls -l command to view the Linux security permissions. If you want to sort them by time modified, add the -t option.

ls -lt

Since there are no files inside this new directory, this command returns nothing.

No output from ls -l command

To learn more about the ls option, access its man page by entering man ls on the command line.

ls man page

Now, let's create two files: cat.txt and dog.txt with empty content; this is easy to do using the touch command. Let's also create an empty directory called Pets with the mkdir command. We can use the ls -l command again to see the permissions for these new files.

Creating new files and directory

We need to pay attention to two sections of output from this command.

Who has permission?

The first thing to examine indicates who has permission to access the file/directory. Note the section highlighted in the red box below. The first column refers to the user who has access, while the second column refers to the group that has access.

Output from -ls command

There are three main types of users: user, group; and other (essentially neither a user nor a group). There is one more: all, which means practically everyone.

User types

Because we are using root as the user, we can access any file or directory because root is the superuser. However, this is generally not the case, and you will probably be restricted to your username. A list of all users is stored in the /etc/passwd file.

/etc/passwd file

Groups are maintained in the /etc/group file.

/etc/passwd file

What permissions do they have?

The other section of the output from ls -l that we need to pay attention to relates to enforcing permissions. Above, we confirmed that the owner and group permissions for the files dog.txt and cat.txt and the directory Pets we created belong to the root account. We can use that information about who owns what to enforce permissions for the different user ownership types, as highlighted in the red box below.

Enforcing permissions for different user ownership types

We can dissect each line into five bits of information. The first part indicates whether it is a file or a directory; files are labeled with a - (hyphen), and directories are labeled with d. The next three parts refer to permissions for user, group, and other, respectively. The last part is a flag for the access-control list (ACL), a list of permissions for an object.

Different Linux permissions

Linux permission levels can be identified with letters or numbers. There are three privilege types:

  • read: r or 4
  • write: w or 2
  • executable: e or 1

Privilege types

The presence of each letter symbol (r, w, or x) means that the permission exists, while - indicates it does not. In the example below, the file is readable and writeable by the owner, only readable if the user belongs to the group, and readable and executable by anyone else. Converted to numeric notation, this would be 645 (see the image below for an explanation of how this is calculated). 

Permission type example

Here are a few more examples:

Permission type examples

Test your knowledge by going through the following exercises.

Permission type examples

Tags
Bryant Jimin Son is an Octocat, which not official title but likes to be called that way, at GitHub, a company widely known for hosting most open source projects in the world. At work, he is exploring different git technology, GitHub Actions, GitHub security, etc. Previously, he was a Senior Consultant at Red Hat, a technology company known for its Linux server and opensource contributions.

5 Comments

Your exercise 1.3 is certainly odd -- a set of permissions which doesn't allow the owner to read the file, yet his group can. You might as well have a file that is 007...

In the 8th picture (below "What permissions do they have?") it says "owner" though it should be "other".

I'll never understand how they call it UGO because to change ownership of a file the command is chown not chgusr

I have always gone by OGU as in Owner Group Users (notice i wrote users) which are just users on the system not the owner.
If it is because Stallman wrote that way then he messed up and it is too freaking to change it now.

good beginners guide of linux tutorial

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.