Fun with Linux File Permissions

I know the look on your face. There is no use trying to hide it. You are thinking that the three words “Linux”, “file”, and “permissions” cannot possibly be associated with the word “fun”. Many system administrators and web developers have spent sleepless nights trying to figure out which permissions they had wrong that caused their websites to spew awful words at them like “500 Internal Server Error”.

It is true, working with file permissions on any operating system can be a very ugly experience. Nevertheless, Linux file permissions are actually quite simple, and with the right amount of focused knowledge, you can be well on your way to becoming a permissions expert in a minimal amount of time.

Ownership

Before we dip into the permission well, it is important to understand the concept of ownership. In Linux and other Unix-like operating systems, every file is owned by a user, and every user belongs to a group. For example, fileX may be owned by a user named Bob of the group also named “bob”. Therefore, the ownership will look like: “bob:bob”.

Bob may also be a member of the “audio” group with other users, such as Mary. Therefore, a file with the ownership “mary:audio” may allow Bob to have certain access to it, depending on the permissions.

The command to change ownership of a file is “chown”. For example, to change fileX ownership from Bob to Mary, use the following command:

# chown mary:mary fileX

This will set the ownership of fileX to the user “mary” in the group “mary”.

Permissions

Like ownership, Linux permissions have a few basic rules. There are only three permissions to learn: read, write, and execute. “Read” is the ability to view a file. “Write” gives the user permission to modify it (or delete it). “Execute” turns binaries and scripts into executable programs.

There are three types of users that can have permissions: owner, group, and other. “Owner” refers to the user who owns the file, while “group” includes any user within the group associated with the file. “Other” gives permissions to everyone. “Other” is also sometimes called “world”, “all”, or “global permissions”.

With three permissions and three user types, there are a limited number of possible combinations. Once you know this, it becomes easier to decipher.

Each permission is represented by a letter:

Read = r

Write = w

Execute = x

Each user type may include zero or more of those letters. For example, a file with write permissions for the user and the group and only read permissions for others will look like: -rw-rw-r–. This can also be represented numerically as 664 (with 6 meaning write and 4 meaning read only).

As another example, a file with read,write, and execute permissions for the owner, and only read and execute permissions for group and other would be: -rwxr-x-r-x or 755. According to the web server hosting company 34SP.com, web scripts should have at least a 755 permissions setting, since they need to be executed from the web.

The basic numeric permissions that you need to know are:

7 = full read,write, and execute

6 = read and write

5 = read and execute

4 = read only

0 = no permissions

In almost all situations, the owner of the file will at least have read and write permissions (6). To change permissions in Linux, there is a command called “chmod”. For example, if you wanted to deny permissions for everyone but the owner, you would enter the command:

$ chmod 600 fileX

To grant read only access to your file:

$ chmod 644 fileX

To grant global executable permissions:

$ chmod 755 fileX

To give the user and group write permissions but deny others:

$ chmod 664 fileX

For full read, write, and execute permissions for everyone (usually not a good idea):

$ chmod 777 fileX

In addition to numeric representations, chmod can also use letters. For example, to make a file executable (755), type:

$ chmod a+x fileX

To grant read only permissions (644):

$ chmod a-x fileX

With chmod and chown you can also change permissions and ownership for directories and their contents. To change an entire directory and its contents to full permissions for the owner and executable permissions for everyone else, type:

$ chmod -R 755 directoryX

The “R” flag makes the command recursive, which will cause it to apply the changes to the directory and any files and subdirectories found within it. Because it can potentially change a large number of files, use it with caution.

Learning More

A great way to learn more about Linux file permissions is to give it a try. Create some plain text files with or without content and try changing permissions and ownership of the files. Try out as many different combinations as you can until you feel comfortable working with real files. With a little practice, Linux file permissions can be quick, easy, and maybe even a little fun.

About the Author: Guest poster Tavis J. Hampton is a librarian and writer with a decade of experience in information technology, web hosting, and Linux system administration. He currently works for LanternTorch.Net, which offers writing, editing, tech training, and information architecture services.