Linux file permissions were always intimidating to me, but now I think I have the hang of it. Let’s take a look at some basic permissions on a file I created…
[[email protected] myfolder]# ls -l
-rw-r–r– 1 root root 15 Jul 12 17:37 myfile1
-rw-r–r– 1 root root 15 Jul 12 17:37 myfile2
-rw-r–r– 1 root root 15 Jul 12 17:37 myfile3
So as you can see, each file has some attributes attached to it. The attributes are…
–rw-r–r– 1 root root 15 Jul 12 17:37 myfile1
The very first character (-) tells you what you are dealing with. For now, let’s consider it having two options. A ‘-‘ indication a regular file and a ‘d’ indicates a directory.
The next block (highlighted in red) are what is considered to be user permissions. I really prefer to call them the owner permissions though since they only apply to the owner of the file. The next block (highlighted in green) are the group permissions. And finally, the last block shows what I call the ‘everyone else’ permissions.
So each block of permissions contains 3 characters. The first (r) is the read permission, the second (w) is the write permission, and the third (x) is the execute permission. If the space where a r,w, or x should be is represented with a ‘-‘ that indicates that there is no permission for that particular item.
Now after the block of rwx’s come the owner of the file which is an individual user. Directly after the user comes the group that owns the file. If you create a file, the user and group will both show your name since you (the user) own it as well as your group (you primary group that only you are a member of).
So let’s take a look at some examples. I’ve changed the owners on the files as shown below….
Note, it’s no fun to user the root user to test permissions since root has access to everything regardless of permissions.
[[email protected] myfolder]$ ls -l
-rw-r–r– 1 myuser2 myuser2 15 Jul 12 17:37 myfile1
-rw-r–r– 1 myuser myuser2 15 Jul 12 17:52 myfile2
-rw-r–r– 1 myuser2 mygroup 30 Jul 12 17:53 myfile3
-rw-r–r– 1 myuser mygroup 15 Jul 12 17:55 myfile4
So if I log into the server as myuser, which files should I be able to change? The correct answer is myfile2 and myfile4. Now, if I change the group permissions on all of the files to include ‘write’ what files could I write to? Let’s see…
[[email protected]ntosBox myfolder]$ ls -l
-rw-rw—- 1 myuser2 myuser2 15 Jul 12 17:37 myfile1
-rw-rw—- 1 myuser myuser2 15 Jul 12 17:58 myfile2
-rw-rw—- 1 myuser2 mygroup 30 Jul 12 17:53 myfile3
-rw-rw—- 1 myuser mygroup 15 Jul 12 17:55 myfile4
So now what files could myuser write to? Correct answer is myfile2, myfile3, and myfile4. Now let’s do a little further explaining.
The permission get evaluated left to right. So first it looks to see if Im the owner of the file. In the case of myfile1 above, I am not (since Im logged in as myuser). Second it looks at the group permissions. I am not a member of the myuser2 group (since it’s myuser2’s primary group). So then it falls back to the ‘everything else’ set of permissions which say I can only read the file.
In the case of myfile2, Im the owner so I have rw- permissions
In the case of myfile3, Im part of the group so I have rw- permissions
In the case of myfile4, Im the user so I have rw- permissions
Make sense? Pretty straight forward once you sit down and look at it.