Just like everything in your life, you want to be able to manage who (and what) can access specific files (and directories) in your organization. For example, you don't want a contract staff to have access to the organization’s financial books.
In this article, I will explain everything you need to know to start managing file and directory permissions on your server.
Let's start with what permissions are.
For this article, I have set up an Ubuntu desktop virtual machine on my system. However, you should be able to follow along with any Linux system you have, either virtual or physical.
Permissions in Ubuntu
You can think of permissions ask keys you give to users and groups so they can access specific files and directories. Beyond accessing them, you can also specify what they can do with them, such as reading, writing, executing as script, etc.
Understanding the Permissions String
In Linux, the permissions for files and directory is represented as a string. To view permissions for files, you can use the ls
command like so:
ls -la
The command above will return all your files, including the hidden ones, like this:
Each line in the image above is either a file or a directory with information about it separated by a space. Let's explore what each of them is next.
- The first field is the permission string, which we will focus on in this article.
- The second field is the link count of the file or directory.
- The third field is the user's name who owns the file.
- The fourth field is the group's name that owns the file.
- The fifth field is the file or directory size in bytes.
- The sixth field is the date the file was last modified.
- The seventh field is the name of the file.
Now that you understand the file list output and what each field means, I'll explain the permission strings in detail.
First, each permission string consists of ten characters :
Position | Meaning |
---|---|
1 | File type |
2-4 | User's permissions |
5-7 | Group's permissions |
8-10 | Other's permissions |
Next, for each of the three categories (Owner, Group, Other), permissions can be set using the following symbols:
Symbol | Permission |
---|---|
r | Read |
w | Write |
x | Execute |
- | No permission |
Now, r
, w
, and x
can have different meanings depending on whether it is a file of a directory; let me illustrate that with tables:
File Permissions:
Permission | Meaning |
---|---|
r | It allows reading the file's contents |
w | It allows modifying the file's contents |
x | It allows executing the file as a program if it's an executable file |
Directory Permissions:
Permission | Meaning |
---|---|
r | It allows listing the directory's contents |
w | It allows creating, deleting, and renaming files within the directory |
x | It allows access to the contents of the directory. Without execute permission on a directory, users cannot access files or subdirectories within it, even if they have read permission on those files |
And lastly, let's interpret "drwxr-x---", which is the first permissions string of the first line in the image above:
- The first character,
d
, indicates that it's a directory. - Characters 2-4 (
rwx
) indicate permissions for the owner: the owner has read, write, and execute permissions. - Characters 5-7 (
r-x
) indicate permissions for the group: the group has read and execute permissions, but not write permissions. - Characters 8-10 (
---
) indicate permissions for others: others have no permissions.
Now that you understand the permissions string, let's explore how to change permissions in the next section.
Changing Permissions
You can easily manage permissions in Linux using the chmod
command. However, there are two ways to set permissions, and I'll explain both in this section.
Setting permissions with the ugo
Letters
For example, if you have a launch_doc.txt
file and you want to set permission for all employees to have read access to it, you can do that like so:
chmod o+r launch_doc.txt # others can read
The command above will allow anyone on the server to read the file. You can set permissions for the owning group like this:
chmod g+rw launch_doc.txt # group can read and write
The command above will allow the members of the group that owns the file to read and write to the file. You can also set a read, write, and execute permission for the user at once like this:
chmod u+rwx launch_doc.txt # user can read, write, and execute
Now that you understand how to change permissions let's explore the second (and more common) way to do it in the next section.
Using Octal Points to Set Permissions
You can use numbers to set permissions in Linux, yes it's less readable, but (I don’t make the rules 🤷🏾♂️) it's the preferred method in the ecosystem.
Also, once you get it, it's pretty straightforward and shorter, and I'll help you understand it in this section.
So, you can set permissions using these octal numbers:
-
4
Read permission -
2
Write permission -
1
Execute permission
You can now set permissions by:
- Add up the values for the desired permissions.
- Assign the total to the owner, group, and others.
And that's it! Now, using this method, let's repeat what we did with the other method above.
- Set read access for others:
chmod 004 launch_doc.txt # others can read
- Set read and write access for the group:
chmod 060 launch_doc.txt # group can read and write
- Set read, write, and execute access for the user:
chmod 700 launch_doc.txt # user can read, write, and execute
That's how you do it. However, since we are setting permissions for the same file, you can do it all in one go like this:
chmod 764 launch_doc.txt # all in one 😉
The command above will give others read access, group read and write, and users will have the read, write, and execute access.
Setting Directory Permissions Recursively
If you want to give the same access to a directory and all the files inside of it, you can use the -R flag with the command like this:
chmod 764 launch_doc_dir
The command above will give the same permissions to the directory and all the files inside.
Changing Ownership of Files and Directories
Linux allows you to easily change the ownership of files and directories by providing the chown
and chgrp
. For example, you can change the user owner of the launch_doc.txt
file like so:
sudo chown kunlea launch_doc.txt
If you need to, you can change the user and group owner at once like so:
sudo chown kunlea:marketing launch_doc.txt
And lastly, you can change just the group owner like this:
sudo chgrp marketing launch_doc.txt
Conclusion
And that's it! You just learned how to manage file and directory permissions on your Linux server. You learned what a permissions string is, how to read it, different ways of setting permissions, and much more.
Please feel free to leave a comment to correct, suggest, or even teach me something new! 😉
Finally, remember to follow me here on Dev, LinkedIn, and Twitter. Thank you so much for reading, and I'll see you in the next one!