The Basics of File Permissions in Linux

File permissions are a crucial part of dealing with Linux based systems and are one of the essential aspects to grasp.

File Permissions in Linux

As Linux is an operating system that supports multiple users, it has to rely on a permission system to provide some security and privacy.

If Linux didn’t contain a permission system, then any user would be able to access any other user’s files, this includes the root system files.

By implementing permissions, Linux can control who can interact with a particular file.

For every file, Linux maintains a record on what user and group own it. In addition to this, it also holds permission bits.

These permission bits tell the system what users, groups, or other (Everyone else) can do to a file, whether that be writing to the file, reading the contents of the file, or executing the file.

Permissions are something that we rely on for a few of our Raspberry Pi projects, so gaining knowledge on how they work can be incredibly helpful.

Permission Groups

Before we take a deep dive into permissions, we will first go ahead and explain the different permission groups that exist within Linux.

In Linux, there are three distinct permission groups, User, Group, and Other.

User Permission Group

This group holds permissions for the user that is currently marked as the owner of the file or directory.

Typically this is the user that created the file, but ownership can be changed in Linux by making use of the chown command.

Group Permission Group

This permission group is used to define permissions that apply to all members of the group that currently owns the file or directory.

For example, if the group that owns the file or directory is called “pimylifeup” then all users who belong to that group get assigned these permissions.

Like the user permission group, this defaults to the same group of the user who created the file/directory.

You can change the group of a file or directory by making use of the chown or the chgrp command.

Other Permission Group

This permission group is for users who are not the owner or group member of the file or directory.

Typically you would heavily restrict the permissions used for this group as any user gets assigned these permissions.

For example, you would likely not allow anyone in this group to write or execute a file.

Permissions in Linux

In Linux, there are three different permissions that you can specify for each of the three permission groups. These three permissions are Read, Write, and Execute.

Read Permission

When set for a file, the read permission allows the permission group to open and view its contents.

When set for a directory, it allows the group to list the contents of the directory.

Write Permission

When the write permission has been set for a file, it means that the permission group will be able to modify that file.

When the write permission has been assigned to a directory, the permission group will be able to add, delete, and rename files stored in that directory.

There are a few more things you have to take into consideration when dealing with write permissions.

If you permit a group to write to a file but not a directory, then the user will only be able to modify the contents of that file.

Without the write permission on the directory, the permission group will not be able to add, delete or rename any files within it.

Execute Permission

With the execute permission set on a file, that permission group will be able to execute the file.

If the file is not an executable program, then it is best not to set any execute rights on the file.

When the execute permission is set on a directory, it means that a permission group will be able to change into the directory and access any of its files.

Viewing permissions on Linux

Within Linux, you can view both the owner of a file and the permissions set to it by making use of the ls -l command.

For example, if you use this command to get the details of a file such as our example file called samplefile, you will see similar details to the following.

Linux File Permissions Example

You will see that the ls -l command returns several different columns of information.

For this guide, we will only be focusing on the first, third, and fourth columns as these all directly relate to permissions.

Column 1

The first column contains the file type as well as the permission bits.

The first character in the column makes a note of the file type. If this is just a normal file like in our example, then this will be -, if this is a directory then the character displayed would be d.

There are also a few other characters that this can be but we will save that for another guide.

The next nine characters are the permission bits. You can separate these nine characters into 3 character sets.

First Permission Set

The first set being the permissions for the user owner. From our example, this means the owner has the following three permission bits: rw‐.

Second Permission Set

The second set is the permissions for the group owner. From the example, you can see that the group has the following permissions set: r‐‐.

Third Permission Set

The final and third set contains the permissions for others. Again, from our example, you can see that others group has the same permissions as the group owner: r‐‐.

The Permission Characters

Each of these sets contains three possible permissions that can be set.

A group that has every permission enabled would look like rwx, where r stands for Read, w stands for Write, and x stands for Execute.

If a particular permission is disabled, then its spot will be replaced with a hyphen (-).

For example, if the group doesn’t have the write permission, then its permission bits would be r-x. With the write column being replaced with a hyphen.

SymbolUsageDescription
rRead permissionAllows the permission group to read the contents of the file or directory
wWrite permissionAllows the permission group to write content to the file or directory
xExecute permissionAllow the permission group to “run” a file.
Disabled PermissionBlocks a permission group from running the permission its replacing.

Column 3

This column specifies the username of the user that owns the file or directory.

When setting permissions for the “Owner” permission group, this is the user that it affects.

For example, if the owner of the file is a user called pi and they have the permissions rw- set, then that user will only be able to read and write to that file or directory.

Column 4

The fourth column specifies the name of the group that owns the file or directory.

When you set permissions for the “Group” permission group, they will affect all users who are members of that group as long as they are not the owner of the file/directory.

For example, let’s assume we have a group called raspberry that had three users called “my“, “life” and “up“. Permissions defined for this group will effect all three of those users when interacting with the file or directory.

Changing Permissions in Linux

In Linux you can modify the permissions assigned to a file or directory by making use of the chmod command.

To modify permissions you will need a user that has superuser privileges.

Below is an example of using the command on Linux.

chmod u+w samplefile

With this command, we are using symbolic notation to give the owner permission group write privileges on a file called samplefile.

We delve further into how to make use of this command in our basics of the chmod command guide.

Hopefully, at this point, you will now have a basic understanding of how permissions work in Linux.

If you need any help in figuring out permissions or have any feedback, then feel free to drop a comment below.

3 Comments

  1. Avatar for Bruno
    Bruno on

    Thank you Emmet !
    Bruno

  2. Avatar for Bruno
    Bruno on

    Hi
    Thanks
    Could you specify the difference between “rw” and “x” for a directory ? Reading the article I understand it could be similar but I’m not sure
    Bruno

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Bruno,

      The read permission (r) on a directory will allow the user to list the files located within the directory (Something like the ls command).

      The write permissions (w) allows that user to create, rename or delete files within that directory. For this permission to work properly you will actually need the execute permission as well.

      The execute permission (x) differs by allowing the user to enter the directory (cd command) and access any files and directories within it. This means you can actually edit files, but you can’t do actions that remove or rename the file.

      Please let me know if this has helped clarifying the differences between the various permissions being set on a directory.

      Cheers,
      Emmet

Leave a Reply

Your email address will not be published. Required fields are marked *