This tutorial provides a comprehensive guide to understanding and managing Linux file and directory permissions. You’ll learn about permission types (read, write, execute), ownership categories (user, group, others), and how to view and modify permissions using commands like `ls -l` and `chmod`. Each step builds on the previous one, with practical examples and engaging practice exercises.
Step 1: Understanding Permission Types
Linux permissions are divided into three types: read (r), write (w), and execute (x). These permissions determine what actions can be performed on a file or directory.
- Read (r): Allows viewing the contents of a file or listing the contents of a directory.
- Write (w): Allows modifying a file or adding/removing files in a directory.
- Execute (x): Allows running a file as a program or accessing a directory.
These permissions are assigned to three ownership categories: user (owner), group, and others.
Practice Exercise
Create a file named example.txt and set its permissions so that the owner can read and write, the group can read, and others have no access. Use the ls -l command to verify the permissions.
Show Solution
touch example.txt
chmod 640 example.txt
ls -l example.txt
# Output: -rw-r----- 1 user group 0 Jan 1 12:00 example.txt
# Explanation: 640 sets read/write for owner (6), read for group (4), and no permissions for others (0).Step 2: Understanding Ownership Categories
Linux permissions are assigned to three categories:
- User (Owner): The user who owns the file or directory.
- Group: A group of users who share the same permissions.
- Others: All other users who are not the owner or part of the group.
Each category can have different permissions, allowing fine-grained control over access.
Practice Exercise
Create a directory named shared_folder. Set the permissions so that the owner has full access, the group can read and execute, and others can only execute. Use ls -ld to verify the permissions.
Show Solution
mkdir shared_folder
chmod 751 shared_folder
ls -ld shared_folder
# Output: drwxr-x--x 2 user group 4096 Jan 1 12:00 shared_folder
# Explanation: 751 sets full access for owner (7), read/execute for group (5), and execute for others (1).Step 3: Viewing Permissions with `ls -l`
The ls -l command displays detailed information about files and directories, including their permissions. The output is divided into several columns:
- First Column: Shows the file type and permissions.
- Second Column: Number of links.
- Third Column: Owner of the file.
- Fourth Column: Group associated with the file.
- Remaining Columns: File size, modification date, and name.
The permissions are displayed as a 10-character string (e.g., -rwxr-xr--). The first character indicates the file type (- for files, d for directories). The next nine characters represent permissions for the owner, group, and others.
ls -l
# Output example:
# -rw-r--r-- 1 user group 1024 Jan 1 12:00 example.txt
# drwxr-xr-x 2 user group 4096 Jan 1 12:00 shared_folderPractice Exercise
Create a file named report.txt and a directory named archive. Use ls -l to view their permissions. Then, modify the permissions so that the owner has full access, the group can read and write, and others can only read. Verify the changes using ls -l.
Show Solution
touch report.txt
mkdir archive
chmod 764 report.txt
chmod 764 archive
ls -l
# Output:
# -rwxrw-r-- 1 user group 0 Jan 1 12:00 report.txt
# drwxrw-r-- 2 user group 4096 Jan 1 12:00 archive
# Explanation: 764 sets full access for owner (7), read/write for group (6), and read for others (4).Step 4: Changing Permissions with `chmod`
The chmod command is used to change file and directory permissions. Permissions can be set using symbolic notation (e.g., u+r) or numeric notation (e.g., 755).
- Symbolic Notation: Uses letters to represent permissions (e.g., u for user, g for group, o for others).
- Numeric Notation: Uses a three-digit number where each digit represents permissions for owner, group, and others.
For example, chmod u+x file.txt adds execute permission for the owner, while chmod 755 file.txt sets full access for the owner and read/execute for group and others.
chmod u+x example.txt
chmod 755 example.txtPractice Exercise
Create a script named backup.sh and set its permissions so that the owner can read, write, and execute; the group can read and execute; and others can only execute. Use both symbolic and numeric notation to achieve this.
Show Solution
touch backup.sh
# Using symbolic notation:
chmod u=rwx,g=rx,o=x backup.sh
# Using numeric notation:
chmod 751 backup.sh
ls -l backup.sh
# Output: -rwxr-x--x 1 user group 0 Jan 1 12:00 backup.sh
# Explanation: Both methods achieve the same result.Step 5: Changing Ownership with `chown` and `chgrp`
The chown command changes the owner of a file or directory, while chgrp changes the group. These commands are useful when transferring ownership or assigning files to specific groups.
- chown Syntax: chown [owner] [file]
- chgrp Syntax: chgrp [file]
For example, chown alice example.txt changes the owner to alice, and chgrp developers example.txt changes the group to developers.
chown alice example.txt
chgrp developers example.txtPractice Exercise
Create a file named project_plan.txt. Change its owner to manager and its group to team. Verify the changes using ls -l.
Show Solution
touch project_plan.txt
sudo chown manager project_plan.txt
sudo chgrp team project_plan.txt
ls -l project_plan.txt
# Output: -rw-r--r-- 1 manager team 0 Jan 1 12:00 project_plan.txt
# Explanation: The owner is now `manager`, and the group is `team`.Step 6: Special Permissions: SUID, SGID, and Sticky Bit
Linux supports special permissions that provide additional functionality:
- SUID (Set User ID): Allows a file to be executed with the permissions of the file owner.
- SGID (Set Group ID): Allows a file to be executed with the permissions of the file group or ensures files created in a directory inherit the group ownership.
- Sticky Bit: Restricts file deletion in a directory to the file owner or root.
These permissions are set using numeric notation (e.g., 4755 for SUID) or symbolic notation (e.g., u+s).
chmod u+s script.sh
chmod 4755 script.shPractice Exercise
Create a directory named shared_resources. Set the SGID bit so that files created in this directory inherit the group ownership. Verify the changes using ls -ld.
Show Solution
mkdir shared_resources
chmod g+s shared_resources
ls -ld shared_resources
# Output: drwxr-sr-x 2 user group 4096 Jan 1 12:00 shared_resources
# Explanation: The `s` in the group permissions indicates the SGID bit is set.Step 7: Real-World Scenario: Securing a Web Server Directory
In a real-world scenario, you might need to secure a web server directory to ensure only authorized users can access or modify files. For example, you might want to:
- Allow the web server user to read and execute files.
- Restrict write access to the owner.
- Prevent others from accessing sensitive files.
This can be achieved using chmod and chown.
sudo chown www-data:www-data /var/www/html
sudo chmod 750 /var/www/htmlPractice Exercise
Assume you are managing a web server. Create a directory named secure_uploads and set its permissions so that the web server user (www-data) can read and write, the owner can read, write, and execute, and others have no access. Verify the changes using ls -ld.
Show Solution
sudo mkdir /var/www/secure_uploads
sudo chown www-data:www-data /var/www/secure_uploads
sudo chmod 770 /var/www/secure_uploads
ls -ld /var/www/secure_uploads
# Output: drwxrwx--- 2 www-data www-data 4096 Jan 1 12:00 /var/www/secure_uploads
# Explanation: 770 sets full access for owner and group, and no access for others.Step 8: Advanced Challenge: Recursive Permission Changes
Sometimes, you need to change permissions for an entire directory tree. The -R option with chmod and chown allows you to apply changes recursively.
For example, chmod -R 755 /var/www sets permissions for all files and subdirectories in /var/www.
chmod -R 755 /var/www
chown -R www-data:www-data /var/wwwPractice Exercise
Create a directory structure with multiple subdirectories and files. Use chmod -R to set permissions so that the owner has full access, the group can read and execute, and others can only read. Verify the changes using ls -lR.
Show Solution
mkdir -p project/{docs,src,bin}
touch project/docs/README.txt project/src/main.py project/bin/start.sh
chmod -R 750 project
ls -lR project
# Output: All files and directories will have permissions set to 750.
# Explanation: 750 ensures owner has full access, group has read/execute, and others have no access.