Linux file permissions and ownership form the foundation of access control in Linux systems. They ensure security and stability by defining who can read, write, or execute files and directories. In multi-user environments, this model prevents unauthorized access while allowing controlled collaboration.
Understanding permissions is essential for anyone managing Linux or RHEL systems.
Permission Classes
Every file and directory in Linux assigns permissions to three user categories:
- User (u) The file owner. Typically has the highest level of access.
- Group (g) Users who belong to the file’s assigned group.
- Others (o) All other users on the system.
These classes allow Linux to enforce fine-grained access control in shared environments.
Permission Types
Linux defines three core permissions, which behave differently for files and directories:
| Permission | Symbol | File Meaning | Directory Meaning |
|---|---|---|---|
| Read | r | View contents | List contents |
| Write | w | Modify or delete | Create/delete files (needs x) |
| Execute | x | Run as program | Enter or search directory |
Note: Write access on directories requires execute (x) permission to be fully effective.
Viewing Permissions and Ownership
To inspect permissions, use:
# ls -l
Example output:
-rwxr-xr-- 1 john developers 4096 Oct 21 10:00 script.sh
How to Read This Output
First character → File type
- - regular file
- d directory
- l symbolic link
Next 9 characters → Permissions
- rwx → User (owner)
- r-x → Group
- r-- → Others
Remaining fields → Owner, group, file size, timestamp, filename
This single command provides a complete snapshot of access control.
Changing Ownership (chown)
Ownership determines who controls a file. The chown command modifies ownership settings.
Common Usage
# chown user file
Change file owner.
# chown user:group file
Change both owner and group.
# chown :group file
Change group ownership only.
# chown -R user:group /path
Recursively change ownership for a directory and its contents.
Most ownership changes require root privileges.
Changing Permissions (chmod)
Permissions can be modified using numeric (octal) or symbolic notation.
Numeric (Octal) Notation
# chmod 755 file
Each digit represents permissions for user, group, and others.
| Value | Meaning |
|---|---|
| 0 | --- |
| 1 | --x |
| 2 | -w- |
| 3 | -wx |
| 4 | r-- |
| 5 | r-x |
| 6 | rw- |
| 7 | rwx |
Example:
# chmod 755 file
- User: 7 → rwx
- Group: 5 → r-x
- Others: 5 → r-x
Octal notation is compact and widely used for standard permissions, especially executables.
Symbolic Notation
# chmod u+rwx,g+rx,o+r file
- u, g, o → user, group, others
- + add permission, - remove permission
Symbolic mode is useful for incremental changes.
Special Permissions
Linux supports special permission bits for advanced access control.
Setuid (s)
- Executable runs with the file owner’s privileges
- Common example: /usr/bin/passwd
-rwsr-xr-x
- Numeric form:
# chmod 4755 file
Setgid (s)
- On files: runs with group privileges
- On directories: new files inherit the directory’s group
drwxrwsr-x
- Numeric form:
# chmod 2755 directory
Sticky Bit (t)
- Applied to directories
- Only the file owner can delete or rename files
Common example: /tmp
drwxr-xr-t
- Numeric form:
# chmod 1755 directory
Summary
Linux file permissions and ownership provide a powerful security model by combining:
- User, group, and others
- Read, write, and execute permissions
- Numeric and symbolic permission management
- Special permission bits (setuid, setgid, sticky)
Mastering these concepts is essential for securing Linux systems, managing shared environments, and administering RHEL servers effectively.
No comments:
Post a Comment