Permissions

  • File and directory permissions are based on user class and access mode
  • User classes
    • User (u): File owner
    • Group (g): Other users in the group
    • Other (o): All other users

  • User class permissions

    • Read (r)
    • Write (w)
    • Execute (x)

  • Permission information can be listed with ls command

Permission information

File types

  • The first symbol in permission information presentes file type of a file
  • Below is the table including possible file types for files
Symbol File type Description
- Ordinary file Files such as text, image, database, binary, and so on
d Directory A special file that can contain other files
l Symbolic link A shortcut or reference to another file
b Block device Devices that can send and receive buffered or random data such as CD, DVD, and hard disks
c Character device Devices that can send and receive data in a sequence of characters, such as modems and virtual terminals
s Sockets Files used for communication within processes in the local system without using network protocols
p Named pipe Pipes represented in the filesystem

File and directory permissions

  • As stated earlier, there are three user class permissions in Unix-based operating systems: Read, Write and Execute
  • Table below describes how these permissions allow the usage of files and directories
Permission File Directory
Read The content of the file can be read The content of a directory can be listed (for example with ls command)
Write File can be created, edited or deleted Permission to create, edit or delete the directory
Execute Program or script can be executed Permission to enter and use the directory
  • User must have the execute permission (x) for all subdirectories inside a directory in order to use all files in subdirectories
  • If user has write permission (w) for the directory, user can delete a file from that directory even if user has no permissions for the file itself

CHMOD (Change File Access Permissions)

  • chmod command is user for setting or modifying file and directory permissions
  • Syntax for single file or directory: chmod file/directory name
  • Permissions can be shown from file like in the example figure below

Example of file permissions

  • Permissions can be set by using either numerical or symbolic format

  • Numerical format has the following options:

    • r (read) = 4
    • w (write) = 2
    • x (execute) = 1
    • - (no access) = 0

  • Setting permissions for each user class with numerical format requires adding all permissions together like in the example below

    • Full permissions → 4 (r) + 2 (w) + 1 (x) = 7
    • Read and write permissions → 4 (r) + 2 (w) = 6
    • Read permissions → 4 (r) = 4

  • Example: Set all permissions for the file owner, read and write permission for the group and read permission for all other users using numeric format

testuser@ubuntu-PC:~$ ls -l
drw-r-----  2  testuser testuser 4096  Aug 20 10:55 sensors.txt
testuser@ubuntu-pc:~$ chmod 764 sensors.txt
testuser@ubuntu-pc:~$ ls -l
drwxrw-r--  2  testuser testuser 4096  Aug 20 10:55 sensors.txt
  • This same permission modification can be also done with symbolic format
  • The following notation for user classes can be used with symbolic format:
    • u = user
    • g = group
    • o = other
    • a = all (user, group and other)

  • Permissions are either set or modified with the following operators:

    • + add permission
    • - remove permission
    • = set permission

  • Example for using symbolic format

testuser@ubuntu-pc:~$ ls -l
-rw-r--r--  2  testuser testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ chmod u+x server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxr--r--  2  testuser testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ chmod g+x,o+r server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxr-xr--  2  testuser testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ chmod a=rwx server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxrwxrwx  2  testuser testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ chmod g-x,o-wx server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2  testuser testuser 0  Aug 20 10:55 server1.log
  • When setting permissions for a directory, all subdirectories and files inside the directory can also be covered by using -R option
  • Example: Set read permissions for directory owner and group including all content inside the directory
testuser@ubuntu-PC:~$ chmod 440 -R sensor_data/

CHOWN (Change File Owner)

  • Files and directories always has an owner which can be changed with chown command
  • Command syntax is the following:
chown <user> file/directory
chown <user> -R directory
chown :<group> file/directory
  • Example of changing file and directory owner
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2  testuser testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ sudo chown root server1.log
[sudo] password for testuser:
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2  root     testuser 0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ sudo chown mark:mark server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2  mark     mark     0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ sudo chown :testuser server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2  root     testuser 0  Aug 20 10:55 server1.log
  • There are two types of links used in Linux:
    • Symbolic (soft) link
    • Hard link

  • Symbolic link (symlink) is a shortcut for another file

    • This particular file does not necessarily need to exist
    • Symbolic link is an alias name point to original file name, not to the actual file
    • Symbolic links are used for example to shorten the pointing link for particular directory
    • Permission modifications made for symbolic links are directed for the original file which symbolic link is pointing
    • Broken symbolic link is marked with red color when ls command is used

  • Hard link points to the file that must exist

  • Hard link can only point to a file and the following cannot be pointed:

    • Directories
    • Files on another system partition

  • To sum the difference between symbolic and hard links:

    • Hard link must always point to an existing file on a same system partition
    • Symbolic link target does not have to exists

  • Syntax for creating a symbolic link: ln -s

  • Syntax for creating a hard link: ln

  • Example of listing directories with links

testuser@ubuntu-pc:~$ ls -l /bin/*nano
-rwxr-xr-x  1 root     root     245872  Mar 6 2018 /bin/nanol
rwxrwxrwx   1 root     root          4  Mar 6 2018 /bin/rnano -> nano
testuser@ubuntu-pc:~$ ls -l /sbin/mod*
lrwxrwxrwx  1 root     root          9  Nov 12 2018 /sbin/modinfo -> /bin/kmod
lrwxrwxrwx  1 root     root          9  Nov 12 2018 /sbin/modprobe-> /bin/kmod
  • Example of creating a hard link
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2 root     testuser      0  Aug 20 10:55 server1.log
testuser@ubuntu-pc:~$ ln server1.log server-file-link
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2 root     testuser      0  Aug 20 10:55 server1.log
-rwxrw-r--  2 root     testuser      0  Aug 20 10:55 server-link-file
testuser@ubuntu-pc:~$ rm server1.log
testuser@ubuntu-pc:~$ ls -l
-rwxrw-r--  2 root     testuser      0  Aug 20 10:55 server-link-file.log
  • Example of creating a symbolic link
testuser@ubuntu-pc:~$ ln -s /tmp/server1.log server-file-link
lrwxrwxrwx  2 testuser testuser      0  Aug 20 10:55 server-file-link -> /tmp/server1.log
testuser@ubuntu-pc:~$ rm /tmp/server1.log
testuser@ubuntu-pc:~$ ls -l
lrwxrwxrwx  2 testuser testuser      0  Aug 20 10:55 server-file-link -> /tmp/server1.log
testuser@ubuntu-pc:~$ cat /tmp/server1.log
cat: server1.log: No such file or directory