CLI Intro: Permissions

Permissions are very important in Linux since they define who can read or write to files. Let’s take a simple example:

$ touch myfile
$ ls -l
total 0
-rw-r–r– 1 embryo embryo 0 Feb 13 15:40 myfile

First, we create an empty file called myfile, then we list it in long format to see its permissions. The file is created with the default permissions defined by umask. As you can see, the owner has read and write permissions, while the group and all the other users have only read permissions. Now let’s give write permissions to everyone:

$ chmod a+w myfile
$ ls -l
total 0
-rw-rw-rw- 1 embryo embryo 0 Feb 13 15:40 myfile

The command to change file permissions is chmod (change mod). In the above example, chmod a+rw myfile says give everyone (a) rw (read and write) permissions. Further examples:

chmod g-w myfile

This command will remove the write permissions from the group.

chmod -R a+rw mydir

This command will recursively give everyone read and write permissions to mydir, and also its sub-files and directories.

Note that directories must be executable in order to be accessible. If a directory is not executable, you will not be able to write or modify files inside it. You will be able to list the file names inside the respective directory, but you will not be able to see the permissions or the contents of those files.

$ ls -l mydir/
ls: cannot access mydir/file1: Permission denied
total 0
-????????? ? ? ? ? ? file1

However, this is only one way of assigning permissions. You may have seen something like chmod 644 myfile or chmod 555 myfile. This is the second way of settings file and folder permissions, and I will show it below.

rwx r-x r-x
111 101 101
7 5 5

In the above example, every bit can have a value of 0 or 1. The user has permissions to read, write and execute the file, the group has permissions only to read and execute the file (since the bit to write the file is empty, marked by the dash `-‘ character), and others have as well permissions to read and execute the file, but not to write to it.

In this case, rwx is 111, which is binary for octal 7, and 101 is binary for octal 5, hence the notation chmod 755 some_file.
Default umask Permissions
New files and directories will be created with default permissions defined by the umask command. The default umask is set to 022 on most systems, which means new files will be created with permissions 644 (read and write permissions for the owner, read permissions for the group and others). New directories will be created with permissions 755, since a directory needs to be executable in order to access its contents (read, write and execute permissions for the owner, read and execute permissions for everyone else).
File Types
The first bit in permissions can be:

– for a regular file
d for a directory
l for a symbolic link
c for a special file
s for a socket
p for a named pipe
b for a block device

Special Modes

Included here are SUID and SGID.

Programs will run with the permissions of the owner.

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 45420 Jul 26 2013 /usr/bin/passwd

Notice the s bit instead of the execute bit.

Introduction to Linux by Machtelt Garrels