Every file and directory on Linux system is owned by a specific user and group. Therefore, file/directory permissions are defined separately for users, groups, and others.
User: The username of the person who owns the file/directory. By default, the user who creates the file/directory will become its owner.
Group: The usergroup that owns the file/directory. All users who belong to the group that owns the file/directory will have the same access permissions to the file/directory.
Other: A user who isn't the owner of the file/directory and doesn't belong to the same group the file/directory does. In other words, if you set a permission for the "other" category, it will affect everyone else by default. For this reason, people often talk about setting the "world" permission when they mean setting the permissions for "other."
Understanding file permissions
There are three types of access permissions on Linux: read, write, and execute. These permissions are defined separately for the file's/directory’s owner, group and all other users.
Read permission. On a regular file, the read permission means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write permission. On a regular file, this means you can modify the file, aka write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do this.
Execute permission. On a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission allows you to access files in the directory and enter it, with the cd command, for the instance. However, note that although the execute permission allows you enter the directory, you're not allowed to list its contents, unless you also have the read permissions to that directory.
How to view file permissions
You can view the access permissions of a file/directory by performing the ls -l command. The result of this command should be like:
The first column shows the file type and permissions. The second column shows the number of links (directory entries that refer to the file), the third one shows the owner of the file, the fourth one shows the group the file belongs to, the fifth column shows the file's size in bytes. The other columns show date and time of last modification, and the filename.
The first column is organized into four separate groups:
The first character can be any of these:
d = directory
- = regular file
l = symbolic link
s = Unix domain socket
p = named pipe
c = character device file
b = block device file
The next nine characters show the file’s/directory's permissions, divided into three groups. Each group consists of three characters.
The first group of three characters shows the read, write, and execute permissions for user, the owner of the file/directory. The next group shows the read, write, and execute permissions for the group of the file/directory. The last group of three characters shows the permissions for other, everyone else. In each group, the first character means the read permission, the second one write permission, and the third one execute permission.
r = read permission
w = write permission
x = execute permission
- = no permission
How to set file permissions - numeric mode
You can set file/directory permissions with the ‘chmod’ command. Both the root user and the file's/directory’s owner can set file/directory permissions. ‘chmod’ command has two modes, symbolic and numeric.
We will consider the numeric mode of this command. In the numeric mode, the file permissions aren't represented by characters (r, w, x, -). Instead, they are represented by a three-digit octal number.
4 = read (r)
2 = write (w)
1 = execute (x)
0 = no permission (-)
To get the permission you want, you should set up the numbers accordingly. Because you set separate permissions for the owner, group, and others, you'll need a three-digit number representing the permissions of all these groups.
Let's have an example.
$ chmod 750 public_html
This would change the public_html directory's permissions to drwxr-x---. The owner would have full read, write, and execute permissions (7=4+2+1), the group would have read and execute permissions (5=4+1), and the world would wouldn’t have any access permissions.
Let's have another example:
$ chmod 644 index.html
In this case, index.html file's permissions would be -rw-r--r--. The owner would have read and write permissions (6=4+2), the group would have read permissions only (4), and the others would have read permissions (4) as well. This quick reference for setting file permissions in numeric mode:
|
0
|
---
|
|
1
|
--x
|
|
2
|
-wx
|
|
4
|
r--
|
|
5
|
r-x
|
|
6
|
rw-
|
|
7
|
rwx
|