Over the next few posts I’ll be covering three basic elements of files in Linux:
- ACL’s (Access Control Lists)
- File Attributes
The ls command
Every file in Linux has three primary permissions settings (read, write, execute) that apply to three elements (owner, group, others).
File permissions can be viewed on the command line using the “ls” command.
[luke@testserver stuff]$ ls -l total 0 -rwxrw-r-x 1 luke admins 0 Jun 21 19:44 file1
Looking at the output from ls -l, from left to right we can break the output into several groups as shown below. Each group separated by parenthesis.
[ (-) (rwxrw-r-x) (1) (luke admins) (0) (Jun 21 19:44) (file1) ]
Let’s look at each block separately.
(-) The leading dash tells us that this is a normal file. You may also see “d” (directory), “l” (link), or “b” (block device) and a few others. but -,d, and l will cover 90+ % of the files you will come into contact with.
Continuing down the line we have (rwxrw-r-x) this should be viewed as three sets of permissions (r) read, (w) write, and (x) execute. Each of the 3 permissions are applied to the owner, group, and others (others is everyone else on the system).
In this example, the permissions read as follows
Owner: rwx (read, write, execute)
Group: rw- (read, and write). The – indicates that the group does not have execute permissions
Other: r-x (read, and execute) In this case others can read and execute but not write to the file, as indicated by the – in the “w” place.
(1) Continuing to the right we see the number 1. This number represents the link count for a file. This file has 1 link which is to itself, if we created a link (shortcut) to this file from another location then the link count would be 2 and would increase by one for each additional link.
The next two entries (luke admins) represent the file owner (luke) and the group that has permission to the file (admins).
(0) The number after the group listing is the file size in bytes. In this case, it’s 0. To see the file size in human readable form use
ls -lh .
(Jun 21 19:44) This section shows the date and time that the file was last modified.
(file1) Last we see the file name.
Changing file ownership
Files in Unix-like operating systems belong to a single user (the owner) and a group. Only the root user can change the ownership of a file or directory.
To change ownership of a file use the
chown command like this:
chown <user>:<group> file
Here are a few examples:
Change user and group of a file:
sudo chown superman:justiceleague goodguy.file
Change only the user:
sudo chown superman goodguy.file
Change only the group:
sudo chown :justiceleague goodguy.file
File permissions are changed with the
chmodcommand. Permissions can be modified using two different formats, numerical and symbolic.
File permissions in Linux are coded symbolically (as letters)
- r – read
- w – write
- x – execute
- 4 – read
- 2 – write
- 1 – execute
Each applies to the user(owner), group, and other.
For example, if a file has the following permissions
ls -lh myawesomefile.txt -rw-r--r-- 1 luke users 9.3M Jan 21 21:43 myawesomefile.txt
- User – read, write
- Group – read
- Others -read
If we wanted to change this so that users can execute this file we can make this change in one of two ways.
chmod u+x myawesomefile.txt
In this example u = user and x = execute. You can remove the execute permission by changed the + to a -.
chmod u-x myawesomefile.txt
Changing permissions symbolically uses (ugoa) user, group, other, all
Give group write permission on myawesomefile.txt
chmod g+x myawesomefile.txt
Give all users execute permission.
chmod a+x myawesomefile.txt
Changing permissions numerically is intimidating for new Linux users but it shouldn’t be. If you can add up to seven then you should be fine.
Let’s make a new file called “USMC.OORAH” and then display the permissions.
touch USMC.OORAH; ls -lh USMC.OORAH -rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
So permissions are rw-r–r– (User read/write, Group read only, Others read only)
These permissions can be expressed numerically as 644 which is admittedly much higher than seven. However, this number is not six hundred forty-four. It is six, four, four.
Numerically file permissions are always Read + Write + Execute = numerical permission
- User – 6 (read/write because read (4) + write (2) + execute (0) = 6)
- Group – 4 (read only because read (4) + write (0) + execute (0) = 4)
- Others – 4 (read only because read (4) + write (0) + execute (0) = 4)
- Remember read = 4, write =2, and execute = 1 and each applies to users groups and others user6|group4|other4 or just 644
Lets change permissions on our file to allow the group to write to the file, while keeping everything else the same. We need to add 2 only to the group portion of our permissions.
chmod 664 USMC.OORAH ls -lh USMC.OORAH -rw-rw-r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
What if we wanted to allow others to execute this file? Currently, others can only read which is represented by the number 4 execute is represented by the number 1. 4+1=5 so we will want to change permissions to 665.
chmod 665 USMC.OORAH ls -lh USMC.OORAH -rw-rw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH
Full permission, read write and execute, is represented by the number 7 because 4+2+1 is 7. So to give the user read write and execute on our file:
chmod 765 USMC.OORAH ls -lh USMC.OORAH -rwxrw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH
Of course, you can take permissions away by subtracting. To change the file back to its original permissions of rw-r–r–
chmod 644 USMC.OORAH ls -lh USMC.OORAH -rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH
My next post will take this one step further and add ACL’s or access control lists to the permissions scheme which allows our permissions be become much more fine-grained and can include multiple users and groups.