File permissions

Understanding Linux file permissions

Every file and directory on a Linux system has a set of permissions that control the kinds of access that different people have.

Permissions come in two parts: access modes and ownership - the what and the who respectively.

Access modes

There are three different kinds of access: Read, Write and Execute.

The meaning of these is slightly different between files and directories:

ReadWriteExecute
File Contents can be read Contents can be changed Can be run as a script or program
Directory Files can be listed Files can be added, deleted, renamed, etc Can be traversed into/through

Ownership

Every file and directory also has a user and a group associated with it.

The user is the account that owns the file, while the group is the group of users (if any) that it's shared with.

In your home directory, the group will usually the same as the user, but in shared directories the group will usually be the project or class it belongs to.

Permissions

The permissions for a file make up the ownership information, plus three sets of access modes:

  • User access
  • Group access
  • Others access (everyone else)

For example, given a script with yourself as the user and your project group as the group, you might want permissions like this:

ReadWriteExecute
Userrwx
Groupr-x
Others---

You have full access to the script (rwx).

Your project group can read and run the script, but cannot edit it (r-x).

Everyone else has no access to the script at all (---).

Viewing file permissions

To see the current permissions on a file, run ls -l on it:

$ ls -l myfile -rwxr-x--- 1 jsmith cs1234project 1918 Mar 5 08:36 myfile

The bolded fields are the access-modes string, the user and the group respectively.

The access-modes are the user, group and other modes concatenated together - in this case rwx, r-x and --- (the same permissions as in the table above)

There's also a single-character prefix showing the type of object: - for files (as in this example), d for directories and l for soft links.

Note that soft links always show up as lrwxrwxrwx, because the actual permissions applied are those of the file the link points to.

Setting File Permissions

Be sure to understand Secure File Permissions before changing things, so you don't accidentally give the wrong people access to your files.

You can set the access modes for a file or directory using the chmod command.

Run man chmod for full details, but as a brief example: chmod u=rwx g=rx o=rx myfile will set the permissions on myfile to -rwxr-xr-x.

You can also set the group of a file using the chgrp command: chgrp groupname myfile (see man chgrp for more details.)

However, you can't change the owner of a file unless you are the root user. If you need to change the ownership of a file, contact System Support.

Last edited by jbc 15/02/2018

Tags for this page:

file, permissions