Linux supports multiple users and groups on the system to log in, create, modify and delete files and folders. System files and folders must be protected from the ordinary users to avoid accidental deletion or modification. Configuration files can contain sensitive data like passwords and certificates. Our home user directory can contain our private secrets as well. In UNIX/Linux there is a permission and owner/group system in place.
Files and directories
In UNIX/Linux everything is a file. We distinguish between two types of files:
- Regular files
- (Special files)
- Directory files (Yes, in Linux even directories are files!)
There are special file types in the group of regular files that we are not going to explore here. There is some training material on linux.com about the topic for further reference.
We can list our files and directories with the ls command. Without an argument it lists the contents of the current directory. In the next example we are in the home directory of an ordinary user and we can list the files and directories in this folder.
┌──(tmolnar@LaptopDebtop)-[~]
└─$ ls
pelican-themes quicklisp quicklisp.lisp stuffWe can list other directories with it adding a command line argument to the command. In the next example we see the content of the stuff directory. To check where are we in the file system we can use the pwd command.
┌──(tmolnar@LaptopDebtop)-[~]
└─$ ls stuff/
projectsWith command line options we can control the behavior of the ls command. In the next example we query a detailed list of files and directories of the current folder. You can see the permissions, the ownership and other information about the entities here.
┌──(tmolnar@LaptopDebtop)-[~]
└─$ ls -l
total 68
drwxr-xr-x 132 tmolnar tmolnar 4096 Sep 18 12:00 pelican-themes
drwxr-xr-x 6 tmolnar tmolnar 4096 Sep 10 2020 quicklisp
-rw-r--r-- 1 tmolnar tmolnar 57144 Sep 10 2020 quicklisp.lisp
drwxr-xr-x 3 tmolnar tmolnar 4096 May 23 2022 stuffOwner and group
The third and fourth columns from the ls -l command are the user (owner) and group of the file or directory. Every file on the system must have an owner and group. The user can be a username or ID as well as the group can be a group name or group ID. We can modify the user/group with the chown command easily. We can query the group membership of a user with the id command. The root user is always ID 0!
┌──(tmolnar@LaptopDebtop)-[~]
└─$ id root
uid=0(root) gid=0(root) groups=0(root)The user and the group name or ID can be used to set file/directory permissions on Linux.
File and directory permissions
Let’s break down the output of an ls -l command output focusing on the permissions!
| Permissions | Owner | Group | File/Directory |
| -rwxr-xr-x | tmolnar | tmolnar | connect_tryhackme_openvpn.sh |
| drwxr-xr-x | tmolnar | tmolnar | Desktop |
The first column shows the permissions of the file/directory. There are seven bits by default in this section. Notice that a directory is noted with a leading (d) like in drwxr-xr-x . Regular files have a dash (–) at this position like in -rwxr-xr-x (if there are no special file permissions in place).
We can break down the remaining characters to 3 x 3 positions:
- The 1st three bits are the User permissions (u)
- The 2nd three bits are the Group permissions (g)
- The 3rd three bits are the Others permissions (o and/or a)
| User (u) | Group (g) | Others (o) |
| rwx | r-x | r-x |
Breaking down the three digits we will get the following file mod bits:
- r = read = the permission owner can see the contents
- w = write = the permission owner can modify the contents
- x = execute (search for directories) = the permission owner can execute files or search in the folder
- – = no permission
There are other special file mode bits we can add to the mix:
- s = set user or group ID
- t = restricted deletion (sticky bit)
- X = execute/search if the file is a directory or already has execute permission for some users
Considering the the above example, a file with -rwxr-xr-x permissions means the following:
| Read (4) | Write (2) | Execute (1) | |
| User | yes | yes | yes |
| Group | yes | no | yes |
| Others | yes | no | yes |
- The owner (user) can read/write/execute the file.
- The group can read and execute it.
- Others can read and execute it as well.
Numeric file and directory permissions
There is also a numeric mode to set file permissions in four digits. In the header of the table we can see the numeric permissions in the brackets.
- r = 4
- w = 2
- x = 1
In a table format:
| Read (r) | Write  | Execute (x) | |
| Numeric permission | 4 | 2 | 1 |
The first digit of the four numeric permission bits is for setting our special file permissions:
- set user ID = 4
- set group ID = 2
- restricted deletion (sticky bit) = 1
Considering our file example the 0755 in numeric mode can be translated to -rwxr-xr-x. Notice the leading zero for the special bit! The leading zero is for the special file permissions.
| Special | User | Group | Execute |
| 0 | 7 | 5 | 5 |
It means: special permissions = 0, user permissions = 4+2+1, group permissions = 4+1, other permissions = 4+1.
To change file/directory permissions in Linux take a look at the manual of the chmod command!
Summary
Finally, here is a table about the symbolic and numeric basic permissions.
| Permission | Symbolic | Numeric | Comment |
| Read | r | 4 | |
| Write | w | 2 | |
| Execute | x | 1 | Search in directory |
I hope with this short review the file permissions on a UNIX/Linux system are now clear.
If you have a comment or other opinion, visit Tom’s IT Cafe Discord Server and share it!
Tom's IT Cafe 