LWM-Linux/05 - Linux Permissions and Ownership/Understanding File Permissions.md

# Understanding File Permissions in Linux

## 1. Introduction to File Permissions

In Linux, file permissions are a crucial aspect of system security and user access control. They determine who can read, write, or execute files and directories. Understanding file permissions is essential for system administrators and users alike.

## 2. Basic Concepts

### Users and Groups
Every file and directory in Linux is owned by a user and associated with a group.
There are three types of users:
- Owner: The user who created or owns the file
- Group: Users belonging to the file's group
- Others: All other users on the system

### Permission Types
- There are three basic permission types:
  a) Read (r): Allows viewing the contents of a file or listing the contents of a directory
  b) Write (w): Allows modifying a file or creating/deleting files within a directory
  c) Execute (x): Allows running a file as a program or accessing a directory

## 3. Viewing File Permissions

To view file permissions, use the `ls -l` command. The output will look like this:

`-rwxrw-r-- 1 user group 4096 Jul 22 10:00 example.txt`

Let's break down this information:
- First character: File type (- for regular file, d for directory)
- Next 9 characters: Permissions for owner, group, and others
- User name and group names
- File size in bytes
- Last modification date and time
- File name

## 4. Understanding Permission Notation

### Symbolic Notation
Permissions are represented by 9 characters, grouped into three sets of three:
- First set: Owner permissions (rwx)
- Second set: Group permissions (rwx)
- Third set: Others permissions (rwx)

Each set uses 'r' for read, 'w' for write, and 'x' for execute. A hyphen (-) indicates the absence of that permission.

### Numeric Notation
Permissions can also be represented numerically:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1

The sum of these values for each user category represents the permissions:
- 7 (4+2+1) = rwx (Read, Write, Execute)
- 6 (4+2) = rw- (Read, Write)
- 5 (4+1) = r-x (Read, Execute)
- 4 = r-- (Read only)
- 3 (2+1) = -wx (Write, Execute)
- 2 = -w- (Write only)
- 1 = --x (Execute only)
- 0 = --- (No permissions)

##5. Changing File Permissions

### Using chmod with Symbolic Notation
The `chmod` command is used to change file permissions. The basic syntax is:

`chmod [who][operation][permissions] filename`

- Who: u (user/owner), g (group), o (others), a (all)
- Operation: + (add), - (remove), = (set exactly)
- Permissions: r, w, x

Examples:
- `chmod u+x file.txt`: Add execute permission for the owner
- `chmod go-rw file.txt`: Remove read and write permissions for group and others
- `chmod a=rx file.txt`: Set read and execute permissions for all users

### Using chmod with Numeric Notation
You can also use numeric notation with chmod:

`chmod [numeric_permissions] filename`

Example:
- `chmod 755 file.txt`: Set rwx for owner, rx for group and others

## 6. Changing File Ownership

### chown command
Use `chown` to change the owner of a file:

`chown new_owner filename`

### chgrp command
Use `chgrp` to change the group of a file:

`chgrp new_group filename`

## 7. Special Permissions

### SetUID (Set User ID)
- Represented by 's' in the owner's execute position
- Allows a file to be executed with the permissions of the file owner
- Numeric value: 4000

### SetGID (Set Group ID)
- Represented by 's' in the group's execute position
- For files: Executes with the permissions of the file group
- For directories: New files inherit the directory's group
- Numeric value: 2000

### Sticky Bit
- Represented by 't' in the others' execute position
- Used on directories to prevent users from deleting files they don't own
- Numeric value: 1000

Example:
`chmod 4755 file`: Sets SetUID and rwxr-xr-x permissions

## 8. Default Permissions

The `umask` command sets the default permissions for newly created files and directories. It specifies which permissions should be removed from the default (666 for files, 777 for directories).

Example:
- `umask 022`: New files will have 644 permissions, new directories 755

## 9. Access Control Lists (ACLs)

For more fine-grained control, Linux supports ACLs. Use `setfacl` to set and `getfacl` to view ACLs.

Example:
`setfacl -m u:username:rx file.txt`: Grant read and execute permissions to a specific user

## 10. Practical Tips
- Always use the principle of least privilege
- Regularly audit file permissions
- Be cautious when using recursive permission changes
- Understand the implications of SetUID and SetGID bits
Sanitize Chapter 5 2024-09-05 17:16:13 -06:00			`# Understanding File Permissions in Linux`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`## 1. Introduction to File Permissions`

			`In Linux, file permissions are a crucial aspect of system security and user access control. They determine who can read, write, or execute files and directories. Understanding file permissions is essential for system administrators and users alike.`

			`## 2. Basic Concepts`

			`### Users and Groups`
			`Every file and directory in Linux is owned by a user and associated with a group.`
			`There are three types of users:`
			`- Owner: The user who created or owns the file`
			`- Group: Users belonging to the file's group`
			`- Others: All other users on the system`

			`### Permission Types`
			`- There are three basic permission types:`
			`a) Read (r): Allows viewing the contents of a file or listing the contents of a directory`
			`b) Write (w): Allows modifying a file or creating/deleting files within a directory`
			`c) Execute (x): Allows running a file as a program or accessing a directory`

			`## 3. Viewing File Permissions`

			To view file permissions, use the `ls -l` command. The output will look like this:

Sanitize Chapter 5 2024-09-05 17:16:13 -06:00			`-rwxrw-r-- 1 user group 4096 Jul 22 10:00 example.txt`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`Let's break down this information:`
			`- First character: File type (- for regular file, d for directory)`
			`- Next 9 characters: Permissions for owner, group, and others`
Sanitize Chapter 5 2024-09-05 17:16:13 -06:00			`- User name and group names`
			`- File size in bytes`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00			`- Last modification date and time`
			`- File name`

			`## 4. Understanding Permission Notation`

			`### Symbolic Notation`
			`Permissions are represented by 9 characters, grouped into three sets of three:`
			`- First set: Owner permissions (rwx)`
			`- Second set: Group permissions (rwx)`
			`- Third set: Others permissions (rwx)`

			`Each set uses 'r' for read, 'w' for write, and 'x' for execute. A hyphen (-) indicates the absence of that permission.`

			`### Numeric Notation`
			`Permissions can also be represented numerically:`
			`- Read (r) = 4`
			`- Write (w) = 2`
			`- Execute (x) = 1`

			`The sum of these values for each user category represents the permissions:`
			`- 7 (4+2+1) = rwx (Read, Write, Execute)`
			`- 6 (4+2) = rw- (Read, Write)`
			`- 5 (4+1) = r-x (Read, Execute)`
			`- 4 = r-- (Read only)`
			`- 3 (2+1) = -wx (Write, Execute)`
			`- 2 = -w- (Write only)`
			`- 1 = --x (Execute only)`
			`- 0 = --- (No permissions)`

			`##5. Changing File Permissions`

			`### Using chmod with Symbolic Notation`
			The `chmod` command is used to change file permissions. The basic syntax is:

Sanitize Chapter 5 2024-09-05 17:16:13 -06:00			`chmod [who][operation][permissions] filename`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`- Who: u (user/owner), g (group), o (others), a (all)`
			`- Operation: + (add), - (remove), = (set exactly)`
			`- Permissions: r, w, x`

			`Examples:`
			- `chmod u+x file.txt`: Add execute permission for the owner
			- `chmod go-rw file.txt`: Remove read and write permissions for group and others
			- `chmod a=rx file.txt`: Set read and execute permissions for all users

			`### Using chmod with Numeric Notation`
			`You can also use numeric notation with chmod:`

Forgot a few code blocks in Chapter 5 2024-09-05 17:18:45 -06:00			`chmod [numeric_permissions] filename`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`Example:`
			- `chmod 755 file.txt`: Set rwx for owner, rx for group and others

			`## 6. Changing File Ownership`

			`### chown command`
			Use `chown` to change the owner of a file:

Forgot a few code blocks in Chapter 5 2024-09-05 17:18:45 -06:00			`chown new_owner filename`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`### chgrp command`
			Use `chgrp` to change the group of a file:

Forgot a few code blocks in Chapter 5 2024-09-05 17:18:45 -06:00			`chgrp new_group filename`
Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse 2024-09-02 16:42:08 -06:00
			`## 7. Special Permissions`

			`### SetUID (Set User ID)`
			`- Represented by 's' in the owner's execute position`
			`- Allows a file to be executed with the permissions of the file owner`
			`- Numeric value: 4000`

			`### SetGID (Set Group ID)`
			`- Represented by 's' in the group's execute position`
			`- For files: Executes with the permissions of the file group`
			`- For directories: New files inherit the directory's group`
			`- Numeric value: 2000`

			`### Sticky Bit`
			`- Represented by 't' in the others' execute position`
			`- Used on directories to prevent users from deleting files they don't own`
			`- Numeric value: 1000`

			`Example:`
			`chmod 4755 file`: Sets SetUID and rwxr-xr-x permissions

			`## 8. Default Permissions`

			The `umask` command sets the default permissions for newly created files and directories. It specifies which permissions should be removed from the default (666 for files, 777 for directories).

			`Example:`
			- `umask 022`: New files will have 644 permissions, new directories 755

			`## 9. Access Control Lists (ACLs)`

			For more fine-grained control, Linux supports ACLs. Use `setfacl` to set and `getfacl` to view ACLs.

			`Example:`
			`setfacl -m u:username:rx file.txt`: Grant read and execute permissions to a specific user

			`## 10. Practical Tips`
			`- Always use the principle of least privilege`
			`- Regularly audit file permissions`
			`- Be cautious when using recursive permission changes`
Sanitize Chapter 5 2024-09-05 17:16:13 -06:00			`- Understand the implications of SetUID and SetGID bits`