In Linux, file permissions are a crucial aspect of system security and user access control. They determine who can read, write, or execute files and directories. Understanding file permissions is essential for system administrators and users alike.
## 2. Basic Concepts
### Users and Groups
Every file and directory in Linux is owned by a user and associated with a group.
There are three types of users:
- Owner: The user who created or owns the file
- Group: Users belonging to the file's group
- Others: All other users on the system
### Permission Types
- There are three basic permission types:
a) Read (r): Allows viewing the contents of a file or listing the contents of a directory
b) Write (w): Allows modifying a file or creating/deleting files within a directory
c) Execute (x): Allows running a file as a program or accessing a directory
## 3. Viewing File Permissions
To view file permissions, use the `ls -l` command. The output will look like this:
- Who: u (user/owner), g (group), o (others), a (all)
- Operation: + (add), - (remove), = (set exactly)
- Permissions: r, w, x
Examples:
-`chmod u+x file.txt`: Add execute permission for the owner
-`chmod go-rw file.txt`: Remove read and write permissions for group and others
-`chmod a=rx file.txt`: Set read and execute permissions for all users
### Using chmod with Numeric Notation
You can also use numeric notation with chmod:
```
chmod [numeric_permissions] filename
```
Example:
-`chmod 755 file.txt`: Set rwx for owner, rx for group and others
## 6. Changing File Ownership
### chown command
Use `chown` to change the owner of a file:
```
chown new_owner filename
```
### chgrp command
Use `chgrp` to change the group of a file:
```
chgrp new_group filename
```
## 7. Special Permissions
### SetUID (Set User ID)
- Represented by 's' in the owner's execute position
- Allows a file to be executed with the permissions of the file owner
- Numeric value: 4000
### SetGID (Set Group ID)
- Represented by 's' in the group's execute position
- For files: Executes with the permissions of the file group
- For directories: New files inherit the directory's group
- Numeric value: 2000
### Sticky Bit
- Represented by 't' in the others' execute position
- Used on directories to prevent users from deleting files they don't own
- Numeric value: 1000
Example:
`chmod 4755 file`: Sets SetUID and rwxr-xr-x permissions
## 8. Default Permissions
The `umask` command sets the default permissions for newly created files and directories. It specifies which permissions should be removed from the default (666 for files, 777 for directories).
Example:
-`umask 022`: New files will have 644 permissions, new directories 755
## 9. Access Control Lists (ACLs)
For more fine-grained control, Linux supports ACLs. Use `setfacl` to set and `getfacl` to view ACLs.
Example:
`setfacl -m u:username:rx file.txt`: Grant read and execute permissions to a specific user
## 10. Practical Tips
- Always use the principle of least privilege
- Regularly audit file permissions
- Be cautious when using recursive permission changes
