Linux Security

Linux file permissions and ownership management

Linux File Permission

Security is a big concern for Linux. That’s why learning to manage Linux file permissions is essential. As Linux is used in mainframes and servers, it is vital to keep it safe from maligned users who can corrupt change or remove crucial data. That is why for effective security, Linux divides files into two levels:

  • Ownership
  • Linux File permissions

The concepts of ownership and Linux File permissions are crucial in Linux. That’s why here we will discuss both of them. Let’s start with ownership.

Ownership

Every file in your Linux or Unix system is assigned three types of owner:

User: First one among them is user. By default user who creates the file becomes its owner. Hence user is sometimes also called an owner.

User Group: The next one is a group. A User group can contain multiple users. All users belonging to a group will have the same access permissions to the file. So you can add many users to the group and assign Linux file permissions so that group members can read or modify the file.

Others: Third type of ownership is others. Any other users who has access to a file. This person is one who neither created the file nor does he belong to a user group which owns the file. Practically it means everybody else. Hence when you set the permissions for others it is also referred to “set permissions to world”.

Now the question arises how does Linux distinguishes between these user types so that a User A does not affect the files which contains some other user B’s vital information. It’s like when you don’t want your colleague who works on your Linux computer to view your personal images. That is where Linux file permissions are set and the define user behavior. Now let’s understand the permission system on Linux.

Also check our article on managing files: How to create a file in Linux

Linux File Permissions

Every file and directory on your Linux or Unix system has three permissions read, write and execute defined for all the previous users that we discussed earlier.

Read: This permission gives you the authority to open and read a file. Read permission on directory gives you the ability to list its content.

Write: Write permission gives you the ability to modify the content of the file. Write permission on directory give you the ability to add, remove and rename files stored in that directory.

Execute: On Linux based systems you can not run or execute a program without the “execute” permission. This permission restrict or allow users to execute programs according to their access level.

Let’s understand the permissions in actual Linux system. Running the ls -l command will list the content of the directory, that will give us the following results.

#ls -l

List Linux Files

It Shows us all the permission information that we need to know. Here we can see the file type and access permission on the left hand side presented by weird looking code. Let’s see what these character means.

Linux File Permission

r = Read permissions

w = Write permissions

x = Execute permissions

– = No permissions

Here, hyphen(-) implies that we have selected a file. Else, if it were a directory, d would have been displayed as shown in the picture above.

Next part of the code is permissions for the owner. If for some file, permissions are set to rw-, it suggest that owner can read the file and write the file but he can not execute the file since the execute bit is set to (-) which is no permission.

The next part is for the user group which in our case is root as shown in the picture above. If for some file, permissions are set to rw-, then group member can read the file and write to it. By design many Linux distro like Fedora, CentOS, Ubuntu etc. will add the users to the same group name as same the username thus the user ajay is added to the same group-name named ajay.

Third part is for the world which means any user, Mostly it says r–, this means user can only read the file.

Moving on, let’s see how you can restrict access your files for other Linux users. We can easily do so by changing Linux file permissions. We can use chmod command which stands for “Change Mode”. Using this command we can set permissions read, write and execute for the owner group and the world. There are two ways to use the command:

1. Absolute mode

In absolute mode, file permissions are not presented as character but three digit octal number. The table below shows number for all the permission type:

LInux File Permission Bits
File Permission Bits

Now we will change permission on file by using chmod command in absolute mode. To change the permission for file, issue the following command.

#chomd 764 file_name

Here we changed the file permissions for the test file. First bit is for owner which is set to 7 which means owner has all the permission read(2)+write(6)+execute(1). Second bit is set to 6 which is read(2)+write(4) and this is applied to the group and the last bit is set to 4 which means only read and it is applied to every other user.

2. Symbolic mode

In absolute mode, we used the permission bits to change the permission for all the three type of users. in symbolic mode we can also change permission for specific user. It makes use of mathematically symbols to modify the file permissions.

Linux File Permissions Symbolic Mode
Symbolic Mode

Below is an example how you can change the permissions on file using symbolic mode.

#chmod o=rw file_name

By using above command we have changed the permission for other users and allowed them read and write access.

Now to add the execute permissions to group we will use the following command:

#chmod g+x file_name

To remove theĀ  read permission from owner will use the following command:

#chmod u-r file_name

That’s how we change Linux file permission.

Change Ownership of Linux File and Directory

To change the owner of the file you can use “chown” command in the following manner:

#chown user file_name

For Example:

#chown ajay file_name

Additionally, you can also use this command to change the group as well.

#chown user:group file_name

For example:

#chown ajay:root file_name

In case you just want to change the group owner of the file you can use the “chgrp” command.

#chgrp root file_name

About the author

Ajay Verma

A Computer Science Graduate, who works extensively on open source projects. His Areas Of interest are: Network Security, Linux Administration, FOSS, Python, and C programming.

Add Comment

Click here to post a comment