Linux file permission

In Linux the file permissions are divided to 3, read permission, write permission and execute permission, it is also divided to this 3 entity, the user that is owner of the file, the group owner of the file and other.
The permissions have:
1 is the execute permission – in binary 001
2 is the write permission  –  in binary 010
4 is the read permission  – in binary 100

We can added the number to have more than one permission, for example if we want read and write permission, then we add 4 (read permission) and 2 (write permission) 4+2=6, and 6 is read and write permission together.
we can also combine the binary bit, so:

010
100
---
110

And 110 is 4 in binary.

Read and execute will be 1 (execute permission) and 4 (read permission), 1+4 =5 and so on.
If the number is zero then it mean that we have no permission.

The first number is the user permission, the second is the group permission, and the third is the other permission (every one who is not the user, or belong to the group of the file).

We can use ls -l to see full permission of file.
For example:


[root@server06017 bin]# ls -l
total 290168
-rwxrwxr-x 1 root root        86 Jan 31  2016 add-host-to-etc-hosts.sh
-rw-r--r-- 1 root root 296904406 Aug 29 12:40 autopassSuperHub-0.0.1.war
-rwxrwxr-x 1 root root       420 Jan 31  2016 check-port-up.sh
-rwxrwxr-x 1 root root     28319 Aug 29 12:40 cookbook.xml
-rwxrwxr-x 1 root root        70 Jan 31  2016 create-install-dir-location-file.sh
-rwxrwxr-x 1 root root       794 Mar 17 16:01 hp_usagehub
-rwxrwxr-x 1 root root       288 Jun 27 13:39 launch-debug.sh
-rwxrwxr-x 1 root root       173 Aug 29 12:04 launch.sh
-rwxr-xr-x 1 root root       218 Aug 29 12:04 launch.sh.orig
drwxrwxrwx 2 root root      4096 Jun 27 10:13 logs
-rwxrwxr-x 1 root root       132 May  2 12:13 postgres-install.sh
-rw-rw-r-- 1 root root         0 May  2 12:13 postgres-remove-password.sh
-rwxrwxr-x 1 root root       133 Mar 10 14:37 postgres-uninstall.sh
-rwxrwxr-x 1 root root      1349 Apr 11 16:10 read-postgres-server-properties.sh
-rwxrwxr-x 1 root root       126 Jan 31  2016 relaunch.sh
-rwxrwxr-x 1 root root      9156 Aug 29 12:40 remote-cookbook.xml
-rwxrwxr-x 1 root root        65 Jan 31  2016 remove-install-dir-location-file.sh
-rw-r--r-- 1 root root      4507 Aug 29 12:40 stderr.log
-rw-r--r-- 1 root root    117288 Aug 29 12:40 stdout.log
-rwxrwxr-x 1 root root       502 Jan 31  2016 usagehub-postgres-config-1.sh

Let take a look in the first file’s line

-rwxrwxr-x 1 root root        86 Jan 31  2016 add-host-to-etc-hosts.sh

The first ‘- ‘ is for the file type, if it is ‘-‘ then it mean that it is a regular file.
‘d’ – mean directory.
‘l’ – mean soft link.

After the file type we have the permission, in the following order:
user [read, write, execute] group[read, write, execute] other[read, write, execute]
So the first triple is for the user permission, and we ‘rwx’. That mean that the user who own the file has all 3 permission. The same go for the group. The last is for other, and that is everyone that is not included who is the user or belong to the group. In the  other triple we have ‘r-x’, so instead of the ‘w’, we have ‘-‘, and that mean that other has NO write permission. so when we have – in the triple of the permission, then that mean, that we don’t have that permission (the ‘we’ depend in the triple, first – user, second – group, third – other). If the permission exist then we have the letter that represent the permission:
r – for reading.
w – for writing.
x – for executing.

In order to change permission, we can use the chmod command.
The structure is the following:
chmod <to-who u(user)|g(group)|o(other)> <action = + -> <permission wrx> <file name>
For example, say we have the following:


[bob@localhost ~]$ ls -l
total 4
-rwxrwxr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh

And we want to remove the read and execute permission for other (the last triple).
The we run:

[bob@localhost ~]$ chmod o-rx showusername.sh
[bob@localhost ~]$ ls -l
total 4
-rwxrwx---. 1 bob bob 111 Aug 19 14:53 showusername.sh

So the ‘o’ mean other, this is because we want to change permission for other.
The ‘-‘ mean to remove permission. The ‘rx’ mean read (r) and execute (x). and last the file name.
So it mean that we want to remove the r and execute permission from other.
And indeed, in the ls -l after the command, we see only ‘—‘ for the last triple, meaning other has no permission at all. Before they had read and execute permission.

If we want to add permission, then we need to use the ‘+’, which mean add permission.
For example, say we would like to give other all the permission, on the file from the last example:


[bob@localhost ~]$ chmod o+rwx showusername.sh 
[bob@localhost ~]$ ls -l 
total 4
-rwxrwxrwx. 1 bob bob 111 Aug 19 14:53 showusername.sh

So when we look on the last triple, we see that other have all the 3 permission (read, write and execute).

If we would like to change the permission to exact value, then we can use ‘=’or number (that represent permission).

For example say we want to change the permission of other of the file from previous example, to only read and execute:


[bob@localhost ~]$ chmod o=rx showusername.sh 
[bob@localhost ~]$ ls -l 
total 4
-rwxrwxr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh

And as we can see now the permission of other is only read and execute.

We can get the same effect with number.
The number for read is 4 and for execute is 1, together they are 5. So the number for read and execute is 5.
If we want to change the permission for all (user, group and other), to be only read and execute:


[bob@localhost ~]$ chmod 555 showusername.sh 
[bob@localhost ~]$ ls -l 
total 4
-r-xr-xr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh

And now we can see that in all three triples, we have only read and execute permission.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s