Linux: File Permissions

From Define Wiki
Jump to navigation Jump to search

Checking File Permissions

The 'ls -l' command can be used to check the current permissions on a file. 

[michael@head ~]$ ls -l boston_ping.sh
-rwxr-xr-x. 1 michael michael 2199 Jul  3 08:59 boston_ping.sh

The permissions are shown in the left hand column.

The first bit shows the type of file: - = Directory, d = directory, b = device, l = linked file

The next nine bits represent the file permissions.

The last bit may be a '.' showing that the file is under the control of SELinux. A '+' would show that it is under the control of SELinux and and Access Control List (ACL).

File Permissions

File permissions in Linux are divided into three groups: Users, Groups and Others. Each Group can have Read Write and Execute Permissions.

The file shown above has execute permissions for all groups, read permissions for the user and group, and write permissions only for the user.

The permissions are also represented as numbers: 4 = read, 2 = write and 1 = execute.

The permissions are represented as a four digit number, with the first digit currently unused. The next three digits represent the sum of the permissions for each group.

Special Permissions

There are three special permissions: SUID, SGID and the Sticky Bit.

The SUID and SGID allow the file to be executed by others with the authority of the owner. An example of this is the passwd command. 

ls - l /usr/bin/passwd
-rwsr-xr-x 1 root root 32200 Jan 28  2010 /usr/bin/passwd

The sticky but is shown in the execubte bit of the permissions such as the /tmp folder. The Sticky bit allow file to be copied to the directory while retaining ownership. 

drwxrwxrwt.  31 root root 57344 Aug 15 20:09 tmp

Default Permissions and Umask

Files in linux cannot be given execute permissions by default. This is for security. The umask defines which permissions are given to files by default.

The umask is defined as an environment variable. To find out it value type umask. The UMASK wills set the permissions to 777 - umask, and them remove execute permissions.

A umask of 0022 would give 777 - 022 = 755 permissions. But once the execute permission are removed this gives 644.


The exception to this is default permissions on a directory. This must have execute permissions in order to allow sub files to be accessed.

Changing Permissions

The permissions of a file can be changed using chmod.

The chmod command be be passed the permissions using the digit coding. This would give read write and execute permissions to everyone (not recommended) 

chmod 777 test

The chmod command can also use ugo / rwx encoding 

#Add write permissions for the user
chmod u+w test

#Add read permissions for the group
chmod g+r test

#Add execute permissions for the others
chmod o+e test

#Add read permission for all
chmod a+r test
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Linux:_File_Permissions&oldid=3019"