List of content you will read in this article:
Linux is typically a multi-user OS/platform that allows multiple users to interact and use the same Linux system simultaneously. In an organization with a network of Linux servers, there might be several important files and directories, and allowing permissions such as read and write to all the users might be a huge security risk. Hence, it’s very important that the root user or the admin user has the power to change the file permissions and allow only those users or groups of users that have the authority can make changes in the files.
In Linux, we can manipulate and set permissions and take security measures related to the accessibility of files and directories in two ways - By changing the permissions and by changing the ownership.
We will discuss both these measures in this article in greater detail. In order to move ahead, please make sure that you have access to a Linux machine(CentOS 6, CentOS 7, CentOS 8, All Debian Versions, All Ubuntu Versions), sudo privileges, and a Command-Line.
File and Directory Permissions in Linux, CentOS, Debian, Ubuntu
Before we try to set or manipulate the file ownership in Linux, it’s very important to understand the basic concept. Predominantly, there are 3 categories of users in Linux that can access a directory or a file - user who created the file, members of the group to which the file belongs, and others. When a user creates a file in Linux, he becomes the owner of that file and by default, a group with the same name as the owner is assigned to the file. The owner or the root user can change the default owner or group of the file using the chown command in Linux. We will walk you through it at the end of this article. But let’s first understand the file permissions in Linux.
Let’s use the ls -l command to list the information related to a file.
$ ls -l ~/sample/file1.txt
Here, you can see that we have some parameters for each file being displayed using the ls command. The first one is the file type. In our example, it’s a dash (-) which means that it’s just a regular file. A character d means that it’s a directory. Next, there are 9 characters that can take the following values - r (read), w (write), x (execute), - (no permission). These nine characters can be split into 3 sets of 3 characters each.
The first set of 3 characters define the file permissions for the owner of the file, the next 3 are for the group member, and the last 3 are for other members. The next two parameters define the owner name and the group name to which the file belongs to. The next parameter is the timestamp for the last modification and the last one is the file path.
We can use the chmod command in two different ways to change the permissions for the owners, group members, and other members.
1. Symbolic Method
To understand the syntax for the symbolic method of defining the chmod command, we need to understand the who, what, and which. This means that the command must specify to whom we are giving the permissions, are we adding, deleting, or setting permissions, and what are those permissions.
The character u means user, g means group, o means others, and a means all. This answers the who. If we want to remove the permissions, we use the minus sign, if we want to add permissions, we use the plus sign and if we want to set permissions, we use the equal sign.
Consider this command.
$ sudo chmod u=rwx,og=x ~/sample/file1.txt
Here, we are trying to set the permissions using the equal symbol. Please note that this will first remove all the existing permissions and then assign new permissions freshly. Here, we are also assigning all three permissions to the owner, and only the execute permission to the group members and others.
We can notice that the permissions are assigned accordingly.
We can also use another method to assign permissions symbolically. Consider this command.
$ chmod a-x ~/sample/file1.txt
Here, we are removing the read permissions from all the users.
You can see that the command has successfully revoked the execute permissions from all the users.
2. Numeric Method
The next method is the numeric method. Here, we define the permissions as a 3-digit decimal number. The conversion rules are symbols and you need to have a basic understanding of binary numbers and how to convert them into decimal values.
The rules are -
- 0: (000) - There is no permission.
- 1: (001) - It has only the execute permission.
- 2: (010) - It has only the write permission.
- 3: (011) - It has both execute and write permissions.
- 4: (100) - It has only read permission.
- 5: (101) - Assigned only execute and read permissions.
- 6: (110) - Only the write and read permissions have been assigned.
- 7: (111) - All permissions.
Here, the first character denotes read permission, the second one denotes write, and the last one denotes execute.
For example, if you want to give all the permissions to the user of the file and only the write permission to group members, and only execute permission to others, the code becomes 721. Thus, the command becomes -
$ chmod 721 ~/sample/file1.txt
You can see that the permissions have now been changed.
File and Directory Ownership
We can also change the ownership of the files and directories using the chmod command. Let’s see the syntax to set both the group and the owner for the directory or file.
$ sudo chown user:group <file>
You can see that both the owner and the group have been changed.
To sum up, in this comprehensive guide, we discussed how Linux assigns permissions to its files to build up a secure file sharing system in the network. We discussed how to list the file permissions and understood the format in which they are assigned. We discussed two different ways through which we can change the permissions for any file or directory using the chown command - symbolic and numerical methods. Finally, we also discussed how we can change the ownership of files in Linux systems using the chmod command.
We hope that this guide gives you all the knowledge and understanding that you will require to work with the chown and chmod commands in order to manipulate file and directory permissions and ownerships in Linux.