Linux is a multi-user operating system, it includes security to prevent users from viewing each other's private files. File permissions govern which users can do which operations.
Every file can do three actions: read, write, and execute.
Normal users, Groups, and Others are the three broad groups of users. Users in Linux can set permissions at the most granular level.
There are three sorts of permissions established in the Linux system. The three sorts of permissions are represented by nine characters.
Read (r):
The read permission allows you to open a file and read its contents. However, you are unable to edit or modify the file.
Write (w):
This permission allows you to change, delete, or rename a file. For example, if a file exists in a directory and write permission is set on the file but not on the directory, you can update the file's content but not remove or rename it.
Execute (x):
You cannot run or execute a program in a Unix-like system unless the execute permission is set. However, such permission is not available in Windows.
Permissions and their impact on files & directories.
Permission | Impact On File | Commands | Impact on Directory | Commands can run |
Read | Can read a file | cat | Can read the content from the directory | ls |
Write | Can modify the file | vi | Can create/remove/ rename the file | touch, mkdir, rmdir, rm, mv |
Execute | Can execute the command |
| Required to enter into the directory | cd |
Calculate the permission
The permission is calculated on the octal values.
Execute - 2^0 = 1
Write - 2^1 = 2
Read - 2^2 =4
e.g If you want to provide R+E access to others and R+W+E to the group and owner you have to provide [4+2+1] [4+2+1] [4+1] permission to the file i.e 775
Where R = Read E= Execute W= Write
How to change the permission :
For changing the permission of the file/directory we use the "chmod" command which stands for CHange MODe.
Syntax :
chmod <Permission> <nameofile/directory>
Example
[root@ip-172-31-32-5 ec2-user]# chmod 775 testfile
#How to check the permission?
[root@ip-172-31-32-5 ec2-user]# ls -l
total 0
-rwxrwxr-x 1 root root 0 May 18 11:15 testfile
Fields of "ls-l" commands :
[demouser@linux-system q1]$ ls -l
-rwxr-xr-x 1 root testing 1357 May 14 18:48 /etc/passwd
Where,
- --> Type of file
rwx --> Permission for the owner of the file
r-x --> Permission for group owner of the file
r-x --> Permission for other users
1 --> Link Count
root --> Owner of the file
testing --> Group owner of the file
27M --> Size of the file
May 14 18:48 --> Last modification date
/etc/passwd --> File name
How to change the owner and group owner of the file :
Sometimes it is necessary to change the owner and group owner of the file, we use "chown" and "chgrp" commands.
Syntax :
chown <owneroffile>:<groupowneroffile> <nameofile/directory>
Example
#Check the permsission :
[root@ip-172-31-32-5 ec2-user]# ls -l testfile
-rwxrwxr-x 1 root root 0 May 18 11:15 testfile
#Change the owner and group owner
[root@ip-172-31-32-5 ec2-user]# chown Pranav:Developer testfile
#Verify the changes
[root@ip-172-31-32-5 ec2-user]# ls -l testfile
-rwxrwxr-x 1 Pranav Developer 0 May 18 11:15 testfile
Change group using "chgrp" command :
Syntax :
chgrp <groupowneroffile> <nameofile/directory>
Example
#Check the orignal permission
[root@ip-172-31-32-5 ec2-user]# ls -l testfile
-rwxrwxr-x 1 Pranav Developer 0 May 18 11:15 testfile
#Change the group ownership to Tester
[root@ip-172-31-32-5 ec2-user]# chgrp Tester testfile
#Verify the changes
[root@ip-172-31-32-5 ec2-user]# ls -l testfile
-rwxrwxr-x 1 Pranav Tester 0 May 18 11:15 testfile
Bonus Information:
It is not necessary to change "owner" and "group owner" every time while changing it, you can change it individually.
Change Owner and GroupOwner Of File :
Syntax :
chown <owneroffile>: <nameofile/directory>
Example
#Check the original permission
[root@ip-172-31-32-5 ec2-user]# ls -l
total 0
-rwxrwxr-x 1 Pranav Pranav 0 May 18 11:15 testfile
#change the owner and groupowner
[root@ip-172-31-32-5 ec2-user]# chown root: testfile
#verify the changes
[root@ip-172-31-32-5 ec2-user]# ls -l
total 0
-rwxrwxr-x 1 root root 0 May 18 11:15 testfile
Change Only Group OwnerOf File :
Syntax :
chown :<groupowneroffile> <nameofile/directory>
Example
#Check the original permission
[root@ip-172-31-32-5 ec2-user]# ls -l
total 0
-rwxrwxr-x 1 root root 0 May 18 11:15 testfile
#change the groupowner
[root@ip-172-31-32-5 ec2-user]# chown :Developer testfile
#verify the changes
[root@ip-172-31-32-5 ec2-user]# ls -l
total 0
-rwxrwxr-x 1 root Developer 0 May 18 11:15 testfile
Default Permission In Linux: UMASK
We can provide the default permission to the file or directory with "umask" command. The max permission we can provide to the directory is "777" and the file is "666" (B'coz generally we don't provide file execute permission, we only provide it to executable files).
How to check the umask :
[root@ip-172-31-32-5 ec2-user]# umask
0022
How to set the umask :
[root@ip-172-31-32-5 ec2-user]# umask 0033
[root@ip-172-31-32-5 ec2-user]# umask
0033
How to set umask permanently :
1. Open /etc/bashrc
2. search for "umask"
3. Change the umask number in the file
4. Save & Exit from the file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002 --> For Root
else
umask 022 --> For Other Users
fi
How to set umask permanently to a specific user:
1. Provide the below command with the octal value
#To provide the umask value to the user
#echo "umask octalvalue" >> /home/username/.bashrc
[root@ip-172-31-32-5 testuser]# echo "umask 0333" >> /home/testuser/.bashrc
2. Check the changes are reflected in the file
[root@ip-172-31-32-5 testuser]# cat /home/testuser/.bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
# User specific aliases and functions
umask 0333
Switch the user and verify the changes are reflected :
[root@ip-172-31-32-5 testuser]# su - testuser
Last login: Sun May 21 09:02:33 UTC 2023 on pts/0
[testuser@ip-172-31-32-5 ~]$ umask
0333