By drupalmaster, 19 May, 2024
Basic File & Folder Permissions in Linux

Linux handles file and folder permissions differently than operating systems like Microsoft Windows. Unlike file and folder permissions in the Windows world, Linux does not have what Microsoft Windows refers to as “effective” permissions on files and folders. True, one can change basic permissions on file objects in Linux using Access Control Lists (ACLs) or more appropriately File Access Control Lists (FACLs), but the point of this article is to introduce the new Linux user to the basic file and folder permissions that Linux uses when these objects are created in the system. Let’s take an example of listing out files in Linux to investigate how we can determine the permissions on files and folders that we see listed in the system. To start, if you want to see these permissions, then you will have to use the ls command with one or more options: 

ls -l 

In the example above, we are using the ls command to list out files and folders, but also using the -l option to tell Linux to produce a long-listing of these objects. Here is an example of such a listing:

long-listing of files/directories

If we use only the ls command alone, the files will be enumerated but their permissions in the system will not be exposed. If we want to see hidden files as well as regular files and folders, then we can add the -a or -A options as well. The first option also lists the (.) and (..) hidden files whereas the latter option excludes those and only lists other files and hidden files in the
stdout to the screen display.


If we look at the example above, we note a couple of things. First, we can differentiate regular files from directories in that regular files are designated as “-” at the beginning of the long listing of the first file that we see whereas directories (as in the case of OMV5) is represented with a “d” in the first position of the long listing. Let’s look first at the file:

-rw-rw-r-- 1 datapioneer datapioneer 22M Aug 10 13:09
mysql-workbench-community_8.0.21-1ubuntu18.04_amd64.deb
 

The mysql-workbench-community... file has the “-” symbol in the first position. This tells us immediately that we are looking at a file rather than a directory or any other designated object. In the second example,

drwxrwxr-x 2 datapioneer datapioneer 4.0K May 20 00:07 OMV5
 

The “d” in the first position tells us that OMV5 is not a regular file, but instead is a directory or what Microsoft Windows calls a folder. There are other object designations in Linux besides regular files and directories. We are only going to look at files and directories in this article, but you should know that there are seven basic file objects in Linux whose designations are:

– : Regular File
d: Directory
c: Character Device File
b: Block Device File
s: Local Socket File
p: Named Pipe
l: Symbolic Link
 

So, now that we know the distinction between a file and a directory in Linux, how can we determine the file permissions and what is the default file and directory permissions in the Linux system? Let’s look again at the directory we listed earlier:

drwxrwxr-x 2 datapioneer datapioneer 4.0K May 20 00:07 OMV5
 

The permissions on an object in Linux when listed using the long listing format command in the Terminal , start with the second position in that listing and consists of three groups of three permission designations. So, for the directory above, if we expand this out, the three groups are:

rwx
rwx
r-x


The first group corresponds to the permissions associated with the user (or owner) of the object (in this case a directory). The second group corresponds to the permissions associated with the group owner of the object, and the final group represents the permissions assigned to the other (or World) for this object. Here, other (or World) means everyone else who isn’t an owner or group owner. Therefore, if we continue across the line past number “2” in the listing we see two sets of names. In the above example, these are datapioneer and datapioneer, respectively. The first reference to datapioneer refers to the user or (owner) of the directory object and the second reference to datapioneer refers to the group owner of the directory. Thus, the user datapioneer is both the user and group owner of this directory. It is important to note here that when a user is created in Linux, that user automatically becomes a member of a group with the same name. So, when datapioneer was created as a user of the Linux system, a group called datapioneer was created with that user and that user was assigned to it. What do the letters denote for permissions assigned to the user, group owner, and other in the example above? The letters refer to the following:

r : designates read permissions
w: designates write permissions
x: designates executable permissions
 

So, for the user (datapioneer) in the above example, this user has read, write, and executable permissions to the directory. The group owner (also datapioneer in this example) also has read, write, and executable permissions on the OMV5 directory. But, everyone else (other) can only read and execute the directory. These permissions mean slightly different things when applied to directories than when applied to files. In the case of directories, the ability to read, write, and execute a directory means the individuals assigned those permissions can look at the directory and its contents; they can create, modify, and delete the directory or its contents; and they can descend or (cd) into that directory. However, for files, to read, write, and execute a file means that the individual assigned those permissions for the file object can read the file, they can modify or delete the file, and they can execute or run the file if it is made executable by turning on the executable bit for the file.
 

Thus, in the example above, datapioneer has read, write, and execute permissions on the OMV5 directory and anyone belonging to the datapioneer group has the same permissions. However, everyone else can only read and execute on the directory.

-rw-rw-r-- 1 datapioneer datapioneer 59K Aug 11 09:31 picture_resized.png

For a typical file, shown above, in the Linux system, here we see that the user datapioneer has read & write permissions on the regular file picture_resized.png, the group owner, datapioneer, has the same read & write permissions, whereas other (or everyone else) can only read the file since the last two positions of the three-position permission for the third position are represented as “-” which indicates no permissions assigned. A chart which shows the default permissions assigned to either a regular file or directory and their significance is shown below:

ObjectUserGroup OwnerOtherDesignation
-rwrwrRegular File
drwxrwxr-xDirectory

 

In addition to this, we can also represent the permissions on a regular file or directory (or any other object, for that matter) in Linux numerically as well as using the letter designations above. This is accomplished in Linux by associating each letter designation with a numerical value as shown below:

Permission Letter DesignationNumerical Equivalent
r4
w2
x1


Thus, in the case of regular files created in Linux, these files are created with default permissions 664 and directories are created with permissions of 775. To demonstrate this, I will create a new directory under my home directory which I will call sandbox using the command:

$ mkdir sandbox


When I list out this directory from my home directory using the ls -lh command for long listing (human readable), I get this stdout to the screen:

drwxrwxr-x 2 datapioneer datapioneer 4.0K Aug 31 10:03 sandbox

which indicates that the default permissions is 775 when I created the directory. If I create a file called testFile1.txt within that directory using the command:

$ touch testFile1.txt

I see that this file’s default permissions are:

-rw-rw-r-- 1 datapioneer datapioneer 0 Aug 31 10:03 testFile1.txt

which indicates these default permissions on the file are indeed 664. This behavior in Linux is controlled by something referred to as the default umask in Linux. We will look at this later on in a future article.

Category

Comments