The Linux permissions are composed of 9 bits, which are assigned to files and folders and it appears as -rwxrwxrwx.
Note: For a regular file a dash appears right in front of the 9-bits, however if it is a directory then you will see a d right in front of it instead of a dash, this is to indicate that it is a directory.
E.g.
l for (symbolic link)
b for (block device)
c for (character device)
s for (socket)
p for (named pipe)
The -rwxrwxrwx simply means what type of permissions are assigned to the particular file or directory, and the order of permissions are divided into three groups of 3 bits each. First three bits is for the file owner, the next three for the group assigned to the file and the last three for others, which means everyone else. Take a look at the table below to understand better.
| Owner | Group | Others |
|---|---|---|
| rwx | rwx | rwx |
Note: Whenever you see a dash - instead of a letter in the permissions e.g. -rw-r--r-- it simply means that permissions are turned off.
Binary representation of numeric permissions:
| Binary | 16 | 8 | 4 | 2 | 1 |
|---|---|---|---|---|---|
| Permission | r | w | x |
Permissions Table:
| Permissions | Binary Value | File (permissions) | Directory (permissions) |
|---|---|---|---|
| r = read | 4 | View what’s in the file. | View list of files and sub-directories it contains |
| w = write | 2 | Change the file’s content, rename or delete. | Add files or sub-directories, remove files or directories |
| x = execute | 1 | Run the file as a program. | Search through dir, execute program within, access meta data (file size, time stamps so on) |
There are 2 ways to change file permissions in Linux, by (numbers) and (letters), let’s cover them both.
Changing Permissions with chmod (numbers)
If you currently own a file or directory then you can change it’s permission and because we are using numbers to change permissions, the binary table above will help you understand how we came to this values.
As you can see above on the table, we have r = 4, w = 2 and x = 1 and to stablish what permissions you want to give for a particular owner, group or others, all you have to do is sum them up.
E.g.
Let’s give full permission to everyone owner, group and others which represents rwxrwxrwx as you’ve seen above.
chmod 777 file
As you can see we have given 7 to each one owner, group and others, which is r + w + x = 4 + 2 + 1 and all we did was sum the values.
Now let’s give rwx for the owner and r-x for group and others
chmod 755 file
The above will result in rwxr-xr-x
You can also set no permissions at all, which will result in ---------
chmod 000 file
The chmod command can also be used recursively, suppose you want to give the same permissions to an entire directory structure, you can use -R argument as follows:
chmod -R 755 /home/webapp
Changing Permissions with chmod (letters)
This method is slightly different than the above, but it is also simple in fact it might be even easier for some. You can use plus + and minus - signs to change permissions on and off, followed by letters to indicate what changes and for whom.
Same as the above we would change permissions for:
u for (user)
g for (group)
o for (others)
a for (all)
As you can see it is slightly different, but a user can also be considered as the owner and the a is for all user, group and others.
Consider that file will have all permissions given e.g. rwxrwxrwx similarly 777.
Now let’s remove the write permissions from everyone a:
chmod a-w file
The above will result in r-xr-xr-x.
Now let’s remove the execute permission from others:
chmod o-x file
The above will result in rwxrwxrw-.
Now let’s remove rwx from group and others:
chmod go-rwx file
The above will result in rwx------.
Consider that file will have all permissions off e.g. --------- similarly 000.
Now let’s give the user read and write permissions:
chmod u+rw file
The above will result in rw-------.
Now let’s give everyone a execute permissions:
chmod a+x file
The above will result in --x--x--x.
Now let’s give user and group read and execute permissions:
chmod ug+rx file
The above will result in r-xr-x---.
Now to the recusive part, let’s add write permissions for group in the entire directory structure webapp:
chmod -R g+w /home/webapp
Default permissions on creation
Files and directories are created with a set of default permissions.
For non-root user:
- Files - usually 644
- Directory - usually 755
Special File Perms
SUID (4) - Used on executables. Run with the privileges of the file’s owner.
SGID (2) - Used on executables. It is the same idea as the SUID, but with group privileges. For directories it makes all files created in that directory have the directories group ownership.
“Sticky” Bit (1) - When used on directories, only a file’s owner can delete the file and not members of the same group or other users.