Linux Classes
Linux Training
* Linux Classes *

LINUX CLASSES - FILES

How Do Linux File Permissions Work?

Controlling Access to Your Files with Permissions and Owners

If you share a Linux (or Unix) system, you will undoubtedly have private files that you want to keep private, as well as files that you want to be public. You can control access to your files by setting the permission flags and ownership for your files.


How to Tell What Access Your Files Have

When we discussed using the ls command, you may have been wondering about that gibberish in the first few columns of the ls -l command (stuff like -rw, r--, and so on). Here's an example of output from the ls -l command showing the contents of a directory: 

Permissions     User     Group      Size Date         Name
-rw-r-----   1 hermie   users      64183 Feb 14 22:07 cow_info
-rw-r-----   1 hermie   users     115032 Jan 06 11:14 dog_info
-rw-r--r--   1 hermie   users        248 Jan 16 09:18 pig_info
-rw-r--r--   1 hermie   users      45090 Mar 23 23:17 cat_info
-rwx--x---   1 hermie   users      45198 Jan 23 11:14 zippity
drwxr-x---   1 hermie   friends     1024 Feb 28 06:12 slugs

For each file you see listed a set of permissions; the owning user; a group name; and the size, creation date, and name of the file. We'll focus on the permission first by dissecting the file-access permissions for the cow_info file. Specifically, these permissions are shown in the string of characters preceding the file in the first column: -rw-r-----. Note that the permissions data is made up of ten characters, each of which has meaning.

To understand how to read file permissions, let's start by splitting apart those ten characters for cow_info:

Directory?       User's Access   Group Access    Others' Access
- 	         r w -	         r - -           r - -
                 | | |           | | |
     Readable ---+ | |           | | +--- Not executable
     Writable -----+ |           | +----- Not writable
 Not executable -----+           +------- Readable

The character in the first position, a hyphen (-), indicates that this is a file and not a directory. Directories are marked with a d, as in drwxr-x--- (this precedes the directory slugs).

The next three characters (rw-) tell us whether the file's owner (hermie) can read, write, and execute the file. An r in the first position means that the file can be read; a w in the second position means that the file can be written to (updated); and an x in the third position means that the file can be executed (run). In all three cases, if a hyphen appears in place of an r, w, or x, that specific privilege is removed. For example, rw- means that the file can be read and written to, but not executed.

The next sets of three characters define read, write, and execute access for the users in a particular group (the users group, in this case), along the same lines as above. For example, the characters r-- that appear in these positions for cow_info tell us that the users group can read this file but can't write to or execute it.

The final set of three characters--all hyphens, in this case--defines access for those who are not the owner or in the listed group. This one's easy: No one outside the listed group has any kind of access to this file.

Note: Groups are a convenient way to give a set of users the same access to a bunch of files. Only a superuser can add to or remove users from groups. To find out what groups you belong to, use the groups command.

In sum, access to the cow_info file is controlled like so: The user (hermie) can read and update the file, but cannot execute it. People in the users group can only read the file, and everybody else on the system gets no access at all.

Here's another example:

-rwx--x--- 1 hermie users 45198 Jan 23 11:14 zippity

The characters that precede the file name zippity tell us that this file is readable, writable, and executable by hermie; only members of the users group can execute it; and others outside the users group have no access to it.

Note: You can give execute permission to any file, but it doesn't make sense to do so unless the file is actually a program.

Look at the listing for slugs:

drwxr-x--- 1 hermie friends 1024 Feb 28 06:12 slugs

You can see first that it's a directory (signified by the d in the first position). User hermie has read and write access, which in the case of a directory translates into the ability to list files and to create and delete files. Hermie also has execute access, which in the case of a directory means the ability to use cd to change to it. Those in the friends group can list files in the directory and use cd to make it the current directory, but others have no access whatsoever to the directory.

Note: Unless you are administering a large Unix system with lots of users, groups are not very important. In these examples, users is just the name of a group that all users belong to by default in a Linux system. If your primary group is users, all files you create will show that as the group name, unless you use the chgrp command to change it. If you're curious, use the man chgrp command to find out more.

Previous Lesson: The Nine Deadly Keystrokes
Next Lesson: Changing File Permissions

[ RETURN TO INDEX ]

Comments (most recent first)

Gautam     (05 Jul 2010, 08:19)
@Christian

the permissions you are using are correct. But maybe those permissions are not getting inherited by the files in the directory.

try chmod -R 777 /dirname
(please verify the -R using the man chmod command. I don't have a Linux system here so wont be able to do it for you)
Cristian Kleuser     (20 May 2010, 19:40)
Hi, Im trying to do something like this : I have alot of users accessing the same folder, and I have set the folder with chmod 777 to grand permission to all for read write, etc.... But when I try to edit or delete the files insite of that folder created by other users, I can't do anything, modify or delete ?<?? Why ??? And can I do something to do all new files and sub-folders created by any user to be accessible (modify, delete) by all the other users??? Thanks
Pete     (13 May 2010, 00:25)
Thanks. My mistake - I was looking at the 'Group' column instead of the Name column...
Bob Rankin     (12 May 2010, 05:53)
@Pete - I fixed the HTML garble, thanks. But the "slugs" directory is correct.
Pete     (12 May 2010, 01:53)
I think you have 1 or 2 typo's on this page:

- In 2 or 3 places, you refer to a directory called 'slugs' - I presume that you mean 'friends'?

- Also, in the first diagram, there appears to be some HTML 'garble' mixed into the text e.g. 'Not executable8pt'

Thanks for a really useful, clearly written tutorial!
ada     (10 May 2010, 01:17)
how to change the permission -rwxrw-rw--1 into annotation?
charanjit     (30 Apr 2010, 02:15)
thou i loved linux but due to ease i settled with window server as i did MCSE in 2000 and MCSA in 2003.but feeling never dies i still try to master linux

*Name:
Email:
Notify me about new comments on this page
Hide my email
*Text:
 
Ask Bob Rankin - Free Tech Support
<Send This Link to a Friend>         <Bookmark This Page>

Copyright © by Bob Rankin
All rights reserved - Redistribution is allowed only with permission.

Popular Linux Topics

  Linux Intro
  Linux Files
  Linux Commands
  Change Password
  Copy Files
  Linux Shell Basics

Linux Tutorial

  Who is Doctor Bob?
  What is Linux?
  History of Unix
  Operating Systems
  What's Next?

Linux Basics

  Living in a Shell
  Root and Other Users
  Virtual Consoles
  Logoff and Shutdown
  Choosing a Shell
  The Command Prompt
  Wildcards
  Command History
  Aliases
  Redirection
  Pipelines
  Processes
  Stopping a Program
  Environment Variables
  Help!

Linux Files

  The Linux File System
  Linux File Names
  Linux Directories
  Directory Terminology
  Navigating the File System
  Listing Linux Files
  Displaying Linux Files
  Copying and Renaming Files
  Creating Files and Directories
  Deleting Files and Directories
  Linux Files - Wildcards
  The Nine Deadly Keystrokes
  Linux File Permissions
  Changing File Permissions

Linux Commands

  Important Linux Commands
  Changing Your Password
  Switching Users
  Who is Logged In?
  Date and Time
  The Echo Command
  Spell Checking
  Printing Linux Files
  Joining Files
  Searching for Files
  Comparing Files
  Task Scheduling
  Linking Files

Linux Editors

  The Vi Editor
  The Emacs Editor
  The Pico Editor

Linux Data Manipulation

  Slicing & Dicing
  Heads or Tails?
  Sorting Data
  Eliminating Duplicates
  Selecting Columns
  Selecting Records
  Search & Replace
  Crunching Data
  Finding Files
  Pipe Fitting

Linux Shell Programming

  Linux Shell Scripts
  Executing a Script
  Shell Script Variables
  Shell Script Logic
  Shell Script Looping
  Shell Script Debugging

Perl Programming

  Perl Basics
  Perl Variables
  Perl Arguments
  Perl Logic
  Perl Looping
  Perl and Files
  Perl Pattern Matching

Linux and Email

  Sending Email
  Reading Email
  Other Mail Commands
  Using Pine for Email
  The Pine Inbox
  Pine Email Basics
  Pine Email Folders
  Pine for Power Users

Compression and Encoding

  Linux File Compression
  Archiving With Tar
  Compression With Gzip
  Compress and Zcat
  Zmore and Zless
  Zip and Unzip
  Encoding and Decoding
  Encryption

Linux Does DOS

  Accesing DOS Files
  Accesing DOS Partitions
  Running DOS Programs

Managing Linux

  Updating Your Linux System
  Installing Packages with RPM
  Uninstalling Packages w/ RPM
  Upgrading Packages with RPM
  Querying Packages with RPM