Linux Permissions

Where “shell” we begin ?

Open a terminal window by pressing Ctrl + Alt + T

Typels -l lower case L

You should get something like this:

drwxr-xr-x  2 owner-username group     4096   Dec 25 20:15 Templates
-rwx--x--x  1 owner-username group     36     Jul 28 2016  script.ssh

The letters at the start of each line ( drwxr-xr-x ) tell us whether it’s a file or a folder and what permissions are set for that file or folder.

Each character position is called a permissions bit, with the exception of the first character which simply defines the file type. If the first character (type) is the letter d, then it’s a folder. Otherwise if the first character is a – (dash), then it’s a file.  As a side note, files and folders will most likely be different colours, for example on my system it’s green for executables (scripts), blue for folders and red for all other files. It may vary depending on what version of Linux you’re running.

The owner-username and group show you which user owns that file or folder and which group also has access to it. Although, if you are looking at your home directory you might just see your username as owner and again as group, that’s perfectly normal. Your web servers html folder on the other hand might need the www-data group assigned to it.  Which is why you have separate permission bits, so you can for example give yourself (Owner) full access (rwx), your web server (Group) read-execute (r-x) and everything else (Other) read-only (r–). You can change the Owner and Group using the chown command, which we will cover later.

Permission Bits:

There are 3 parts to the permission bits. They are: Owner, Group and Other (aka World).

Each part has 3 bits, which are (r)Read , (w)Write and (x)eXecute . Always in that order.

For example: -rwxr–r– would give the Owner read, write and execute permissions but read-only for Group and Other.

Another example: dr–r–r– would give Owner, Group and Other read-only access to that folder (remember the d type is folder)

Each permission bit has a value when set: r = 4 , w = 2 , x = 1 (read , write , execute).

If we take the first example and explode it, we get this:   -  rwx  r--  r--  (type, owner, group, other)

So how do we get from -rwxr–r– to 744 .

We simply add up the values for each permission bit respectively for Owner, Group and Other. Like this:

Note: Permission bits will always be Owner, Group and Other, in that order.

Below we have an exploded example with both the letter and numerical values for each permission bit.

Type    Owner        Group       Other
        Permissions  Permissions Permissions
 -      rwx          r--          r--
        7            4            4

Setting Permissions with chown and chmod:

chmod sets the permissions (what the Owner, Group and Other can do with the file or folder).
chown sets the owner of the file(s) or folder(s).

Now let’s say that we wanted to give:
Owner (r)ead, (w)rite and e(x)ecute permissions.
Group (r)ead, (w)rite and e(x)ecute permissions.
Other (r)ead only.

We would do it like this:

chmod 774 /home/hayward/file.txt - Owner (rwx)=4+2+1, Group (rwx)=4+2+1, Other (r--)=4.

If we wanted to set those same permissions on a directory instead, we would do it like this:

chmod 774 /home/hayward/documents - Changes permissions for the /documents folder and the files inside it.

chmod 774 -R /home/hayward/documents - Changes permissions for all folders and files recursively.

Now lets look at chown.

chown user:group -R /home/hayward/documents - Sets the user and group owners for that file or folder, recursively.

chown username file.txt - Sets the owner of file.txt to username.

You may need to use sudo or be root to use chmod and chown on your system.

Also, one last bit of advice.  Never , ever , ever , set file or folder permissions to 777 .
Why ? Have a think about it. Answers on a postcard please :p