Linux Permissions Made Easy

Aren’t Linux permissions weird?  Don’t you miss Windows/OS X where permissions rarely, if ever, matter?

Well, I’ve felt your pain before, and am here to help.  With just a few minutes of reading, I’ll teach you what permissions are, why they are important, how to interpret them, and how to change them.  I promise, the machine shall not win!

 

WTF Are Permissions?

An excellent question!  Permissions decide who can manage a file or directory, and what they can do to it.

Think of a hotel.  When you check-in and get a room, the front desk hands you a keycard.  This keycard allows you access to your room, and in some cases, access to a few hotel amenities (swimming pool here I come).

Well, the maids have keycards too.  Except their’s allow them into everyone’s room, including yours, the amenities areas, and certain staff areas.  And security has keycards that give them other access.

Well, just like the hotel keycards give specific access to certain people, the Linux operating system has a mechanism, called user permissions, that gives users specific access to certain directories and files.

 

Why Bother With User Permissions?

Another excellent question!

Let’s go back to the hotel keycards for a second.  I hope you agree that giving every guest a keycard that accesses every room is unwise and potentially dangerous.

Well, for similar reasons, it is unwise to give every user on a computer access to every file and directory.  At a minimum, it would make decimating another user’s files and settings trivial, and it would open gaping attack vectors (geek-speak for security holes) for anyone trying to compromise your computer.

A basic principle of computer security is to give every user the least amount of access required to do their tasks.  Linux is better suited to do this than any other major operating system.  Linux’s reputation for security and stability is due, in no small part, to its user permissions.

 

How Do They Work?

In Linux, there are three explicit operations you can do to a file or directory.

Read

The first operation is to read it.  This means you can see what it contains.  If it’s a file, you can open it.  If it’s a directory, you can see the files and subdirectories inside it.

Write

The second operation is to write to it.  This means you can modify and delete the file or directory.

Execute

The third operation is to execute it.

In the context of a file, this tells Linux it’s okay to “run” the file.  For documents, execution doesn’t make sense, but some Linux files are programs (called binaries) and scripts that need to “run” to work.

In the context of a directory, this means the ability to enter the directory using a file manager, the cd command in a terminal, or any other equivalent method.

 

User/Group Specific Permissions

Those three operations are okay for specifying what can be done to a file or directory.  But they become truly awesome when you tailor the permissions to specific users.

Where permissions are concerned, there are three entities for which you can specify permissions.  I’m going to call them permission entities because I’m creative that way.

Owner

The first permission entity, the owner, is the person who owns the file.  Upon the creation of a file, the owner is the user who created it, but this is possible to change later on.

 

Group

Groups are collections of users who all share a commonality.  If ten users all need access to something, it is bad form to give those ten users permissions individually.  Instead, you add the users to a group and give the group the permissions.  Grouping doesn’t seem useful when there are only one or two users accessing a machine.  But when you have to manage hundreds, thousands, or even millions of users, the true power of grouping becomes more obvious.

A file or directory can take advantage of this group construct.  You can assign the file or directory to a group, and specify permissions for that group.

 

Everyone Else

And the last entity is simply everyone who isn’t the owner or a member of the assigned group.

 

 

With these three types of permissions applied to the three permission entities, you have extraordinary control over the users on your computer.

 

 

How Do I See Permissions?

If your Linux has a graphical user interface, it most likely has a graphical tool to see and manage permissions.  Usually, this is done by opening the file manager program, browsing to your file or directory, and opening the properties.

GUI permissions management dialog.

But, there’s also a way to do it in the terminal.  If you’ve read our post, The Essential Primer For The Linux Terminal, you should know why the terminal is important, and already be familiar with the command to do it.  Executing the ls -l command in the terminal lists files and directories, and the details about them.

Results of the ls -l command.

As you can see from the not at all disturbing listing of my Documents directory, I have three items.  Let’s take that first entry, and analyze the left part of the line.

Ignore the number in the second column, that isn’t applicable right now.  We want the first, third, and fourth columns.

The very first character, ‘d‘ is indicating that this entry is a directory.  If the entry is a file, the ‘d‘ is replaced with a dash, ‘‘, as you can see with the second entry in the screenshot.  The remaining nine characters tell you which of the three permission types (read, write, execute) are granted to the three distinct permission entities (owner, group, everyone else).

To make it visually clearer, let’s break those nine characters into three groups of three characters.

Each of those groups corresponds to one of the three permission entities.  The first, is the permissions for the owner.  The second, for the group.  And the last, for everyone else.

The letter ‘r‘ stands for read.  ‘w‘ stands for write.  And ‘x‘ stands for execute.  So putting it into English, those nine characters tells us that the owner has read, write, and execute permissions.  The directory’s group has read and execute permissions, but not write permission.  And everyone else also has read and execute, but not write permission.

 

So that information is all excellent, but what if we need to know who the owner is and which group the file or directory has assigned?  Well, that’s what the third and fourth columns are for.  The third column is the user who owns the file, and the fourth column is the name of the group assigned.  In this case, both the user and the group are named john.

 

Let’s move on to the second line from the screenshot for “Solve World Hunger.txt.”

The very first character tells us it’s a file, not a directory.  The next nine characters give us the permissions.  The first group of three is for the owner.  In this case, the owner has read and write permissions.  The second is for the group associated with the file.  The group has no permissions.  And the third is for everyone else.  They too have no permissions.

Going to the third column, we see that the owner is john, and the fourth column tells us that the group associated with it is minions.

So I have a file named “Solve World Hunger.txt”, but no one can see or alter it, not even minions.  That’s not mysterious or disconcerting is it?

 

And now it’s your turn.  Go to the World Domination line, and figure out what the permissions are.

 

Can I Change Permissions?

Absolutely!  You can change permissions using the graphical tool if you have one, or by using the ‘chmod‘ command.  I highly recommend checking out the man page for this command (available here).  I’m only going to give a few very basic examples.  The command can do much more.

First, let me make a quick reference table.  The table will link a special letter code with the permission entities we discussed above.  This will help out in a second.

Permission Entity Letter Code Memory Trick
Owner u Think ‘u’ as in ‘you’.  This file belongs to ‘u’.
Group g Think ‘g’ as in the first letter of ‘group’.
Everyone Else o Instead of ‘everyone else’, think ‘other’. ‘o’ is the first letter.
All Three Entities a ‘a’ is the first letter in all.

Okay, ‘chmod‘ takes two arguments.  The first is an expression explaining the permissions you want.  The second is the file or directory on which to set the permissions.

You create the expression using the letter codes in the table above connected to the rw, or x you want that entity to have with either a plus sign, ‘+’, a minus sign, ‘-‘, or an equal sign, ‘=’.  The plus sign indicates you want to add the specified permission, the minus sign that you want to remove it, and the equal sign that you want the permissions to equal what you specify.

I know, that sounds incredibly confusing, but it will make sense if we look at a few examples.

 

That command adds write permissions for the associated group to the Blackmail directory.

 

This takes away write permission to Blackmail from the owner.

 

And this one sets the permission for everyone who’s not an owner or a group member for the Blackmail directory to read and write only, no execute.

 

And this gives all three entities read permission only for the World Domination directory.

 

As I said, there are other ways to use ‘chmod‘, and you should check out the man page, but this will get you started.

 

 

Conclusions

Permissions frighten many Linux newcomers.  Operating systems like Windows and OS X gloss over the idea of permissions to the point where most people never know they exist.  Linux doesn’t gloss over them.

However, as I hope you learned, permissions aren’t difficult to understand, and with graphical tools, they are easy to manipulate.

Just remember, you apply readwrite, and execute permissions to the owner, the group, and everyone else.  From there, you can figure out the rest with a quick man page peek or a simple Google search.

Let me know if any of this was difficult to understand, or if you have any questions, in the comments below.

 

Written By

John is a sailing instructor and mechanical engineering student who happens to be a computer geek. To find more information about John, visit his website or find him on social media by clicking on the icons below.

Facebook Twitter Google+ Website

Join the Conversation!

2 Responses to “Linux Permissions Made Easy”

  1. Matt

    You can also use chmod with numbers, for instance the permissions for the directory “World Domination” could be set with chmod u=rwx,g=rx,o=rx “World Domination” or with chmod 755 “World Domination”. In most cases using numbers requires less typing, but remembering what they mean is a lot more difficult. Might be an interesting follow up article. I learned that it’s all based on binary numbers.

    Reply
    • John Morris

      You’re absolutely right, and that is a good article idea, one that I have added to my list of potential articles.

      I too learned to use chmod with numbers, but, early on, when I would step away from Linux for a little bit, I would always forget them, and didn’t understand their underlying meaning. I eventually memorized them and learned the underlying meaning (octal representation of binary numbers, as you said), after looking them up repeatedly, but it took quite a while for me to reach that point. When I was learning, I would have vastly preferred starting with the more intuitive and easily remembered letter codes, then learning the number codes, rather than starting with the number codes and never learning about letter codes until I stumbled upon them in the man page one day, years later.

      When I write about Linux, I always try to minimize the amount of memorization and needed knowledge to understand it, and, when more complicated topics are discussed, to have first built a chain of articles slowly building up the concepts to this new, more difficult one. So often with Linux, things are taught by proficient Linux users whose lessons overwhelm newcomers. So now that this article sets the groundwork, an article on chmod with numbers is an excellent idea.

      Reply