Linux is a multi-user operating system, which can be accessed by many users simultaneously. Linux OS is widely using in computers, embedded systems, and also virtually all supercomputers, and has secured a place in server installations such as the popular LAMP (LINUX, APACHE, MySQL, PHP) application stack. This fact can raise security concerns because any malicious user can corrupt, change, or remove data. To keep effective security, Linux divides authorization into two levels:
- Ownership
- Permission
Join me in this blog to learn more about the basics of permission and ownership in Linux OS, before dive in, this blog assumed that you are familiar with the basics of the Linux command line.
Overview
- Basic commands
- chmod
- su
- sudo
- chown
- chrgp
- Ownership
- User
- Group
- Other
- Permission
- Basic Linux file permission
- Chmod with permissions bits and shorthand notations
- Remove permissions
- List file permissions
- Reset all file permission (especially case)
- Change the ownership with chown
- Conclusion
-
Basic commands
One of the most powerful Linux OS characteristics is it can be accessed locally or remotely (this makes Linux a favorite OS to group projects for developers to learn more here). For such reason and more, we must set permissions and ownership for files/directories, to enable specific users to access data, In order to protect delicate information and interdicts unwanted changes to happen. For this purpose, Linux OS has its own command line and tools.
- chmod
This command allows us to change files or directories permissions. To use it, we specify the desired permission settings and the file or files that we wish to modify.
- su
This command enables us to have privileges to perform some number of tasks.
- sudo
This is the main command to execute tasks as the superuser, to use it we precede the desired command with the sudo one. After the command is entered, the user is prompted for the own password rather than the superuser's
- chown
This command allows us to change the owner of a file and directory. Notice that you must have superuser privileges or sudo user privileges.
- chrgp
This command allows us to change the group ownership of a file or directory. Notice we have to be the owner of the file or directory to execute successfully this command. The purpose here is instead of giving each user access permission, we create a group of users and we give them one and only access permission.
- chmod
-
Ownership
In Linux OS, every file and directory is assigned to 3 types of owners: user, group, and other. Let's check these types below.
- User
By default, the person who created a file becomes its owner. Therefore, a user is called sometimes an owner too.
- Group
A group can contain several users, and all these users have access permission to a given file or directory. The purpose here is instead of giving access permission for each user we create a group and give them access permission only once.
- Other
Basically, it means everybody else other than the owner or the group of owners of a file or directory.
To be able to distinguish between these three types of users, Linux OS set in permissions that define user behavior, in order to define what user "X" can do and can not do.
- User
-
Permission
First, let's see in action how we can distinguish and read the user's permissions.
I had present and explain the basic Linux commands line, where "ls" is a command to list the directory's subdirectories and files. Hence, in order to go further and display in details more information, we can use the option called "-l", preceded with the "ls" command, check the output below:
moez@moez:~/Moez$ ls -l total 8 drwxr-xr-x 2 root root 4096 Nov 29 08:00 bar -rw-r--r-- 1 root root 0 Nov 29 08:01 file1.txt -rw-r--r-- 1 root root 0 Nov 29 08:01 file2.txt drwxr-xr-x 2 root root 4096 Nov 29 08:00 foo
Let's break this output:
moez@moez:~/Moez$ ls -l total 8 d (rw-) (r--) (r--) 2 root root 4096 Nov 29 08:00 bar | | | | type owner group other
To understand the output above, let's say that in addition of displaying the filename/directory name with the -l option the "ls" will displays: the file type, access permissions, number of hard links, owner and group name, size in bytes, and timestamp (the timestamp presented is that of the last modification of the file/directory).
- Basic Linux file permission
Every owner has its owner permissions, there are 3 types:
read: read permission gives the authority to open and read files, and list directory's content.
write: write permission gives the authority to modify the contents of a file, and gives the authority to add, remove and rename files stored in the directory.
execute: In Linux OS, execute permission gives the authority to run a program, otherwise you can just read and write.
Notice: in "rw-", the "-" means there is no permission.
- Chmod with permissions bits and shorthand notations
- bits
When we set a “Read” permission, it adds 4-bit to the data, making it “100” (in binary format) and a “4” in the usual decimal format. Setting a “Write” permission will add 2-bit to the data, making it “010” and “2” in decimal form. Lastly, setting an “Execute” permission adds 1-bit to the data, which will result in “001,” and “1” in decimal form.
The command line syntax is like below:
moez@moez:~ chmod permissions filename
The example below show that we set the previleges of readinf=g, writing, and executing permissions to the "owner" and the " group", for "other" we set only the "read" permission of a given file:
moez@moez:~ chmod 774 filename
- shorthand notations
There is another way to set permission for user, group, and other. Below the meaning of each shorthand:
Owner:
shorthand indentity u owner g group o other a everybody (owner + group + other) permission:
shorthand permission r read w write x execute example:
moez@moez:~ chmod u+x file1.txt
Notice: the "+" is meant to add/chnage permissions.
- bits
- Remove permissions
As discussed above we can add or change permissions, also we can remove permissions. The table below represent add, remove, and set the only permission
symbol action + add permission - remove permission = make it the only permission Let's take some examples:
moez@moez:~ chmod g-x filename
The example above shows how removing execute permission from the group.
moez@moez:~ chmod o-rwx filename
The example above shows how removing all permission from the other.
moez@moez:~ chmod g=rx filename
The example above shows how allow only the group to read and execute permissions but not the write one.
- List file permission
moez@moez:~/Moez$ stat -c "%a %n" * 755 bar 644 file1.txt 644 file2.txt 755 foo
Notice: the "*" option is meant to list permissions for all the directory.
We can also specify the path of a given file/directory in order to list its permissions.
- Reset all file permission
To set all permissions to the defaults ones, we can ran the command below:
moez@moez:~/Moez$ rpm -a --setperms
- Change the ownership with chown
The "shown" command allows us to change the owner and/or the group of a file/directory, to execute this command we use the syntax below:
moez@moez:~ chown owner:group file/directory name
In the example above, we changed the owner and the group.
moez@moez:~ chown owner file/directory name
In the example above, we changed only the owner.
moez@moez:~ chown :group file/directory name
In the example above, we changed only the group.
- Basic Linux file permission
-
Conclusion
Files and directories' permissions and ownership are a must known task for every developer, the above article is just a nutshell from the DevOps field, so don't stop here and continue to dive into it.
Finally, I hope that my blog help you to know more about permissions and ownership and Linux OS.