| technology | system admin - Erik Mikac
Deciphering Linux File Directories and Permissions: A Guide
One of the most important aspects of Linux system administration is File Permissions. Linux File Permissions determine who has access to a particular file or directory. Often these permissions will be created incorrectly, and it is only a matter of time before some malefactor exploits the mistake. If you are going to be taking the Linux+ exam, you can bet Linux Permissions will be thoroughly discussed.
In this article we will decipher Linux File Permissions. We'll talk about how to create them, how to revoke them, and how to read them. Not only will this information be invaluable for exam takers, but it is good ground-level knowledge for anyone involved in IT. So let's start at the beginning. What you can actually do to a file? You can read them, write to them, and execute them. Let's delve a bit more into what that means.
What are Read, Write, Execute?
Read, write, and execute are the three permissions granted on any *nix compliant system. Here is a quick rundown of what each mean:
- Read. The ability to access a file or directory and read its contents.
- Write. The ability to edit a file or directory. Any modification to its data at all will need Write.
- Execute. The ability to run a script contained within a file.
Now that we have an understanding of what each permission does, let's take a look at a concrete example of permissions on a *nix system.
erikmikac@Eriks-Mac-mini CoreDataProject % ls -1
drwxr-xr-x@ 5 erikmikac staff 160 April 30 07:28 Core Data Project.xcodeproj
drwxr-xr-x@ 6 erikmikac staff 192 April 30 07:28 Shared
drwxr-xr-x@ 3 erikmikac staff 96 April 25 22:44 iOS
drwxr-xr-x@ 3 erikmikac staff 128 April 25 22:44 macOS
This is a list of four directories. These are displayed by executing the ls command with the -l (the letter "l") option. The -l option displays the permission modes, which are the strings of letters on the left. Each one starts with a d because each "file" is actually a directory. If these were files, there would be no d. The r stands for read, the w for write and the x for execute.
In the example above, the owner of these directories has read, write, and execute permissions to these directories. That means this individual can do anything to these directories. The owner can read the directories, write to them, and execute them. However, because it is a directory, there is nothing to execute. Instead, the execute command allows the user to make that file their working directory. In other words, Unix reuses that bit for other purposes when it is referring to a directory instead of a file.
Read, write, and execute doesn't necessarily cover everything you can do to a file. After all, what if you want to delete one? To grant delete permission, all you need is grant write permission to the directory the file actually resides in.
However, you may be wondering why the letters repeat themselves several times. And what's with the hyphens in-between some of them? This has to do with classes, as in who actually has the permission to perform the actions. Let's jump into that next.
Three Classes of Linux Mode Permissions
In Unix there are three different classes of user permissions. There is the owner, group, and other (everyone else) group. Here is a quick and dirty definition of each.
- Owner. The owner of the file is the individual who created the file.
- Group. A Linux administrator can create different Groups. Then he or she can assign access to files and directories by the group.
- Other. The permissions for everyone who is neither the owner of the file or part of an associated group.
How to Read Linux Permission Modes
Each group is represented in the ls view we displayed previously. Here is a closeup of the access permission portion of directory information:
drwxr-xr-x@ 6 erikmikac staff 192 Mar 15 18:44 Shared
In this instance we know it is a directory because of the d in front. The next three bits refer to the Read, Write, and Execute access of the Owner. The next three are the read, write, and execute of the group assigned to the file or directory. The last three bits are the "Other" category. I.E, everyone else. Lastly, "erikmikac" (yours truly) is the owner of the file, and staff is the group associated with the file. (FYI, staff is the default group Mac uses for all files and directories.)
What are the Hyphens in Linux Permissions?
Notice that there are two instances where there is only a "—". This means that particular class does not have the right to perform the action. In the example above, members of the staff group have read and execute permission but they cannot write to the file, nor can they delete it.
The next triplet of permissions refers to other, and they have the same deal. They can read and execute, but cannot write to the file. Think of it this way: let's say you are the owner of a video game. People have the right to play it (Execute), they have the right to read the source code (Read), but they do not have the right to edit (Write) the source code. They could easily break something!
Commands for Navigating Permissions
The last thing we ought to cover are commands that will assist you with setting permissions. The first one we'll discuss is sudo, which is short for Superuser Do.
Oftentimes in your IT career there will be times when you need access to a file you otherwise do not have the permission to access. Sudo allows a user to log onto a terminal as the "super user". From there, they can use a command called chmod to alter the permission modes. Chmod is what we ultimately need, but you generally need to use sudo to change permissions, so let's quickly look at sudo first.
Sudo allows a user to execute commands as the super user. This is usually referred to as root, admin, or supervisor. But they are all the same thing: an account that has access to all directories on the Linux subsystem. Naturally, this is quite dangerous and should be used with caution. Any typo to a command could cause irreparable damage to the Linux system. However if you need execute access to the directory, it is the way to go.
The catch is that you are prompted for an admin password every time you attempt to execute the command.
Next let's talk about chmod.
What is Chmod?
Chmod stands for Change Mode, as in permissions mode. Let's say you need to read a file but don't have the permission to do so. Running the following command will give you the permission needed.
Chmod u+r your-file.txt
The u stands for user and the + means add the proceeding mode. The r is read, and lastly the name of the file.
That is the command, and here is a real life example:
—xrwxrwx 1 erikmikac staff 856 Mar 14 19:35 Info.plist
-rw-r–r–@ 1 erikmikac staff 322 Mar 14 19:35 macOS.entitlements erikmikac@Eriks-Mac-mini macOS %
Here is an example of two fairly restricted files. Let's say I am the Owner, and I need to read this file. How would I do that? By using the command above! Let's see it in action.
erikmikac@Eriks-Mac-mini macOS % cat Info.plist
cat:Info.plist: Permission denied
erikmikac@Eriks-Mac-mini macOS %
Cat is a command that would allow me to read the file, however I cannot as specified by the mode. Here is how we fix that. And there we go! After running chmod u+rw Info.plist, we are able to read the file.
erikmikac@Eriks-Mac-mini macOS % chmod u+rw Info.plist
erikmikac@Eriks-Mac-mini macOS % cat Info.plist
We have barely scratched the surface of everything chmod can do. For more information, write man chmod into your Linux Shell.
We covered a lot of ground today on Linux permissions. We discussed permission modes, Read, Write, Execute, classes, and how to change permissions. Linux permissions are the bedrock of all Linux knowledge, so hopefully this article can serve as a launch point for deeper and more powerful learning.