In Linux, each and every file is owned by a single user and a single group, and has its own access permissions.
To list all users on a Linux machine:
cat /etc/passwd
To list all groups on a Linux machine:
cat /etc/group
To check to which groups a user belongs, simply run the command:
groups
To check who owns a file, we can use the list command together with the -l option
ls -l <full file name>
After using the ls -l command, we get a table of files and their owners and permissions. The first column, the "mode" column is made of 10 letters. For example, drw-rw-rw-. These letters mean:
| d | rw- | rw- | rw- |
|---|---|---|---|
| File type | User (owner) Permissions | Group Permissions | Other Permissions |
In Linux, there are two basic types of files: normal and special. Special files can be identified by files that have a non-hyphen character, such as a letter, in their file type fields, and are handled by the OS differently than normal files.
| Character | File Type |
|---|---|
| - | regular file |
| d | directory |
| c | character device |
| b | block device |
| l | symbolic link |
| and others... |
| Character | Meaning |
|---|---|
| r | read |
| w | write |
| e | execute |
| - | permission not available |
| mode | explanation |
|---|---|
| -rw------- | A file that is only accessible by its owner |
| -rwxr-xr-x | A file that is executable by every user on the system. A "world-executable" file |
| -rw-rw-rw- | A file that is open to modification by every user on the system. A "world-writable" file |
| drwxr-xr-x | A directory that every user on the system can read and access |
| drwxrwx--- | A directory that is modifiable (including its contents) by its owner and group |
| drwxr-x--- | A directory that is accessible by its group |
To change a file permission settings, we use the chmod command. This command can be used by using a combination of numbers or letters as parameters.
The chmod command has a few useful options:
- -R: for recursively applying the same permissions to a directory, and all the subdirectories and files in the directory and its different subdirectories
- -c: to report when a change is made
- -f: to suppress error messages
- -v: (verbose) to output diagnostics for every file or directory processed
We use a sum of three different numbers to set a file permission for the three modes (user, group, others). These special numbers are listed below.
| Number | Meaning |
|---|---|
| 4 | read permission |
| 2 | write permission |
| 1 | execute permission |
So, for example, if we want to change a file permission to allow the user to do anything (read + write + execute = 4 + 2 + 1 = 7), the group to read and write (4 + 2 = 6), and the others to only execute (1 = 1), we use the following command:
chmod 761 <my file>
In this way, we need to use the following syntax to change the file permissions: chmod [references][operator][modes] <file>. Where
- [references]
- Can be a combination of the following letters, depeding on which modes we want to modify.
- u: users
- g: groups
- o: other
- a: all
- Can be a combination of the following letters, depeding on which modes we want to modify.
- [operator]
- +: adds
- -: removes
- =: adds the ones specified and removes the ones not specified
- [operator]
- Can be a combination of the following letters, depeding on which permission we want to modify.
- r: read
- w: write
- x: execute
- Can be a combination of the following letters, depeding on which permission we want to modify.
Examples:
- To remove all permissions from others:
chmod o-rwx <file>
- To give read permission to all:
chmod a-r <file>
To change the user owner of a file we can use:
chown <new user owner> <file>
To change the group owner of a file we can use:
chown :<new group owner> <file>
To change both, we can use the syntax:
chown <new user>:<new group> <file>
And to run the change recursively for all folders and files within a folder, we can use the -R option:
chown -R <new user>:<new group> <folder>