Linux Permissions – What they mean and how to change them

Linux permissions are designed to protect the system and the user from other users and rogue software, whether it is malicious, incorrectly configured or broken. Linux has one of the strongest permission systems going and you need to understand even a little bit about it if you want to get along with Linux at all.

Well you can see the permissions of any file in the current directory via:

ls -l

Which outputs something like this:

ls-l

Annotated output of “ls -l”:

ls-l annotated

The permissions string (“drwxrwxr-x”)

The first character of the permissions string tells you what you are looking at.

  • “d” – This means that its a directory
  • “l”  – This means its a system link (a filesystem shortcut)
  • “-” – This means that its a file

The next 9 characters are the permissions on the object and they can be further broken down to 3 blocks of 3. Each block has 3 characters:

  • “r” – This is always the first character of the block. This gives the block read permission
  • “w” – This is always the second character of the block. This gives the block write permission
  • “x” – This is always the third character of the block. This gives the block execute permission

If the block contains a “-” instead of a letter, that means that the permissions hasn’t been granted.

Now onto what blocks affect what.

  1. The first block tells you the permissions that affects the user that owns the object (im going to use the word object to describe the file/directory/system link that is shown)
  2. The second block tells you the permissions that affects the group that owns the object
  3. The third block tells you the permissions that affects all the other users/groups on the system
To break this down…

d | rwx | rwx | r-x
Its a directory. The owner is minecraft and he has read, write and execute permissions on the object. The group is minecraft and any members of minecraft can also read, write and execute the object. All other users can read and execute but cannot write to the object.

For simplicity rwx | rwx | r-x can be written as 7 | 7 | 5

The meaning of the numbers shown above are as follows:

  • 7 = all rights
  • 6 = read and write
  • 5 = read and execute
  • 4 = read only
  • 3 = execute and write
  • 2 = write only
  • 1 = execute only
  • 0 = no rights

Now we have covered that, there are two commands we can use with this knowledge.

Chmod and Chown

Chmod is what you use to change file/directory permissions.

To make /home/minecraft/CoveMigrate.tar.gz have the permissions of 755 you could run:

chmod 755 /home/minecraft/CoveMigrate.tar.gz

If you wanted to make all the files in the current directory 755 you could use:

chmod 755 *

The * in this case means wildcard (used individually will match every file/directory in the current directory).

To make all the folders, sub folders and files in the current directory have 755 permissions you can use:

chmod -R 755 *

Chown is what you would use to change the owner of a file.

To make /home/minecraft/CoveMigrate.tar.gz be owned by the user “user” of the group “group” you can run the following command:

chown user:group /home/minecraft/CoveMigrate.tar.gz

If you wanted to make all the files in the current directory owned by “user” and the group “group” you could use:

chown user:group *

The * in this case means wildcard (used individually will match every file/directory in the current directory).

To make all the folders, sub folders and files in the current directory owned by “user” and the group “group” you can use:

chown -R user:group *

Leave a comment

Leave a Reply

Your e-mail address will not be published. Required fields are marked *