Fi

lePermi
ssi
onsi
nLi
nux/
Uni
xwi
thExampl
e

LinuxisacloneofUNI X,the multi
-useroperatingsystem 
whichcanbeacces s
ed
bymanyus erssimultaneously.Li
nuxcanal sobeusedi nmainframesandservers
withoutanymodi fications.Butthisraisessecuri
tyconcernsasanuns ol
ici
ted
or mal
ignuser 
can corrupt,changeorremovecruci aldata.Foreffecti
ve
securi
ty,Linuxdividesauthori z
ationinto2l evel
s.

1.Ownership
2.Permis
sion

Ownershi
pofLinuxfiles
Everyfil
eanddirectoryonyourUni
x/Li
nuxs
ystemi
sas
signed3typesofowner,
givenbel
ow.

User
Aus eri
stheownerofthefi le.Bydefaul
t,thepers
onwhocreatedafi
le
becomesitsowner.Hence,auserisal
sosometi
mescall
edanowner.

Group

Aus er-groupcancontai nmultipleusers

.Al lusersbel
ongi
ngtoagroupwi ll
havethes ameaccesspermissi
onstothefi le.Supposeyouhaveaprojectwhere
anumberofpeopl erequireaccesstoafi l
e.I nsteadofmanuall
yas
signing
permissionstoeachus er,youcouldaddallus erstoagroup,andas
signgroup
permissiontofilesuchthatonl ythisgroupmembersandnooneel secanread
ormodi fythefiles.

Other

Anyotheruserwhohasacces stoafi le.Thispersonhasneithercreatedthe

fil
e,norhebelongstoaus ergroupwhocouldownthefi le.Practical
ly,i
tmeans
everybodyel
se.Hence,whenyous etthepermissionforothers,itisalso
referredassetpermiss
ionsfortheworl d.

Now,thebi gquestionariseshowdoes  
Linuxdistingui
sh 
betweenthesethree
usertypessothataus er'A'cannotaffectafi lewhichcontainss
omeother
user'
B's
'vitalinformation/data.Itisli
keyoudonotwantyourcol league,who
worksonyourLi nuxcomputer,tovi ewyouri mages.Thisis
where 
Permissi
ons setin,andtheydefi ne us
erbehavior.

Letusunders
tandthe 
Permi
ssi
ons
ystem 
onLi
nux.

Us
ingchmodwi
thAbs
olutePermi
ssi
ons
Number OctalPermi
ssi
onRepres
entati
on Ref
4 Readpermi
ssi
on r--
5 Readand 
executepermi
ssi
on:4(
read)+1(
execute)=5 r-x
6 Readand 
wri
te 
permi
ssi
on:4(
read)+2(
wri
te)=6 rw-
7 Al
lpermi
ssi
ons
:4(
read)+2(
wri
te)+1(
execute)=7 rwx

Permi
ssi
ons

Everyfil
eanddirectoryi
nyourUNIX/
Linuxs
ystemhasfol
lowi
ng3permi
ssi
ons
definedforal
lthe3ownersdis
cuss
edabove.

 Read:  
Thispermi s
s i
ongi veyoutheauthori tytoopenandreadafi le.
Readpermi ssiononadi rectorygi vesyoutheabi l
itytol i
stsitscontent.
 Wr ite: 
Thewri tepermi ss
iongi vesyoutheauthori tytomodi fythe
contentsofafi l
e.Thewri tepermi s
siononadi rectorygivesyouthe
authori tytoadd,removeandrenamefi lesstoredi nthedi rectory.
Cons ideras cenari owhereyouhavetowri tepermi ssi
ononfi l
ebutdo
nothavewri tepermi s
siononthedi rectorywherethefi l
ei sstored.You
willbeabl etomodi fythefi l
econtents .Butyouwi llnotbeabl eto
rename,moveorremovethefi lefromthedi rectory.
 Execute:  I
nWi ndows ,anexecutabl eprogramus uallyhasanextens ion
".
exe"andwhi chyoucaneas i
lyrun.I nUni x/Linux,youcannotruna
programunl esstheexecutepermi ssi
oni ss et.Iftheexecutepermi ssion
isnots et,youmi ghts tillbeabl etos ee/modi fytheprogram
code(provi dedread&wri tepermi s
sionsares et),butnotruni t.

 
l
s-l
 ontermi
nalgi
ves

l
s-l

Here,wehavehighl
ighted 
'
-rw-rw-r--'
andthi
sweirdlooki
ngcodei stheone
thattell
susaboutthepermi s
sionsgiventotheowner,usergroupandthe
world.

Here,thefi
rst'
-'i
mpl
iesthatwehaves
electedafi
le.
p>

El
se,i
fitwereadi
rectory,
 d 
woul
dhavebeens
hown.

Thecharactersareprettyeas
ytoremember.

r 
=readpermissi
on
w 
=writepermission
x 
=executepermission
- 
=nopermissi
on

Letusl
ookati
tthi
sway.

Thefi
rstpartofthecodei
s '
rw-'
.Thi
ssugges
tsthattheowner'
Home'
can:
  Readthefil
e
 Writeoreditthefil
e
 Hecannotexecutethefi
les
incetheexecutebi
tiss
etto'
-'
.

Bydesign,manyLi
nuxdi
stributi
onsl
ikeFedora,CentOS,Ubuntu,etc.wi
lladd
userstoagroupofthesamegroupnameastheus ername.Thus ,auser'
tom'i
s
addedtoagroupnamed'tom'.

Thes
econdparti
s '
rw-'
.
 Itfortheus
ergroup'
Home'
andgroup-memberscan:

 Readthefil
e
 Writeoreditthefi
le

Thethirdparti
sfortheworl
dwhi
chmeansanyus
er.I
tsays
 '
r--'
.
 Thi
smeans
theusercanonl
y:

 Readthefi
le

Changi
ngfi
le/
directorypermi
ssi
onswi
th'
chmod'
command

Sayyoudonotwantyourcol
leaguetoseeyourpers
onali
mages
.Thi
scanbe
achi
evedbychangi
ngfil
epermissi
ons
.

Wecanus ethe'chmod'
 
commandwhi chstandsfor'changemode'
.Usingthe
command,wecans etpermi
ssi
ons( read,write,execute)onafil
e/di
rectoryfor
theowner,groupandtheworld.
 Syntax:

chmodpermi
ssi
onsfi
lename

Thereare2waystous
ethecommand-
 1.Absol
utemode
2.Symbol
icmode

Abs
olute(
Numeri
c)Mode

Inthismode,fi
le 
permi
ssi
onsarenotrepres
entedascharactersbutathree-
digi
toctalnumber.

Thetabl
ebel
owgi
vesnumbersforal
lforpermi
ssi
onstypes
.

Number Permis
sion Symbol
Type

0 NoPermi
ssi
on ---

1 Execute --x

2 Wri
te -w-

3 Execute+ -wx
Write

4 Read r--

5 Read+ r-x
Execute

6 Read+Wri
te rw-

7 Read+Wri te rwx
+Execute

Let'
sseethechmodcommandi
nacti
on.
Intheabove-gi
venter
minalwi
ndow,wehavechangedthepermi
ssi
onsofthe
fil
e's
ampleto'764'
.

'
764'
abs
olutecodes
aysthefol
lowi
ng:

 Ownercanread,writeandexecute
 Usergroupcanreadandwri
te
 Worldcanonlyread


Thisisshownas'
-rwxrw-r-
Thisishowyoucanchangethepermi
ssi
onsonfi
lebyas
signi
nganabs
olute
number.

Symbol
icMode

IntheAbsolutemode,youchangepermi
ssi
onsforal l3owners.I
nthes ymbol
ic
mode,youcanmodifypermiss
ionsofaspecificowner.Itmakesuseof
mathematicals
ymbolstomodifythefil
eper mis
sions.

Operator Des
cri
pti
on
 + Addsapermissiontoa
fi
leordirectory

- Removesthepermi
ssi
on

= Setsthepermis
sionand
overri
desthe
permiss
ionss
etearli
er.

Thevari
ousownersarerepres
entedas–

Us
erDenotati
ons

u us
er/
owner

g group

o other

a al
l

Wewi l
lnotbeus
ingpermis
sionsi
nnumbersl
ike755butcharactersl
ikerwx.
Let'
slooki
ntoanexampl
e
Changi
ngOwners
hipandGroup

Forchangi
ngtheowners
hipofafi
le/
directory,youcanus
ethefol
lowi
ng
command:

chownus
er

Incaseyouwanttochangetheus
eraswel
lasgroupforafi
leordi
rectoryus
e
thecommand

chownus
er:
groupfi
lename

Let'
sseethi
sinacti
on
I
ncas
eyouwanttochangegroup-owneronl
y,us
ethecommand

chgrpgroup_namefi
lename

'
chgrp'
 
standsforchangegroup.