File Permissions Explained

Through this article I will explain the basics of file permissions and how you can apply them yourself on a Linux platform

 

Why do we have Permissions?

Every file and user on your computer has different kind of roles and permissions.
Lets for an example start by taking a look at a large computer company and their admins and users.
For regular users I will use a Billing department for the purpose of example.

Would we as IT department allow Billing department to be able to install/update software, no we would not.
Usually people are hired based on a set of skills, what if this piece of software included a virus or any other form of nasty piece of code.

Worst case scenario I can think of right now would be if the virus spread to a great part of the company’s IT systems and required a format of those systems.

Back to the admins or lets call them Ninja’s from IT Department, as I wrote earlier, people are hired based on a set of skills, therefor IT admins have the qualification to make sure the required software is from the software providers and possible also including setting up firewalls and many other tasks.
In other words, would we have anyone from IT Department manage the company’s financial statements? NO!

 

Permissions is fine, but why File Permissions?

In short: Kinda the same thing.

Long version:
I will use a normal Linux server as an example.

Lets say you have three different pieces of server software running at the same time.

Software1, Software2 and Software3.

All three are installed under the same account, your account.
What happens if an outside cracker would like to gain access to your servers Software2 which contains a database with important information.

Well if Software2 and Software3 is secure enough that the needed work and time isn’t worth the gain, the cracker might leave, but what if Software1 is a faulty, the cracker would use that to he’s advantage to get into your server and he might now be logged into your server as “you”.

And since all three pieces of Software(1,2,3) is installed under your account he can access any file belonging to Software2 since read/write/execute rules is owned by you.

 

 

Read, Write, Execute?

This is where it gets exciting.

Any file and folder on your system have so called Permission flags which is either read as a symbolic notation or numeric notation.

 

 

Symbolic notation

Symbolic notation is separated into four columns.

If you have access to any Linux system open the terminal and type: ls -l
It will show you some details about each file and folder in your current location, what we need to look at is the first column and the third column.

The first column will be a mix of letters and hyphens, example: -rw-r–r–
The third column will be the name of the owner of the given file or folder.

Let me explain the file permission flags first, -rw-r–r–
First we split it up into four parts.

rw-
r–
r–

I won’t go into the first part which consists of a single character and in this example it consist of a – which is equal to 0 and means nothing, instead we will take a look at the next three parts.

Each of the next three parts is file permission flags for different users on the system.

The second part which in this example consists of rw- is file permission flags for the owner of the file/folder.

The third part is for members in the same group as the owner, and the fourth part is for other users.

To put it in a more readable way.

Flags for owner: rw-
Flags for users in the same group as the owner: r–
Flags for other users: r–

Since we now know whom each part will effect we can take a look at which flags give which permissions.

Since the second, third and fourth part consists of three characters its really easy to alter permissions.

The first character of a given part can be either or r
The second character of a given part can be either or w
The third character of a given part can be either or x

r : Stands for read permission
w : Stands for write permission
x : Stands for execute permission

So if we were to read our permission flags in this example: -rw-r–r–
We would read it as.

The owner of the given file/folder can: Read and Write
The users of the same group as this owner can: Read
Other users on the system can: Read

 

 

Numeric notation

Numeric is made up by numbers instead of characters as we know it from symbolic notation, though since we got our grasp on symbolic notation, numeric should be swiftly to understand, we only have to change a few things.

First let me show you how our example from symbolic notation will look like in numeric notation: 0644

So instead of having four parts where the last three consists of three characters each, we still have four parts but each consist of only one number.

So how does it work, its simple.

is equal to 0
r(read) is equal to 4
w(write) is equal to 2
x(execute) is equal to 1

So if we were to translate our symbolic notation to numeric notation we would do it like this.

    = 0
rw- = 6 because (4+2) equals 6
r– = 4 because r equals 4
r– = 4 because r equals 4

You simply take each part required permissions and plus them into one number, for example a file where everyone have full permissions would look like:

Numeric notation:
0777

Symbolic notation:
-rwxrwxrwx

– = 0
rwx = 4+2+1 = 7
rwx = 4+2+1 = 7
rwx = 4+2+1 = 7

 

Few useful Linux terminal commands

To get a list of files and folders with permission flags and owner, type:
ls -l
If you want to include hidden folders and files, type:
ls -la

If you want to change permission flags for a file/folder with numeric notation, type:
chmod “numbers” “filename”
Example: chmod 0777 test.txt

If you want to change permission flags for a file/folder with symbolic notation, type:
chmod “u=rwx,g=rwx,o=rwx” “filename”
Example: chmod u=rwx,g=rwx,o=rwx test.txt

u for owner
g for group
o for others.

That is it 🙂

There is much more to learn, this is just the tip of the iceberg, like with everything else.

I truly hope this article was informative and useful, if you have any questions, feel free to ask me through my contact form.

2 Comments File Permissions Explained

Comments are closed.