dan forys

blog

Understanding Linux file permissions

Posted on 2008-07-29 - Comments

They’re funny things Linux file permissions – the moment you think you understand them, you discover some subtle piece of functionality that means you were wrong all-along...

In this three-part article, I give a brief introduction to file and directory permissions, as well as some of the common gotchas. This part shows you how to interpret permissions on the command line and explains what they mean.

One of the best ways to get a feel for the permissions, is using the shell. So, if you launch a shell session and type the following: (the “-l” means the long-listing format)

ls -l

You’ll see a listing of all the files in your home folder, something like this:

drwxr-xr-x  2 dan users    4096 2007-12-13 15:34 bin
drwx------  5 dan users    4096 2008-07-25 15:30 Desktop
drwx------ 15 dan users    4096 2008-07-18 10:49 Documents
drwxr-xr-x  2 dan users    4096 2007-12-13 11:08 public_html
-rw-r--r--  1 dan users   12094 2008-03-10 15:22 readme.txt

Of particular interest to us, is the first set of characters which represent the permissions: (numbered below, for reference)

drwxr-xr-x
12345678910

From left to right, the permissions are grouped into four parts:

  • Character 1: Indicates a directory (d), link (l) or normal file (-)
  • Characters 2-4: The read (r), write (w) and execute (x) permissions for the file owner (“dan” in the example above)
  • Characters 5-7: The read (r), write (w) and execute (x) permissions for the file group (“users” in the example above)
  • Characters 8-10: The read (r), write (w) and execute (x) permissions for everyone else aka others

What these permissions mean, depends on what kind of file it is.

For directories:

  • Read (r): Users can view a listing of the directory contents (i.e. read its contents)
  • Write (w): Users can create / delete files in this directory (i.e. write to the directory’s contents).
  • Execute (x): Users can enter this directory using a “cd” command

Note: If users have write access to a directory – they can delete its files even if they are not the owner and/or do not have write permission to the individual file. Watch out for this one, it has caught us out in the past!

For files:

  • Read (r): Users can view the files' contents
  • Write (w): Users can modify the files' contents
  • Execute (x): Allows execution of the file as a program

You should also be aware that Linux only checks the most appropriate permissions when deciding whether to grant access. For example, if you are the file owner, only the owner permission is checked (not the "group", or "other" permissions). This means, if the permissions are "—-r–r–", you won't be able to read the file if you are the owner – whereas members of the file group and "others" will be able to read it.

That’s it for now! In the upcoming part two, I will detail how to set permissions, using the Linux command line. Part three will show you some of the more advanced permissions. Watch this space!