Get to know Linux: File permissions

Jack Wallen
Jan 21, 2010
Updated • Dec 28, 2012
Linux
|
8

Have you ever attempted to do something with a file on a Linux machine and been given the error "permission denied"? For some people this isn't a problem, either su to the root user or use the sudo command to help you along. For some users, however, this can be very frustrating. Why? When you don't understand file permissions, using and (especially) administering a Linux system can be a real pain. Even though you can read an extended listing of a file and  see drwxr--r--, if you don't know what that means (or how to manipulate it) what good is that extended listing? And what good is that file if you can't access it (when you need to or should be able to)?

In this article I will introduce you to Linux file permissions and how to manipulate them. I will show you how to manipulate permissions from both the command line as well as the GNOME gui Nautilus.

Breaking down the permissions

When you do a long list (ls -l ) in a directory you will see listings like:

drwxr-xr-x  jlwallen  jlwallen  12288  2009-12-22  16:26  Documents

What we want to concentrate on right now is the first bit, drwxr-xr-x. This string of characters lists the full permissions of the file or directory. It is also important to know the next two strings (in this case both are jlwallen) are the user and group associated with the file.

Let's go back to the permissions string. The first character, d, means the listing is a directory. Now, instead of looking at the next portion of the string as a single group, think of it as three groups:

  • rwx
  • r-x
  • r-x

The first set of three characters in a permissions listing always marks the permissions of the owner of the file (in this case, jlwallen). The letter o is associated with owner. The next set of three marks the permissions of all users that belong to the group associated with the file (in this case, again, it's jlwallen). The letter g is associated with group. The final set of three characters marks the permissions of everyone else. The letter u is associated with others.

Now let's break down the components of the permission string:

  • r - read permission
  • w - write permission
  • x - executable permission

Changing permissions

Let's say you have a file, test, that is a script that needs to be executed. The default ownership of this file is:

-rw-rw----

Now let's say you want both the owner (in this case jlwallen) and anyone belonging to the group (in this case jlwallen) to be able to execute this script. Remember, execute is x and you want to give x permission to o and g. To do this you use the chmod command like so:

chmod og+x test

The above command would add executable permission to owner and group. The new listing would look like:

-rwxrwx---

Now both the owner and anyone belonging to the group jlwallen can execute this script.

The GUI way

Figure 1

You can change permissions of a file with the help of the Nautilus file manager. Open up the file manager and navigate to where you have the test file saved. Right click the icon of that file (or listing if you are not in icon view mode) and select Permissions. From within this new window click on the Permissions tab (see Figure 1).

As you can see, changing permissions for this file is just a matter of selecting the necessary entry from the Access drop-down associated with either Owner, Group, or Others. However, you will notice that these drop-downs only have two entries: Read or Read and Write. In the case of our test file we would want to check the "Allow executing file as program" checkbox to make this file executable. The only drawback to this method is you can not specify who has execute permissions. If you mark a file executable it will be so for all.

Figure 2

With the KDE file manager, Dolphin, you can get a bit more fine grain with your permissions. When you right click a file in Dolphin select Properties and then click on the Permissions tab. In this tab is an Advanced Permissions button. Click that and a smaller window will open (see Figure 2) where you can select precisely what each class (owner, group, other) has what permissions. Make your choices and click OK.

Final thoughts

Although the GUI tools are helpful for the new users, having real control over file permissions should be handled through the command line. But for those who absolutely do not want to use the command line, there are options for you. You will certainly want to get familiar with permissions. Knowing how to navigate file permissions will save you a lot of time and hassle when using the Linux operating system.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Gilbird said on February 9, 2010 at 8:12 pm
    Reply

    i want to know the command for RHEL5 how can i get permission for a file(file1). Like i’ve two users(paul & san). paul can read , write execute the file1 but san can only read the file. same as directory. plz send me as early as possible.

    Thanks
    Gilbird

  2. root jerais said on January 22, 2010 at 9:07 pm
    Reply

    @Marc Perkel
    not true, and it’ll be a security breach if so, see:
    ##
    [root@rj-asus test]# ls -lh
    total 0
    -rw——- 1 root root 0 2010-01-22 22:03 del
    [jerais@rj-asus test]$ cd /test/
    [jerais@rj-asus test]$ ls -l
    total 0
    -rw——- 1 root root 0 2010-01-22 22:03 del
    [jerais@rj-asus test]$ id
    uid=500(jerais) gid=500(jerais) groups=500(jerais)
    [jerais@rj-asus test]$ rm -frv del
    rm: cannot remove `del’: Permission denied
    ##
    without any changes in the file attribute by chattr.

  3. Veiko said on January 22, 2010 at 5:21 pm
    Reply

    @Marc Perkel

    What about the following…

    # touch file && chmod a-rw file && ls -l file
    ———- 1 root root 0 Jan 20 22:18 file
    # chattr +i file
    # rm -rf file
    rm: cannot remove “file`: Operation not permitted

    voila :-)

    1. Marc Perkel said on January 22, 2010 at 5:36 pm
      Reply

      I think you’re missing the point. Netware does the automatically. It has far superior abilities. With Netware if a file is read-only then it also can not be deleted. But it can be deleted by those who have write access to the file. Netware also has permission inheritance so just moving directories into other directories changes the directory tree permissions. It also support a management structure allowing people to have root type rights in a limited area.

      Linux has nothing that is even remotely similar. Linux is in a box and sort of stuck there because kernel programmers can’t see the big picture as to what file systems should be able to do. Linux inherits its permission from Unix and the people who wrote it originally hated the idea of permissions in the first place and deliberately created something that sucks. And Linux is still using it.

  4. prupert said on January 22, 2010 at 4:09 pm
    Reply

    Interesting article, and even more interesting reply from Marc Perkel, I know if a file’s owner is root, you can’t delete it, but can you delete files that belong to non-root?

    It’d be cool if Jack next did an article on administering users and groups, and how to get a full listing of groups and users – that is the one that I can’t figure out, since on my webserver, file ownership causes all sorts of problems with apache….

  5. Marc Perkel said on January 22, 2010 at 3:51 pm
    Reply

    Linux permissions are the most primitive of any operating system. Having come from a Novell Netware background Netware had far superior permissions 20 years ago than Linux has today. For example, in Linux you might not have read or write permissions to access a file, but you can still delete it. Under Netware if a file is read only then you can’t delete it either. And if you have no permissions then you won’t see the file listed in the directory.

    Linux added ACLs which help but even ACLs don’t give you the permissions that Windows has. As much as I use Linux for my servers I still think it need an overhaul from the ground up starting with file permissions.

  6. jrdls said on January 22, 2010 at 6:38 am
    Reply

    Actually I’ve tried to change permissions the GUI way but it has never worked, I don’t really know why. I’ve only been able to do it the command line way.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.