Permissions

This guide covers Linux file permissions, ownership, and access control.

πŸ“Š Understanding Permission Structure

Basic Permission Format

-rwxrwxrwx 1 owner group size date filename
β”‚β””β”¬β”˜β””β”¬β”˜β””β”¬β”˜
β”‚ β”‚  β”‚  └─ Other permissions
β”‚ β”‚  └──── Group permissions
β”‚ └─────── Owner permissions
└───────── File type

Permission Types

  • r (4): Read permission

  • w (2): Write permission

  • x (1): Execute permission

  • -: No permission

File Types

  • -: Regular file

  • d: Directory

  • l: Symbolic link

  • b: Block device

  • c: Character device

  • s: Socket

  • p: Named pipe

πŸ”§ Changing Permissions

Using chmod with Symbolic Mode

chmod u+x file         # Add execute permission for user
chmod g-w file         # Remove write permission for group
chmod o=r file         # Set read-only permission for others
chmod a+x file         # Add execute permission for all
chmod u+x,g+w file     # Multiple changes

Using chmod with Octal Mode

chmod 755 file         # rwxr-xr-x
chmod 644 file         # rw-r--r--
chmod 777 file         # rwxrwxrwx (use cautiously!)
chmod 600 file         # rw-------
chmod 700 directory    # rwx------ (common for directories)

πŸ‘₯ Ownership Management

Changing Owner and Group

chown user file                # Change owner
chown user:group file         # Change owner and group
chown :group file             # Change group only
chgrp group file             # Alternative way to change group

Recursive Changes


chmod -R 755 directory       # Recursive permission change
chown -R user:group directory # Recursive ownership change

🎭 Special Permissions

SUID (Set User ID) - 4000

chmod u+s file              # Add SUID
chmod 4755 file            # Add SUID (octal)

  • Executes with owner's permissions

  • Appears as 's' in user execute position

SGID (Set Group ID) - 2000

chmod g+s file              # Add SGID
chmod 2755 file            # Add SGID (octal)

  • Executes with group's permissions

  • Appears as 's' in group execute position

Sticky Bit - 1000

chmod +t directory         # Add sticky bit
chmod 1755 directory      # Add sticky bit (octal)

  • Only owner can delete files

  • Common on /tmp directory

πŸ”’ Access Control Lists (ACL)

Viewing ACLs

getfacl file              # View ACL

Setting ACLs

setfacl -m u:user:rwx file    # Set user ACL
setfacl -m g:group:rx file    # Set group ACL
setfacl -x u:user file        # Remove user ACL
setfacl -b file               # Remove all ACLs

πŸ’‘ Best Practices

  1. Security

    • Use least privilege principle

    • Regularly audit permissions

    • Avoid 777 permissions

    • Be cautious with SUID/SGID

  2. Directory Permissions

    • 755 for public directories

    • 750 for group-shared directories

    • 700 for private directories

  3. File Permissions

    • 644 for regular files

    • 600 for sensitive files

    • 755 for scripts

    • 400 for read-only files

🚨 Common Issues and Solutions

Permission Denied

# Check current permissions
ls -l file

# Check current user/group
id

# Check if user is in required group
groups username

# Add necessary permissions
chmod u+rw file

Inheritance

# Set default permissions for new files
umask 022             # Results in 755/644

# Set default ACLs
setfacl -d -m u::rwx,g::rx,o::rx directory

πŸ” Troubleshooting

  1. Cannot Access File

    • Check file permissions

    • Check directory permissions

    • Verify ownership

    • Check parent directory permissions

  2. Cannot Execute Script

    • Ensure execute permission is set

    • Check shebang line

    • Verify file is on executable path

  3. Group Access Issues

    • Verify group membership

    • Check group permissions

    • Ensure proper group ownership

PreviousPackage ManagersNextProcess Management

Last updated

Was this helpful?