contador web Saltar al contenido

Understanding File Permissions – Advanced Linux!

Hi guys, today's article will be one of those dense, let's touch on a subject that even some system administrators with several years of experience still have difficulties eventually, the Linux permissions system.

Linux file permission system

Much of the point is that you can have absolute control over what, how, and in what circumstances a file or directory on Linux can be accessed, written, modified, or executed.

You probably know the "easy version" of adjusting these settings by looking at the properties of any file through the interface:

Linux permissions

But of course, if you are on a server, with no graphical interface, working only via the command line, then the picture changes. Not only does it get a little more complex, because after all, like everything done on the terminal, you need to know what to write, as it gets more powerful too, because you can specify in detail what you want.

Contextualizing Permissions

Something important for us to "play" together (it will be fun, you will see!) You will not be afraid and try things together with me, this will facilitate your learning. For that, we will create a folder for you to understand the permissions, but we will do everything through the terminal, so you will become familiar with the daily life of a sysAdmin.

Create a folder on the terminal named 'studies':

mkdir studies

Change into folder:

cd studies

Let's create some other files and folders, for example:

touch diolinux

touch "i use linux"

mkdir "secret folder"

mkdir common folder

Permission exercises

Now that we have some files in our folder, let's run the command:

ls -l

It will show us various information about the files within this directory, including the permissions of each of them: Linux Permissions - Understanding How It Works

Note that there is a lot of information on each line, but let's focus on the first and first characters. Note that in the image above I added some red "scratches", counting from 3 to 3 characters, except the first one, this has a reason.

Let's transpose the information to c, for comparison, between the first common file "diolinux" and the last file, which is actually a directory, called "secret folder":

-rw-r – r– 1 dio dio 0 Jul 26 14:23 diolinux

drwxr-xr-x 2 dio dio 4096 Jul 26 14:23 'secret folder'

Notice and compare the difference between the two lines, surely you will find many similarities and also differences, let's analyze in colored blocks:

rw-r – r– 1 hate hate 0 Jul 26 14:23 diolinux

The first caractr in black indicates the file type by following this table:

d = directoryb = blococ file = special character fileep = canall = symbolic link s = socket- = "normal" file or a blank file (this is the case in the example)

The part in red tells us the file permissions for "owner, group, and others," but we'll come back to it later.

The number in orange tells us how many inode links exist in this file or directory. A Linux system identifies files by their file numbers. inode, It is a unique way for the file system to identify each file. A directory is actually a list of inode numbers with their corresponding names. Each filename in a directory is a link to a particular inode. Not something especially useful for our study of permissions, but it is here as a curiosity. 🙂

The name "dio" in green, informs us the user who owns the file, and the second "hate" in light blue, informs us who the group of users who own it, the same way.

Each file on Linux is "owned" by some, or a particular user. Normally the owner of the file is the creator of the file, but thanks to the permissions system you can create situations where the user who created the file owns it, giving the property to someone else or the user.

The owner of the file or directory can also belong to a particular group, in this case the file associated with all users that are part of a particular group. In our example, the name of the creator and owner of the file and group name are the same, "audio".

In dark blue we have the value in "bytes"of the disk space occupied by the file or directory. In this case, it is not even one, so it is zero.

Next information tells us the date of creation of the file or directory in question.

Lastly, we have the file name.

Taking a deep look at the permissions

Let's zoom in on the part red from the output of our terminal, which informs us of the following data:

rw-r – r–

We can contrast with the file information of the last line, which unlike the first in the list, which is a flat file, a folder, or directory, as you prefer to call it:

rwxr-xr-x

Even this information should be fragmented into groups of 3, taking the second example, as there is greater diversity of options, we have: rwx r-x r-x

Each triplet informs respectively the permissions to:

group owner and others

At where:

r = read

w = write

x = execute (execute)

– = has no permission

Knowing this, looking at our example, we can say that:

– The file owner is allowed to read, write and execute this file (rwx);

– The user group to which the file belongs has read permissions, no write permissions, but can execute the file (r-x);

– Other users may read the file, may not write to it, and may execute it (r-x).

If we go back to the first example: rw-r – r–

We have:

– The owner can read, write, but cannot execute;

– The group can read, cannot write or execute;

Other users can read, but cannot write or execute;

How to change file access permissions and their many options

Now that you have understood how to read file permissions, you may want to change them to allow or block the use of certain people or users. For this we have two commands in Linux:

chmod: Called "change mode", it is used to change the permissions of a file or directory.

chown: Called "change owner", it is used to change the ownership of a file or directory.

For example, if I want to modify our "diolinux" sample file so that the user who owns the file has permission to execute on it, I can use the command:

chmod 754 diolinux

Changing permissions

Note reading the original file in the image above with "ls -l", changing the permissions with the command above, and reading again. See how X was added to the file in the user column, but it was also added to the groups column, as in this case one thing affects the other.

I happen to have a feeling you gave your head a hard time now, didn't you? Did I get it? : D

Where did this "754" come from hell?

I'll explain how it works, rest assured.

Understanding the numbering of permits

You may have heard that modern computing is, deep down, binary numbers, right? Ones and zeros, that whole thing, isn't it?

So, imagine that the columns of read, write and exec If they are "switches" with value one (1), they do something, with value zero (0), they stop doing, for example:

rwx r-x r–

111 101 100

Now the game gets interesting, convert the binary numbers to decimals and see that "111", in the example, equals 7, "101" 5, "100" "4", and so on. You can play in one of these online calculators if you want.

In the end, we have a finite number of combinations that gives us this table:

CHMOD Linux Permission Table

So the number you will type right after "chmod"regarding the type of permission you want to give, if you want everyone to have permission for everything, for example, the command would be:

chmod 777 filename

This command can only be executed this way if you obviously own the file. When it comes to changing folder permissions, you need to add a parameter to allow them to be recursively appended to all elements within it, unless you really want to change the directory permission, but not the files inside it:

chmod -R 777 folder_name

Here is another useful table: Linux permission scheme

Clearly, 666 is not the number of the beast, simply the universe telling you that you can read and write, but do nothing.

You can also use the "chmod"to add a remove some permission to the file, instead of changing all settings. For example apply permissions to all users like this:

chmod + x 'i use linux'

Setting permissions

This parameter "+ x" adds the "x" of "executable" to "owner", "group" and "others" at the same time, as you can see in the image above, where we did the process in the file 'I use linux' , which by visual identification, has changed color in Ubuntu Bash, indicating that it is now an executable too, turning green.

Just as we use "+ x" to make it executable, we can use "+ w" for writing and "+ r" for reading at the same time.

Just in case, wheel one:

chmod man

To view the command manual.

This is the "old scholl" way of doing things, perhaps because remembering numbers is easier (?), But actually "chmod" supports letters too, even more directly than when using "+ x" or "+ w" or whatever.

For example:

Who : u, g, o, a (for user, group, other, all)What to do: +, -, = (to add, remove, set exactly)Where to be: r, w, x (for read, write, execute)

From a command line, the "chmod 777 diolinux" we made would be:

chmod ugo + rwx diolinux

setting file permissions I know, I know, "calling the ego," I can't help the thought either. My fifth internal series is yours.

Changing the file or directory owner

To change the file owner you need to be Root, who owns the whole fucking thing. And you do that using the command chown.

There is a syntax pattern for this command, which:

chown owner: group file / folder

To see the available groups, send one:

cat / etc / group

If you want to see the little one, it can be:

cut -d: -f1 / etc / group | sort

This way it is obvious how to proceed to make a change of ownership or group:

root sudo chown: diolinux root

user change setting

As a curiosity, look at the properties of this file through the interface and you will see something like this:

Setting Folder Permissions

Since we have a 777 permission in this file, even though it now belongs to Root, our normal user can, for example, edit it. But what if we do that?

sudo chmod 750 diolinux

We need the sudo Now because the file is not ours but Root's, then we need to run the command as superuser. Try opening the file with your normal user and you will see that you can no longer edit and save it, even though you were the original creator! Very cool! 🙂

Finally, I hope the article is worthy of a bookmark in your browser, now you can delete your study folder. If you have any questions, see our forum, It is a very cool place to share knowledge.

See you next time!

_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.