loading...

Linux Mint – Understanding file and directory permissions

Initial Configurations of Windows server 2019

The last section of this chapter deals with a very important concept that we haven’t touched on so far. Permissions in Linux are handled very differently than those on the Windows platform, but Mac users may already understand these concepts as they are very similar.

While using the Linux shell, you may have noticed funny characters next to file names. For example, when entering ls -l into the shell while in a directory that contains files, you may see the following output:


drwxr-xr-x   2 jdoe     users   4096 Dec 24 14:10 Documents
drwxr-xr-x   4 bsmith   users   4096 Dec 31 13:54 Movies
drwxr-xr-x  11 root     root   4096 Dec 24 14:11 Private

Before diving into permissions, let’s explore the output of the ls -l command so that you understand each section. The first section contains the permission string for each file or folder. We’ll get into this shortly. Next to the permission string, you’ll see a number. This number contains the link count for the file or folder. The link count refers to something different depending on whether it is a directory or a file. If it’s a directory, the link count refers to how many directory objects are inside it. With the first line, we see that there is a link count of 2. However, in reality, there are no directories stored in this folder despite the link count of 2. Actually, the link count for a folder starts at 2, and if we had another directory nested inside the Documents folder, the link count would become 3. This is because there are two hidden directories inside each directory. The first is just a single period “ .“, and the second is an object named with two periods “ ..“. The single period refers to the directory itself, and the object containing two periods is an object used to represent the parent folder. So, in short, to determine how many actual objects are inside the folder, just subtract 2. So, in our example, the Documents folder has no directories in it, the Movies folder has two, and the Private folder has nine.

The third column lists the user that owns that particular file or directory. In our example, we see that Documents is owned by the user jdoe, the Movies folder is owned by bsmith, and the Private directory is owned by root. The fourth column is the group that owns the file. In our example, the first two directories are owned by the users group, and the Private folder is owned by the root group. The fifth column is the size of the object in bytes. The last sections should be self-explanatory; we see the date and time stamp of the object and then the name of the object.

So, now that we know how to read the output of ls -l, we can finally divulge the details of Linux permissions. There are 10 characters in each permission string. For example, the first permission string is drwxr-xr-x. What each character means is described as follows:

  • d: If there is a d for the first bit, that means the object is a directory. If the object is a file, the first bit will be a single dash “ -“.
  • r: The character r stands for read.
  • w: The character w stands for write.
  • x: The character x stands for execute.
  • -: A single dash means that there is no permission for that bit.

However, in the example permission strings provided, you’ll see several of the bits listed several times. Why is that? The reason is because the permissions are broken down into user, group, and other. Each of these gets three permission bits. The very first permission bit is reserved to clarify whether the object is a file or a directory. The permission string drwxr-xr-x breaks down as follows:

Directory or file?

User

Group

Other

d

rwx

r-x

r-x

With the permission string broken down into a table, we see that the user (the user account that owns the object) has all three bits: read, write, and execute. This means that the user that owns the object has full jurisdiction over it. The user can read the file to see what it contains, write changes to it, and even execute it as if it were a program. The Group section of the permission string is missing the w bit in the middle. This means that this group can read and execute the object but cannot change it as w is missing. The same is for Other, which means “everyone else.” So, based on this, we can see that everyone (regardless of who they are) can read the object, but only the user who owns it can change it. A more restrictive permission string would be -rwx------. It basically means that the object is a file (the d at the beginning is missing), and the file can only be read, written, and executed by the owner. No other user can even touch it.

Note

It’s important to note that the root account bypasses file permissions. If a user created a file with permissions of -rwx------, which in effect means that only the owner can view and modify the file, the root account would effectively have the full rw permissions regardless.

In Chapter 4, An Introduction to the Terminal, we briefly used the chmod command and gave executable permissions to a file. This is exactly what the x bit does. If a file has the execute bit set, that means that the file can be executed as a program. If you’re writing a script, such as a Bash script, this bit needs to be set, or else you’ll get the permission denied message when trying to run the script. In the next section, we’ll cover the chmod command a bit further.

Now that you’re building an understanding of the basics, it’s time for another curve ball. The permission bits (read, write, and execute) have a different definition depending on whether the bits are referring to a file or a directory. Refer to the following table for a more detailed definition of each bit:

 

Read

Write

Execute

File

The file can be read, which means the contents can be displayed.

The file can be modified.

The file can be executed as if it were a program (such as a script)

Directory

The contents of the directory can be listed (the ls command).

New files can be added within the directory.

Allows you to change directory ( cd) into the directory.

In the preceding table, we can see that the permission string has a slightly different description if the object is a directory than if it is a file. For example, the x bit with a file refers to whether or not it can be executed as a program, while the x bit for a directory determines whether or not you can enter into the directory. This effectively means that it is possible to set a folder to allow all users to enter into the directory but only allow some users to execute the ls command to see what’s inside it. With a folder, the w bit allows that category to add new files to the directory. This may be confusing at first, but practice reading the permission strings on files and directories on your system, and it will soon make sense.

Another important concept to go over in this section in order to make sure you completely understand permissions in Linux is the numerical permission system. Each permission bit is worth a specific value. The read bit ( r) is worth 4. The write bit ( w) is worth 2. Finally, the execute bit ( x) is worth 1. In each section ( User, Group, Other), the permission bits are added up to form a total. For example, let’s take a look at the drwxr-xr-x permission string.

To determine the numerical value of the permissions, again break up the permission string into three groups. Here, we take off the first bit. We see that it’s a directory, so let’s omit the d bit for the rest of the discussion. The three permission bits for the user are r, w, and x, and Group and Other both have r-x for their permission bits. Now, let’s add the totals of each bit for the user section. As r is worth 4, w is worth 2, and x is worth 1 (and the user has all three), the user section has a numerical value of 7. For Group and Other, the r as well as the x bits are set, so we have a value of 5 for both of these sections. This means that the final permission string translates to 755 with the numerical system. This point is further illustrated in the following table:

Permission string

Numerical value

-rwxrwx---

770

-rw-------

600

-rwxrwxrwx

777

-rw-r--r--

644

Before moving on to the next section, it’s a good idea to practice to make sure you understand how to read permissions. There’s never any harm in using the ls command. Feel free to browse your filesystem and execute the ls -l command from within various folders on your system to see how the permissions are set up. Be sure that you can differentiate directories from files and the permissions for each category ( User, Group, Other), as well as practice the numerical system.

One final note for this section: using the shell is not the only way to view permissions in Mint. You can view permissions with the Nemo file manager as well, and you can do so by right-clicking on a directory or file and then selecting Properties. The following screenshot shows the properties window in Nemo showing the Permissions tab:

Comments are closed.

loading...