8. File Permissions

Linux is a multi-user environment where many users run programs and share data. File permissions are used to protect users and system files. Files and directories have three levels of permissions: User, Group and World. The types of permissions a file can have are:

File permissions are arranged into three groups of three characters each. The first set is the User (owner) permissions; the second set is the Group permissions, and finally permissons for Others or everyone else on the system. In the following example, the owner can read and write the file, while group and all others have read access only.

You can view a files permissions by using the "long list" option (-l) with ls, as shown in the following example:

$ ls -l $HOME
-rw-r--r--.  1 jdoe jdoe 796631 2009-11-20 14:25 image_data.dat

-rwxrwxr--. 1 jdoe community_group     355 2010-02-18 15:50 my_executable.o

In this example, user "jdoe" owns the two files, image_data.dat and my_executable.o. "jdoe" has read and write access and others only have read access for image_data.dat. "jdoe" and others who are in the "community_group" have read, write and execute permissions for my_executable.o, but others on the system have read access only.

Changing File Permissions 
Use the chmod command to change permissions on a file . This command changes the file permission bits of each file according to a given mode, which can be either a symbolic representation of changes to be made or an octal number representing the bit pattern for the new mode bits.

Chmod in symbolic mode

The syntax of the command in symbolic mode is chmod [references][operator][modes]: references can be "u" for user, "g" for group, "o" for others and "a" for all three types. The operator can be "+" to add and "-" to remove permissions. In the following example, the owner has been given read, write, and execute permissons, the group and everybody else has no permission.

$ chmod u+rwx my_executable.o

$ ls -l my_executable.0
-rwx------. 1 jdoe community_group     355 2010-02-18 15:50 my_executable.o

Chmod in numeric mode

The numeric mode is from one to four octal digits (0-7). The rightmost digit selects permissions for the world, the second digit for other users in the group and the third digit for the owner. The fourth digit is rarely used. The value for each digit is derived by adding up the bits with values 4 (read only), 2 (write only), and 1 (execute only). The value zero removes all permission for the particular group, whereas the value 7 turns on all permissions (read, write, and execute) for that group.

Let's say I have an executable that I would like others in my group to be able to read and execute, but I do not want anybody else to be able to have any access. First I need to set the read, write and execute permission for myself, then read and execute for my group, and finally no permissions for everybody else.

Initially my_executable.o is set to read and write for me, and permissions for the group "community_group" and everybody else is set to read only

$ ls -l my_executable.o
rw-r--r--. 1 jdoe community_group     355 2010-02-18 15:50 my_executable.o

Now I change these permissions so that I have read, write, and execute permissions (7), the group has read and execute permission (5), and everybody else has no permissions (0).

$ chmod 750 my_executable.o

$ ls -l my_executable.0
-rwxr-x---. 1 jdoe community_group     355 2010-02-18 15:50 my_executable.o