In Linux, every object is a file. A directory or a folder is then also a file.
Linux follows the POSIX permissions model.
A permission is a combination between:
Linux file permissions are thennine bits of information (3 types x 3 type of users), each of them may have just one of two values:
Simply put:
Every file or folder in Linux has access permissions. There are three types of permissions (what allowed to do with a file):
Access permissions for files and folders mean different things from the user standpoint. The table below shows the difference.
Access type | File | Folder |
---|---|---|
Read | If the file contents can be read | If the directory listing can be obtained |
Write | If user or process can write to the file (change its contents) | If user or process can change directory contents somehow: create new or delete existing files in the directory or rename files. |
Execute | If the file can be executed | If user or process can access the directory, that is, go to it (make it to be the current working directory) |
Every file on your Linux system, including directories, is owned by a specific user and group. Therefore, file permissions are defined separately for users, groups, and others.
It is used in Linux long directory listings. It consists of the 10 first characters.
[nicolasg@hasbitdb01 /]$ dir -l
total 158
drwxr-xr-x 2 root root 4096 Feb 11 04:02 bin
drwxr-xr-x 4 root root 1024 Feb 10 15:42 boot
drwxr-xr-x 16 root root 5780 Feb 16 16:10 dev
drwxr-xr-x 90 root root 12288 Mar 17 04:02 etc
drwxr-xr-x 12 root root 4096 Mar 11 15:08 home
Symbol Position | Description |
---|---|
0 | the file type. It is either * d if the item is a directory, * l if it is a link, * or - if the item is a regular file. |
1 to 3 | permissions for the owner of the file |
4 to 6 | permissions for the group. |
7 to 9 | permissions for others. |
Permissions symbol | Description |
---|---|
r | Read access is allowed |
w | Write access is allowed |
x | Execute access is allowed |
- | Access is denied |
Structure:
Example: 0644. Here :
This table shows what numeric values mean:
Octal digit | Text equivalent | Binary value | Meaning |
---|---|---|---|
0 | — | 000 | All types of access are denied |
1 | –x | 001 | Execute only |
2 | -w- | 010 | Write only |
3 | -wx | 011 | Read only |
4 | r– | 100 | Read access is allowed only |
5 | r-x | 101 | Read and execute access are allowed |
6 | rw- | 110 | Read and write access are allowed |
7 | rwx | 111 | Everything is allowed |
To combine the permissions you can simply add 1, 2 and 4 to get a needed combination.
For instance,
This is a base 8 number, if you get any problem setting it, verify that the number should not be converted to a decimal (ie base 10)
For instance:
fileMode = Integer.parseInt("755", 8);
Permissions for files, directories, and applications are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose.
Application | Function |
---|---|
chgrp | Changes which group owns a given file. |
chmod | Changes access permissions for a given file. It is also capable of assigning special permissions. |
chown | Changes a file's ownership (and can also change group). |
It is also possible to alter these attributes in the GNOME and KDE graphical environments by right-clicking on the desired object and selecting Properties.
You can view the access permissions of a file by doing the long directory listing with the ls -l command. This is what a long directory listing might look like:
[nicolasg@hasbiodb01 ~]$ ls -l
total 4
drwxrwxrwx 2 nicolasg oinstall 4096 Feb 24 11:26 weegbrug
With the find commando
find . -perm 664
find . -perm -664
find . -perm /222
find . ! -perm /u=w
# All three of these commands do the same thing but with a different syntax
find . -perm /220 # octal representation of the file mode
find . -perm /u+w,g+w # use the symbolic form
find . -perm /u=w,g=w # use the symbolic form
# Both these commands do the same thing;
find . -perm -220
find . -perm -g+w,u+w
# Both these commands do the same thing;
find . -perm -444 -perm /222 ! -perm /111
find . -perm -a+r -perm /a+w ! -perm /a+x