Understanding and Using Permissions in Linux
The permissions are one of the most important aspects of Linux (in fact, all Unix-based systems). They are used for various purposes, but serve primarily to protect the system and the files of the users. Manipulate permissions is an interesting activity, but complex at the same time. But such complexity should not be interpreted as difficulty and yes as a possibility to deal with a wide variety of settings, which allows you to create various types of protection files and directories.
As you should know, only the super-user (root) has shares unrestricted in the system, precisely because the user is responsible for the configuration, administration and maintenance of Linux. It is up to him to determine, for example, what each user can execute, create, modify, etc. Of course, the form used to specify that each user of the system can do is the determination of permissions. Beingso, in this article you will see how to configure permissions of files and directories, as well as to modify them.
drwx—— … 2 wester …………. 512 Jan … 29 23:30 .. Files/
-rw-rw-r– … 1 wester ……. 280232 Dec .. 16 22:41… notes.txt
The lines above represent a command you typed (ls -l) to list a directory and their permissions. The first item that appears in each row (drwx—– and -rw-rw-r-r-) is the form used to show the permissions of the directory Files and file notas.txt. Is this item, that receives the name of string, which we will study. An interesting point to mention is that Linux treats all directories as files also,therefore, the permissions apply equally to both. Such permissions can be divided into four parts to indicate: type, owner, group and other permissions. The first character the string indicates the file type: if “d” represents a directory, if “-“is the equivalent of a file. However, other characters can appear to indicate other types of files, as shown in the table below:
d => directory
b => block file
c => file special character
p => channel
s => socket
Notice now that in the rest of the string, there is still 9 characters. You already know that means the first. The others are divided into three groups of three, each represented the owner, the group and all other, respectively. By taking the line 2 of the example (-rw-rw-r-r-), excluding the first character, and dividing the string remainder in 3 parts, would look like this:
rw- => the first part means the permissions of the owner
rw- => the second part means the permissions of the group to which the user belongs to
r– => the third part means the permissions for the other users
Let’s understand now what it means to these characters (r, w, x, -). There are basically three types of permissions: read, write and execution. Read-allows the user to read the contents of the file but do not change it. Recording allows the user to change the file. Execution, as the name says, allows the user run the file if a file to be executable. But it turns out that the permissions do not work in isolation, that is, so that the user has read permission or recording, or execution. The permissions work in conjunction. This means that each file/directory has all three permissions are set, the responsibility of the owner to determine which of these permissions is enabled for the users or not. It may be that a certain amount of users have permission to change a file, but not others, for example. Hence the need to use groups. In this case, the permission of the recording of this file will be given to the group, making with that every user that is a member it can change the file. Note it is necessary to take certain care with the permissions. For example, what is the point of the user have write permission if he does not have read permission enabled?
Now that we already know the meaning of the divisions of the string, let’s understand what the letters r, w, x , and the character – represent:
r => means read permission (read);
w => means write permission (write);
x => means permission of execution (execution);
– => means permission that has been disabled.
The order in which the permissions should appear is rwx. So, let’s understand the string of our example, dividing it into 4 parts:
drwx—— … 2 wester …………… 512 Jan … 29 23:30 .. Files/
– is a directory (d);
– the owner can change it, burn it and run it (rwx);
– the group may not can change it, burn it, nor run it (—);
– other users can’t change it, burn it, or execute it (—).
-rw-rw-r– … 1 wester ………. 280232 Dec .. 16 22:41… notes.txt
– it is a file (-);
– the owner can change it, burn it, but not run it. Note that as this file is not executable, the execution permission appears disabled (rw-);
– the group has identical permissions to the owner (rw-);
– the user only has permission to read the file, not you can change it (r–).
The table below shows the most common permissions:
— => no permission;
r– => read permission;
r-x => read and execute;
rw- => read and write;
rwx => read, write, and execute.
Setting permissions with chmod
In previous topics you should had at least a notion what are the permissions and their importance in Linux. The time has come to learn how to set up permissions, and this is done via the command chmod ( change mode). An interesting detail of this command is that you can configure permissions in two ways: symbolically and numerically. First we will see the method of symbolic.
To have a clearer view of the symbolic form with the chmod, imagine that such symbols are in two lists, and the combination of them generates the permission:
u => user
g => group
The (letter ‘a’ capital) => other
a => all
r => read –
w => write
x => execution
To be able to combine the symbols in these two lists, use the operators:
+ (plus sign) => add permission
– (minus sign) => remove permission
= (equal sign) => set permission
To show how this combination is made, we will suppose that you want to add write permission in the file test.old to a user. The command to be typed is:
chmod u+w test.old
The “u” indicates that the permission will be given to a user, the plus sign (+) indicates that it is being added a permission and “w” indicates that the permission is being given is write.
If you want to give read and write permissions to your group, the command will be:
chmod g+rw test.old
Tip: create files and directories. Then, test the combination permissions with chmod. This will help you a lot in understanding this feature.
Using chmod with numerical method
Use the chmod with numeric values is a task quite practice. Instead of using letters as symbols for each permission, use-if numbers. If a particular permission is enabled, is assigned value 1, otherwise assign the value 0. Being thus, the string permissions r-xr—– in numerical form is being 101100000. This combination of 1’s and 0’s is a binary number. But we still have to add the form decimal (that is, numbers from 0 to 9).
If you do not know the binary system must be wondering what this “lot” of 0 and 1 has to do with the numbers from 0 to 7. As the binary system just works with the numbers 0 and 1 (decimal works with the numbers 0 to 9, that is, it is the numbering system that we use in our daily lives), it needs a sequence to represent the values. Thus, in the table above, the column Torque shows how are the binary values of the numbers 0 to 7 of decimal system.
The time has come then to relate the explanation of the the paragraph above with the column Permission. For example, we will use the permission rw-, whose value in binary is 110, which in decimal corresponds to the number 6. So, instead of using the rw- or 110 to create the permission, simply use the number 6. Notice that, with the numerical method, we use only one digit to represent a ticket, instead of three.
Above, are being given the permissions rw——- the file notas.txt because 6 is the equivalent of rw-and 0 is equivalent to —. As zero appears twice, then the value of 600. Do the above command with a test file and then type ls – l notas.txt to see what appears (notas.txt should be replaced by the file that you are using). The table below shows a list of settings quite used:
As you have seen, it is much more practical to use the chmod with the numerical method. But you may have been confused with this whole scheme of permission. But do not feel guilty for this reason (and also don’t put all the blame on the inefficiency of the author to explain the subject 😀 ). The issue is that in the Unix-based systems, permissions are one of the aspects the more complex the existing. Such complexity is equivalent to the efficiency of the use of permissions. Therefore, the best way to understand the permissions is by training. So, to work! Train, create permissions, and see your results. Good learning!