File Permissions in Linux
File naming conventions are very important in Linux. By default the filename sizes can range from 14 to 255 characters.
Valid File names
Here are some characters for valid file names:
- Uppercase or lowercase letters “a-z,A-Z”
- Numbers “0–9”
- Dashs “-“
- Underscores “_”
- Periods “.”
In addition to the above naming rules:
A period BEFORE file name hides the file from a default listing (ls).
Ordinary file names and directory file names are case sensitive (i.e. a capital “A” is different than a lowercase “a”).
File Path names
A path name is used to specify the location of a file or directory. Path names are used when issuing Linux commands when working with directories and files.
There are 3 types of path names:
- Absolute Path name (location reference starting from root “/”)E.g. /students/report/ledger.txt
- Relative Path name (locaton reference relative another location)E.g. mytext.txt, ../reports, ./programs
- Relative-to-home Path name (symbol “~” = user’s home directory path) E.g. ~, ~/assignments, ~userid
File Access Permission
Every user has a unique ID number associated with their account called a UID. This information is usually contained in the file called “/etc/passwd”
The user has the ability to “give-away” ownership of their directories or files to any user on Unix/Linux server by using the “chown” command.
Checks what groups are available in the server.
-rw-r——- 1 segurag profs 0 2012-11-27 10:34 file1
The first character indicates information regarding the type of file:
- Character “-” indicates a file to store data or to execute Character “d” indicates a directory
- The next series of 9 characters relate to the “permissions” of the “file1”.
Those next nine characters are combined to provide information regarding read(r) write (w) and execution (x) permissions for:
User (u) — The owner of the file or directory.
Group (g) — Users that do not own the file or directory, but belong to the same group as the file. (i.e. SAME GROUP members)
Other (o) — Users that do not own the file or directory, and do NOT belong to the same group as the file.(i.e. OTHER GROUP members)
An “r”, “w” or “x” indicates that the permission is permitted, and a “-” indicates that the permission was not permitted (or denied).
The chmod command allows the user to change file and directory permissions.
There are 2 ways to use the chmod command:
Method #1: Relative method
Using characters to add (+), remove (-) or set (=)
Permissions for user(u), same group members(g), other group members(o), or all (i.e. ugo).
(e.g. chmod g+rw filename, chmod go=rx filename, chmod u+x,g=x filename )
Method #2: Absolute method
Using octal numbers as a shortcut to represent permissions set for user, group and others.
(eg. chmod 755 filename, chmod 644 filename )
The Absolute chmod command is a convenient “short-cut” to changing file and directory access permissions provided that you are comfortable converting octal and binary numbers.
Example of Converting Binary to Octal
Here would be an example:
- Change permissions to binary (1-permissions granted, 0-permission denied):
r w x r – x – - x —> 111101001
- Since 1 octal digit equals 3 binary digits, separate into groups of three’s:
111 101 001(u) (g) (o)
- In groups of 3, r=4, w=2, x=1 (if permission not granted, value is zero)
4+2+1 4+0+1 0+0+1 7 5 1
- Issue command: chmod 751 filename
Changing access permissions for directories is similar to changing access permissions for files except:
With execute permissions only for a directory, users may be able to access the directory, but you cannot view the directory’s contents (e.g. cannot use ls).
With execute and read permissions for a directory, you may be able to access the directory and view the directory’s contents (e.g. can use ls).
With full permissions (execute, read, and write) users may be able to access, view contents of the directory, but create sub directories or files within that directory!
Inorder to allow others to share files within your directory, you need to set “pass-through” permissions within your home directory.
This can be thought of as a “secret-open-door” to allow other users access to navigate to sub-directories that contain shared files.
Set Directory/Regular File Permissions Upon Creation
Are you tired of continually issuing chmod commands after you have created new files or directories?
The “umask” command is used to automatically set (actually hide permissions) of newly-created directories or regular files. That is why they call it a “mask”…
There are different masks for different purposes: for example, when you compile a program, there is usually a “compile mask” that sets execute permissions for the user to run the executable program.
To determine the default permissions for newly created directories, that “umask” octal value is subtracted from the full permissions octal number (i.e. 777). You can “drop” the first zero that is displayed for the “umask” value.
Unmask Example Directories
Therefore, we can determine the permissions for newly-created directories while this shell session is running:
777 – 077 (umask value) = 700
Therefore, permissions for newly-created directories now will be:
r w x - - - - - -
Unmask Example: Regular Files
For determining permissions for newly-created regular files, just subtract umask number from 666.
666 – 077 (umask value) = 660
Therefore, permissions for newly-created regular files now will be:
Permissions: r w - - - - - - -