Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
File owner categories
3.
File Permissions
3.1.
chgrp command
3.2.
chown command
4.
Changing Permissions: chmod command
4.1.
Adding permissions
4.2.
Removing Permissions 
4.3.
Multiple users permission
4.4.
Separate Permissions to separate users 
4.5.
Permissions to all
4.6.
Multiple permissions
4.7.
Assigning Permissions
5.
The file Mask
6.
Frequently Asked Questions
6.1.
What is the use of permissions in Linux? 
6.2.
Why did Linux come up with ownership categories?
6.3.
What is the difference between ‘=’ and ‘+’ in Linux? 
7.
Conclusion
Last Updated: Mar 27, 2024
Medium

Linux - File Security

Author Neha Chauhan
0 upvote
Leveraging ChatGPT - GenAI as a Microsoft Data Expert
Speaker
Prerita Agarwal
Data Specialist @
23 Jul, 2024 @ 01:30 PM

Introduction

Along with windows, iOS and macOS, Linux is also an operating system. An operating system manages the communication between the hardware and software. Linux is open-source, free of cost and highly secure.

In Linux, everything is either a file or a process. Images, texts, videos and hardware drivers, software applications everything is a file. These files are divided into three categories- users, groups and other files which are neither owned by a user nor belong to a group. Permissions are defined for each file i.e. you can define who can read, write or execute the file. 

Linux - file security


In this article, we will discuss how to secure your files in Linux. 

File owner categories

In Linux, a file can belong to any of the following categories -

Category

Description

Code

User or

owner

A user is the owner of the file. By default, the creator of the file is the owner. A user has read, write and delete permissions.  u

Group

Multiple users together form a group. In a group all the members have equal permissions.  g

Other

A user that is neither an owner nor belongs to a group is kept in this category.  o
Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

File Permissions

Every user, owner or other user has the read, write and execute permission. 

Permission

Description

Code

read

Anyone with read permission can view the content of the file but CANNOT edit or modify the contents of the file.  -r or -4

write

Anyone with write permission can edit the contents of the file. At the directory level, anyone with write permission can remove or rename the file.  -w or -2

execute 

Only users that have execute permission can run the program.  -x or -1

An example of permissions given to the user, group and other users. 

-rwxr--rw-

examples

Let’s decode the permissions. 

✔️ It is made up of 10 characters. 

✔️ The first character is either ‘-’ or ‘d’. For the first place ‘-’ means that it is a file and ‘d’ denotes a directory. 

✔️ The characters 2  to 4 are permissions for an owner. 

✔️ The characters 5 to 7 are permissions for a group. 

✔️ The characters 8 to 10 are permissions for other users.

So, we can think of permissions as three groups of rwx, where ‘-’ in any place of rwx means the absence of that permission.  

In the above example, -rwxr--rw-

1️⃣ The permissions are defined for a file. (-rwxr--rw-)

2️⃣ The user has all permissions (read, write and execute). (-rwxr--rw-)

3️⃣ The group has only read permissions. (-rwxr--rw-)

4️⃣ The other users have read and write permissions. (-rwxr--rw-

 

As mentioned above, the numeric code for r is 4, w is 2 and x is 1. 

The user’s rwx permission can be written as (4+2+1) 7. 

The group’s r-- permission can be written as (4+0+0) 4. 

The other’s rw- permission can be written as (4+2+0) 6. 

Hence, rwxr--rw- can be written as 746.

Use ls -l command to view all the ownerships and permissions. 

chgrp command

The change group command is used to change the ownership permissions of a group. 

➡️ Syntax: 

chgrp <new group name> <filename>

Note: Only root users have the permission to change the owner or group of the files in the system.


➡️ Example

chgrp newfile ninjafile 

✅ When we run this command the ninjafile will now become a part of the newfile group.   

chown command

This command is used to change the owner of a file.

➡️ Syntax: 

This syntax will change the owner only.  

chown <new owner> <filename> 


➡️ Example

chown newowner ninjafile

✅ When we run this command, the owner of the file ninjafile will change to newowner. 

The following syntax will change the user and the group. 

chown <new owner name : new group name> <file name> 

➡️ Example

chown newowner:newfile  ninjafile

✅ When we run this command, the owner and the group of the file will change to newowner and newfile respectively. 

Changing Permissions: chmod command

If you want to update the permissions of the owner, group or other user, you can use the chmod command. 

To understand how to use this command, we will use examples - 

Adding permissions

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Enter the following command to grant group users permission to execute the file.

chmod g+x ninjafile

In the above command 

✔️ ‘g’ refers to a group.

✔️ ‘+’ refers to granting permission. 

✔️ ‘x’ denotes execute permission. 

✅ So, now the ninjafile will have following permissions: -rwxrwxr--

Removing Permissions 

There is a file named “ninjafile”, with the following permissions: -rw-r--r--

Run the following command to remove write permission from the owner. 

chmod u-w ninjafile

✅ So, now the ninjafile will have following permissions: -r--r--r--

In the above example, ‘-’ sign in u-w is denotes removal of write permission from user. 

Multiple users permission

There is a file named “ninjafile”, with the following permissions: -rw-r--r--

Run the following command to add write permission to the group and other users.

chmod go+w ninjafile

✅ So, now the ninjafile will have following permissions: -rw-rw-rw- 

Separate Permissions to separate users 

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Run the following command to add write permission to the other users and remove execute permission from the user (owner).

chmod u-x, o+w ninjafile

✅ So, now the ninjafile will have following permissions: -rw-rw-rw- 

Permissions to all

There is a file named “ninjafile”, with the following permissions: -r-xr-xr--

Suppose we want to add write permission to all the categories of users. 

Run the following command to add permissions to ALL: 

chmod a+w ninjafile 

or

chmod ugo+w ninjafile

✅ So, now the ninjafile will have following permissions: -rwxrwxrw

Multiple permissions

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Run the following command to add write and execute permission to the other users and remove execute permission from the user (owner).

chmod o+wx ninjafile

✅ So, now the ninjafile will have following permissions: -rwxrw-rwx

Assigning Permissions

There is a file named “ninjafile”, with the following permissions: -r--rw-r--

Run the following command to assign all permissions to the user and group.

chmod ug=rwx

✅ So, now the ninjafile will have following permissions: -rwxrwxr--

 

Points to remember about chmod-

✔️ Use ‘+’ for adding permissions, ‘-’ for removing permissions and ‘=’ for assigning permissions. 

✔️ To add/remove/assign permissions to all (i.e. to users, group and other) use ‘a’ (a+rwx).

✔️ You can add permissions to multiple worlds by writing them together (like, ugo+x). 

✔️ You can add multiple permissions to multiple/single world (like ugo+rwx or u-rx, etc). 

✔️ ‘=’ will overwrite the previous permissions and grant new permissions. 

The file Mask

Every new file is given a set of permissions when it is created. A new file is given all the permissions to all the categories i.e. a new file will have -rwxrwxrwx permissions. A new directory is given permission to read and write for all the categories i.e. a new directory will have drw-rw-rw- permissions. 

Use unmask command to view the permissions given to a newly created file or directory. 

Syntax 

unmask 

Frequently Asked Questions

What is the use of permissions in Linux? 

In Linux, a system can be used by multiple users, so to protect one user’s files from another user, Linux came up with the concept of permissions. The permissions protects the user's information. 

Why did Linux come up with ownership categories?

Linux is a multiuser operating system. A License defines who can access the file and what actions can a user perform on the file. To make the distribution of licenses easy, Linux introduced three ownership categories - user (creater and owner of the file), group (multiple users belong to the same group and have equal rights) and other (neither belongs to a group nor is an owner).

What is the difference between ‘=’ and ‘+’ in Linux? 

The ‘=’ will remove all the permissions and add new permissions while ‘+’ will not remove any permissions, it will only add new permissions.

Conclusion

Pat yourself on the back for finishing this article. In this article, we discussed about file security. We started with understanding the categories of users and different types of permissions, followed by commands to assign ownership to the user and a group. We then proceeded to discuss about the command to change the permissions and about the file mask.

Do not stop learning! We recommend you read these articles on Linux- 

🔥 Introduction to Linux

🔥 Linux Kernel

🔥 Linux Directories

Head to the Guided Path on the Coding Ninjas Studio and upskill in Data Structures and AlgorithmsCompetitive ProgrammingSystem Design, and many more courses.

If you want to Practice top Coding Problems, attempt mock tests, or read interview experiences, head to the Coding Ninjas Studio, our practice platform.

We wish you Good Luck!🎈 Please upvote our blog 🏆 and help other ninjas grow.

Live masterclass