Linux - File Security

File Permissions

Every user, owner or other user has the read, write and execute permission. 

Permission	Description	Code
read	Anyone with read permission can view the content of the file but CANNOT edit or modify the contents of the file.	-r or -4
write	Anyone with write permission can edit the contents of the file. At the directory level, anyone with write permission can remove or rename the file.	-w or -2
execute	Only users that have execute permission can run the program.	-x or -1

An example of permissions given to the user, group and other users. 

-rwxr--rw-

Let’s decode the permissions. 

✔️ It is made up of 10 characters. 

✔️ The first character is either ‘-’ or ‘d’. For the first place ‘-’ means that it is a file and ‘d’ denotes a directory. 

✔️ The characters 2  to 4 are permissions for an owner. 

✔️ The characters 5 to 7 are permissions for a group. 

✔️ The characters 8 to 10 are permissions for other users.

So, we can think of permissions as three groups of rwx, where ‘-’ in any place of rwx means the absence of that permission.  

In the above example, -rwxr--rw- : 

1️⃣ The permissions are defined for a file. (-rwxr--rw-)

2️⃣ The user has all permissions (read, write and execute). (-rwxr--rw-)

3️⃣ The group has only read permissions. (-rwxr--rw-)

4️⃣ The other users have read and write permissions. (-rwxr--rw-) 

 

As mentioned above, the numeric code for r is 4, w is 2 and x is 1. 

The user’s rwx permission can be written as (4+2+1) 7. 

The group’s r-- permission can be written as (4+0+0) 4. 

The other’s rw- permission can be written as (4+2+0) 6. 

Hence, rwxr--rw- can be written as 746.

Use ls -l command to view all the ownerships and permissions. 

chgrp command

The change group command is used to change the ownership permissions of a group. 

➡️ Syntax: 

chgrp <new group name> <filename>

Note: Only root users have the permission to change the owner or group of the files in the system.

➡️ Example

chgrp newfile ninjafile 

✅ When we run this command the ninjafile will now become a part of the newfile group.   

chown command

This command is used to change the owner of a file.

➡️ Syntax: 

This syntax will change the owner only.  

chown <new owner> <filename> 

➡️ Example

chown newowner ninjafile

✅ When we run this command, the owner of the file ninjafile will change to newowner. 

The following syntax will change the user and the group. 

chown <new owner name : new group name> <file name> 

➡️ Example

chown newowner:newfile  ninjafile

✅ When we run this command, the owner and the group of the file will change to newowner and newfile respectively. 

Changing Permissions: chmod command

If you want to update the permissions of the owner, group or other user, you can use the chmod command. 

To understand how to use this command, we will use examples - 

Adding permissions

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Enter the following command to grant group users permission to execute the file.

chmod g+x ninjafile

In the above command 

✔️ ‘g’ refers to a group.

✔️ ‘+’ refers to granting permission. 

✔️ ‘x’ denotes execute permission. 

✅ So, now the ninjafile will have following permissions: -rwxrwxr--

Removing Permissions 

There is a file named “ninjafile”, with the following permissions: -rw-r--r--

Run the following command to remove write permission from the owner. 

chmod u-w ninjafile

✅ So, now the ninjafile will have following permissions: -r--r--r--

In the above example, ‘-’ sign in u-w is denotes removal of write permission from user. 

Multiple users permission

There is a file named “ninjafile”, with the following permissions: -rw-r--r--

Run the following command to add write permission to the group and other users.

chmod go+w ninjafile

✅ So, now the ninjafile will have following permissions: -rw-rw-rw- 

Separate Permissions to separate users 

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Run the following command to add write permission to the other users and remove execute permission from the user (owner).

chmod u-x, o+w ninjafile

✅ So, now the ninjafile will have following permissions: -rw-rw-rw- 

Permissions to all

There is a file named “ninjafile”, with the following permissions: -r-xr-xr--

Suppose we want to add write permission to all the categories of users. 

Run the following command to add permissions to ALL: 

chmod a+w ninjafile 

or

chmod ugo+w ninjafile

✅ So, now the ninjafile will have following permissions: -rwxrwxrw- 

Multiple permissions

There is a file named “ninjafile”, with the following permissions: -rwxrw-r--

Run the following command to add write and execute permission to the other users and remove execute permission from the user (owner).

chmod o+wx ninjafile

✅ So, now the ninjafile will have following permissions: -rwxrw-rwx

Assigning Permissions

There is a file named “ninjafile”, with the following permissions: -r--rw-r--

Run the following command to assign all permissions to the user and group.

chmod ug=rwx

✅ So, now the ninjafile will have following permissions: -rwxrwxr--

 

Points to remember about chmod-

✔️ Use ‘+’ for adding permissions, ‘-’ for removing permissions and ‘=’ for assigning permissions. 

✔️ To add/remove/assign permissions to all (i.e. to users, group and other) use ‘a’ (a+rwx).

✔️ You can add permissions to multiple worlds by writing them together (like, ugo+x). 

✔️ You can add multiple permissions to multiple/single world (like ugo+rwx or u-rx, etc). 

✔️ ‘=’ will overwrite the previous permissions and grant new permissions. 

The file Mask

Every new file is given a set of permissions when it is created. A new file is given all the permissions to all the categories i.e. a new file will have -rwxrwxrwx permissions. A new directory is given permission to read and write for all the categories i.e. a new directory will have drw-rw-rw- permissions. 

Use unmask command to view the permissions given to a newly created file or directory. 

Syntax 

unmask 

Frequently Asked Questions

What is the use of permissions in Linux? 

In Linux, a system can be used by multiple users, so to protect one user’s files from another user, Linux came up with the concept of permissions. The permissions protects the user's information. 

Why did Linux come up with ownership categories?

Linux is a multiuser operating system. A License defines who can access the file and what actions can a user perform on the file. To make the distribution of licenses easy, Linux introduced three ownership categories - user (creater and owner of the file), group (multiple users belong to the same group and have equal rights) and other (neither belongs to a group nor is an owner).

What is the difference between ‘=’ and ‘+’ in Linux? 

The ‘=’ will remove all the permissions and add new permissions while ‘+’ will not remove any permissions, it will only add new permissions.

Conclusion

Pat yourself on the back for finishing this article. In this article, we discussed about file security. We started with understanding the categories of users and different types of permissions, followed by commands to assign ownership to the user and a group. We then proceeded to discuss about the command to change the permissions and about the file mask.

Do not stop learning! We recommend you read these articles on Linux- 

🔥 Introduction to Linux

🔥 Linux Kernel

🔥 Linux Directories

Head to the Guided Path on the Coding Ninjas Studio and upskill in Data Structures and Algorithms, Competitive Programming, System Design, and many more courses.

If you want to Practice top Coding Problems, attempt mock tests, or read interview experiences, head to the Coding Ninjas Studio, our practice platform.

We wish you Good Luck!🎈 Please upvote our blog 🏆 and help other ninjas grow.