Linux File and Directory Permissions Explained
Linux permissions seem a bit cryptic at first glance, but once you begin to understand how they work, it’s a breeze. The first thing we need to understand in an effort to get permissions under control is binary to octal conversion.
Binary to Octal:
001 = 1
010 = 2
011 = 3
100 = 4
101 = 5
110 = 6
111 = 7
Now take a look at at the following output of the command ‘ls -l’.
drwxr-xr-- 1 krnl nobody 5274 Oct 3 21:51 somedir
Permissions owner group size date filename
Now, the permissions column is broken down as follows:
The first character, in this case ‘d’, tells the file’s type. There are several possible entries in this field.
– = regular file
d = directory
c = character special file ( /dev/ttyp0 )
b = block special file ( /dev/fd0 )
l = symbolic link
So, in the example ‘ls -l’ above, the owner (krnl) can read, write and execute; the group (nobody) can read and execute; and all other users can read this directory. Let’s say that we want to give the group ‘nobody’ write access to this directory.
# ls -l
drwxr-xr– 1 krnl nobody 1024 Oct 3 21:51 somedir
# chmod 774 somedir
# ls -l
drwxrwxr– 1 krnl nobody 1024 Oct 3 21:51 somedir
Notice how we added the write capability to the group that the directory belongs to. Using the command above with the various number combinations allowed by chmod will allow you to change file permissions to what you need.
000 = ———
OWNER
001 = ——–x
002 = ——-w-
003 = ——-wx
004 = ——r–
005 = ——r-x
006 = ——rw-
007 = ——rwx
GROUP
010 = —–x—
020 = —-w—-
030 = —-wx—
040 = —r—–
050 = —r-x—
060 = —rw—-
070 = —rwx—
USER
100 = –x——
200 = -w——-
300 = -wx——
400 = r——–
500 = r-x——
600 = rw——-
700 = rwx——
Hopefully you have the point now 😉
The forhealthylives fourth bit
The fourth bit can be optionally used to set userid, groupid and sticky bit (save text). The following example shows how to set the SUID bit. SUID or Set User ID is used when you want an executable to run as the file’s owner regardless of who executes it. The following example shows how to use chmod to make a file SUID root, which is generally a bad idea (anyone who executes the file executes it as root).
# ls -l
-rwxr-xr-x 1 root nobody 49358 Oct 7 14:39 filename
# chmod 4755 filename
# ls -l
-rwsr-xr-x 1 root nobody 49358 Oct 7 14:39 filename
SGID is very similar to SUID except that when executed, the program runs with the permissions of the group that it belongs to, regardless of who executes it. Take the following example in which we change the permissions so that ‘filename’ is executed with the group permissions of ‘nobody’:
# ls -l
-rwxr-xr-x 1 root nobody 49358 Oct 7 14:39 filename
# chmod 2755 filename
# ls -l
-rwxr-sr-x 1 root nobody 49358 Oct 7 14:39 filename
The purpose of the sticky bit or save text bit (t) is to cause the operating system to not delete a program’s text from swap space when all user processes finish. This allows the next user to run the process to run it with the image already in swap or physical memory, therefore making process startup faster. Here is how we would set the sticky bit:
# ls -l
-rwxr-xr-x 1 root nobody 49358 Oct 7 14:39 filename
# chmod 1755 filename
# ls -l
-rwxr-xr-t 1 root nobody 49358 Oct 7 14:39 filename
I hope you have found this helpful.
-Krnl