Linux User & Group File Permissions

In Linux, every file and directory have some permission’s set by default. But now the very first thing comes in mind is that what is need of any file permission? When we work within files and directories,we do not want other users to do any changes in our files. If other users have the access to our file, it is possible that we can lose our data with a small mistake of other user. So to escape from this situation, we can configure file permission’s on our files and directories.

Basically,a file permission is a set of permission for controlling access to a file. In Linux,different files and directories have the permission that specify which user or group can read, write or modify and access the files and directories. Now question is; who is user, who is group and who is other user? Don’t be confused, i am explaining it here:

User: user is owner of file or directory,who creates a file.
Group: this is a group,who owns the file and directory.
Other: All users,which are not the owner of file or not the part of the group who owns the file.

And now the next thing comes in mind that what kind of permission,we can set on a file or directory. Take a look:

Read Permission: If it is set on file,means file can be read and opened and if it is set on a directory, means the content of the directory can be listed.

Write permission: If it is set on file,means file can be edited,renamed or modified and if it is set on a directory,means files can be created on this directory.

Execute permission:If it is set on file,means file can be executed as a program or shell script. If it set on a directory, means that you can alleast enter into the directory with the cd command.

But there are some special permission’s also used :

SetUid(SUID): When we set the setuid bit , when the file is executed by a user, the process will run with the same permission as the owner of the file will have.

SetGid(SGID): When we set the setgid bit , when the file is executed by a user, the process will run with the same permission as the group of the directory will have. It means when we create a file on a directory with setgid bit set, files will be created with the same group id,that the directory have.

Sticky bit: If sticky bit is set on a directory,only the owner of the file will be able to delete its file.

chmod command can be used to set permission on files and directories. You can check file permission with following command:

[root@localhost~}# ls -ld *
total 3
drwxrwxrwx 4 root root 122 Dec 12 12:36 linuxonlinesolutions
-rw-r–r– 1 root root 1873 Jan 23 08:34 file1

Now lets study the first line of the output :
drwxrwxrwx 4 root root 122 Dec 12 12:36 linuxonlinesolutions

d: it is a Directory
rwx: read write execute permission for owner of the file
r-x: read and execute permission for the group
r-x: read and execute permission for the other user.
4 : Number of files in the linuxonlinesolutions directory
root: owner of the directory
root: group of the directory
122: The size of the directory in bytes
Dec 12 12:36: Date of last modification.
linuxonlinesolutions: Name of the directory

Now lets study the second line of the output :
-rw-r–r– 1 root root 1873 Jan 23 08:34 file1
: it is a file

rw- :read and execute permission for owner
r– : read permission for group
r– : read permission for others
1 : number of files
root: owner of the file
root: group of the file
1873: size of file in bytes
Jan 23 08:34 : date of last modification
file1: name of the file

There are 2 methods to set permission:

1] Symoblic method
2] Absolute or Relative method

Symbolic Method

Symbolic method uses following chracters to set the permissions:

* u : user
* g : group
* o: other
* a: all users
* r : read
* w : write
* x : execute
* – : no permission
* s : set user or group id
* t: sticky bit

* + : add permission
* – : remove permission
* = : set exactly the same permission

Now lets do some practical:
Scenario:
1] Owner should have full permission on localfile
2] Group should have read and execute permission on localfile
3] All other users should have no permission on localfile
4] Users cannot delete each others data in /example directory
5] Data on /example directory should be created with Setuid and Setgid bit set.

Solution:
[root@localhost~}# chmod u+rwx localfile

[root@localhost~]# chmod g+r-x localfile

[root@localhost~]# chmod o-rwx localfile

[root@localhost~]#ls -ld localfile
-rwxr-x— 2 root root 1800 Jan 26 13:34 localfile

[root@localhost~]# chmod +t /example
It will set sticky bit on the directory

[root@localhost~]#ls -ld /example
drwxr-xr-t 2 root root 4096 Jan 26 13:34 localfile

[root@localhost~]# chmod u+s /example
It will set setuid on the directory

[root@localhost~]# ls -ld /example
drwsr-xr-t 2 root root 4096 Jan 26 13:34 /example

[root@localhost~]# chmod g+s /example
It will set setgid on the directory

drwsr-sr-t 2 root root 4096 Jan 30 13:34 /example/

Absolute or Relative Method

Absolute or Relative method uses digits to set permission for user,group and others at once.

* 0 : no permission
* 1 : execute
* 2 : write
* 3 : write + execute
* 4 : read
* 5 : read + execute
* 6 : read + write
* 7 : read + write + execute

# 1 : sticky bit
# 2 : group id
# 4 : user id

Now lets do some practical:

Scenario:
1] Owner should have full permission on /linuxonlinesolutions directory
2] Group should have only read and execute permission on /linuxonlinesolutions directory
3] All other users should have only execute permission on /linuxonlinesolutions directory
4] Data should be created with the setuid.

Solution:
[root@localhost~}# chmod 751 /linuxonlinesolutions

[root@localhost~]# ls -ld /linuxonlinesolutions
drwxr-x–x 2 root root 122 Dec 12 18:02 linuxonlinesolutions

[root@localhost~] chmod 4755 linuxonlinesolutions
It will set setuid bit on the directory

[root@localhost~]# ls -ld /linuxonlinesolutions
drwsr-x–x 2 root root 122 Dec 12 18:04 linuxonlinesolutions

Umask

Umask is Unix Environment Variable which automatically sets file permissions on newly created files. When a newly file or directory is created , it is given default permissions. The default permission for directory is execute, but execute permission for file is turned off by default. Execute permission is set for directories. you can check default permission with umask command with no arguement. If you want to change this default permission,you can again use the umask command.
If there is no umask is in effect,any file created will have 666 permission and directory created will have 777 permission.

Umask Files Directories 

022{root} 644 755
002{normal user} 664 775

You can leave a response, or trackback from your own site.

Leave a Reply