Permissions

Introduction

In Linux-based systems, permissions allow controlling who can access what. Each file or directory has permissions associated with three entities:

Owner: the user who created or owns the item.
Group: the group to which the file or directory is assigned.
Others: all other users.

Permissions define the allowed actions for each entity:

Read (r): read the content of a file or display a directory.
Write (w): modify the content of a file or change files in a directory.
Execute (x): execute an executable file or enter a directory.

Permission representation

Permissions are visible with the ls -l command, which displays one line per file or directory:

-rwxr-xr-- 1 user group 12345 date file

Meaning of rwx:
For files:

r (read): permission to read the file content.
w (write): permission to modify or delete the file.
x (execute): permission to execute the file, like a program or script.

For directories:

r (read): permission to list the directory content.
w (write): permission to create, delete or rename files or subdirectories inside.
x (execute): permission to enter the directory (use cd) and access files inside (if file permissions allow it).

Field explanations

Type and permissions: The first character indicates the item type (- for a file, d for a directory, etc.), followed by permissions for owner, group and others.
- Example: -rwxr-xr--
  - rwx: owner permissions (read, write, execute).
  - r-x: group permissions (read, execute).
  - r--: others permissions (read only).
Number of links: Number of references to this item.
Owner: Name of the owner user.
Group: Name of the assigned group.
Size: Item size in bytes.
Date: Last access or modification.
Name: File or directory name.

Modifying permissions

Using `chmod`

The chmod command allows modifying permissions of a file or directory.

Syntax

chmod [options] mode file

Modes

Symbolic:

u: owner (user).
g: group.
o: others.
a: all.
Actions: + (add), - (remove), = (set).

Example:

chmod u+x file # Adds execution for owner.
chmod u+rw file # Adds read and write for owner.
chmod g-w file # Removes write for group.
chmod a=r file  # Gives only read to all.

Octal:

Each entity (u, g, o) is represented by a digit (0 to 7):
- Read: 4.
- Write: 2.
- Execute: 1.

Example:

chmod 755 file # rwx for owner, r-x for others.
chmod 644 file # rw- for owner, r-- for others.

Using `chown`

The chown command allows changing the owner or group of a file or directory.

Syntax

chown [owner][:group] file

Examples:

chown alice file         # Changes owner to "alice".
chown alice:developers file # Changes owner and group.
chown :developers file # Changes group

Using `chgrp`

The chgrp command modifies only the group.

chgrp developers file

Special permissions

Some files or directories may have additional permissions:

Setuid

Allows an executable file to be executed with its owner's privileges.
Represented by an s instead of x in owner permissions.
Example:
```
chmod u+s file
```

Setgid

Allows a file or directory to be executed with its group's privileges.
Represented by an s instead of x in group permissions.
Example:
```
chmod g+s file
```

Sticky Bit

Applied to directories so that only the owner or root can delete their files.
Represented by a t instead of x in others permissions.
Example:
```
chmod +t directory
```

Permissions are essential for Linux system security and management. By understanding their operation and manipulation, you can precisely control access to your files and directories. This helps prevent errors and protect sensitive data.