Linux distributions guarantee maximum information security! However, it is necessary for the user to master some fundamental concepts to guarantee this security.
Have you ever heard of file and directory permissions on Linux? Today we teach how this permission system works.
In the file system used in the Linux OS there are specific attributes for each file / directory. These attributes, also known as “permissions, allow the OS to control the access of different users to files / directories.
In this way, a user is prevented from accessing content to which they do not have privileges, as they are system files or files of another user.
Permissions on Linux: User, Group and Other
Permissions on files and directories are divided into 3 levels:
- ‘U’ (user, who owns)
- ‘G’ (group, group (s) to which it belongs)
- ‘O’ (other, all others).
To view the permissions we can use the following command ls –l (ls – command to list directories and files and the option “l” is for us to view details).
In the example, from the previous image, we have the following permissions defined:
- ppinto.dat: full permissions. That is, reading, writing and execution for the owner, group and others (777)
- pplware.txt: Reading and writing for the owner, reading for the group and reading for others (644)
- psimoes.doc: Reading and writing for the owner and reading for the group (640)
To change / assign permissions to a given file / directory we use the chmod command
Permissions: Binary mask mode or octal mode
The binary mask consists of three Arabic numerals under base 8, that is, from 0 to 7 (hence the name octal mode) where:
- The first digit represents the owner of the file / directory (u)
- The second digit represents the group (g)
- The third digit represents the others (o)
Permissions are specified for each group. The “weights” assigned are:
- 4 = Reading (r)
- 2 = Writing (w)
- 1 = Execution (x)
We will then consider that we intend to give the pplware file permission to read (4), write (2) and execute (1) for the owner of the file, read (4) to the group and read (4) to others.
Now adding the "weights" we have: for the owner we have 4 + 2 + 1 = 7, compared to the group we have only 4 and the same happens for the others. So, the permission to assign would be 744. Perceived? At first it seems confusing, but then it becomes quite simple to configure
Examples with binary mask mode
- chmod 600 pplware> ‘rw ‐‐‐‐‐‐‐’ permissions
- chmod 755 pplware> ‘rwxr ‐ xr ‐ x’ permissions
- chmod 777 pplware> ‘rwxrwxrwx’ permissions
Mode: “friendly” (with letters)
For the definition of permissions through the "friendly" mode, it is necessary to use letters and some other symbols. In addition to what we have already learned, we highlight the operators that allow us to define a permission (‘+’) or remove a permission (‘-).
Friendly mode example.
Create the pplware file using the touch command, and then try changing its permissions. To see the file permissions you can use the command ls –l pplware
- chmod u + rw pplware – sets 'r / w' (read and write) permissions to the file owner
- chmod o-rwx pplware – remove all permissions from “others”
- chmod a + rw pplware – gives everyone ‘r / w’ permissions (ugo)
- chmod go ‐ r pplware – remove the ‘r’ (read) permission from the group and others
In short, in the friendly mode we use letters and in the binary mask we use a set of three digits. As a final tip I leave you the stat command. Try using it as follows: stat pplware and then analyze the information in the Access field.
As you have seen, setting permissions on Linux is not that difficult. Whoever wants can also always use the graphical interface.
We hope you find this tutorial useful and think twice when you want to set a 777 permission.