Introduction
Linux is an open-source operating system widely used in web servers, supercomputers, mobile devices, and embedded devices. One of the key features of Linux is its permission system, which provides granular control over the access of files and folders. The permission system is based on three attributes: read (r), write (w), and execute (x), and applies to three categories: owner, group, and others. In this article, we will explore how to set file and folder permissions on Linux.
Basic File Permissions
Every file and folder in Linux has a set of permission bits that control who can read, write, and execute them. To view the permission bits of a file or folder, use the ls -l
command. Here is an example output:
-rw-r--r-- 1 mike mike 0 Feb 28 14:30 file.txt
drwxr-xr-x 2 mike mike 4096 Feb 28 14:31 folder
The first column shows the permission bits, where the first character is -
for a regular file and d
for a directory. The next three characters (rw-
) indicate the owner’s permission, the next three (r--
) indicate the group’s permission, and the last three (r--
) indicate others’ permission. In this example, the owner (mike) can read and write the file, while the group and others can only read it. The folder is readable and executable by all, but only writable by the owner.
To set file permissions, use the chmod
command followed by the permission bits and the file name. For example, to give the owner write permission on file.txt
, use:
chmod u+w file.txt
Here, u
stands for “user” or “owner,” and +w
adds write permission. To remove write permission, use -w
instead of +w
.
To set folder permissions, use the chmod
command with the -R
option to apply the changes recursively to all files and subfolders within the folder. For example, to give the group read and execute permission on folder
, use:
chmod -R g+rx folder
Here, g
stands for “group,” +rx
adds read and execute permission, and -R
applies the changes recursively.
Common Permissions
You can find below the common permissions codes for files and folders in Linux:
Number | Permission Type | Symbol |
---|---|---|
0 | No Permission | — |
1 | Execute | –x |
2 | Write | -w- |
3 | Execute + Write | -wx |
4 | Read | r– |
5 | Read + Execute | r-x |
6 | Read +Write | rw- |
7 | Read + Write +Execute | rwx |
Each file or folder has 3 types of permissions:
- Owner – The Owner permissions apply only to the owner of the file or directory; they will not impact the actions of other users.
- Group – The Group permissions apply only to the group that has been assigned to the file or directory; they will not affect the actions of other users.
- All users – The All Users permissions apply to all other users on the system, this is the permission group you want to watch the most.
Special Permissions
In addition to the basic file permissions, Linux has two special permissions: setuid and setgid. When setuid is enabled on a file, the file is executed with the permissions of its owner instead of the user who runs it. When setgid is enabled on a folder, all files and subfolders created within the folder inherit the group of the folder instead of the user’s default group.
To enable setuid, use the chmod
command followed by the u+s
option and the file name. For example, to enable setuid on file
, use:
chmod u+s file
To enable setgid, use the chmod
command followed by the g+s
option and the folder name. For example, to enable setgid on folder
, use:
chmod g+s folder
Advanced Permissions
Linux also has advanced permissions, such as ACLs (Access Control Lists) and SELinux (Security-Enhanced Linux). ACLs provide more fine-grained control over file and folder permissions, allowing you to specify permissions for specific users or groups. SELinux is a mandatory access control system that enforces security policies to protect the system against malicious attacks.
To set ACLs, use the setfacl
command followed by the file or folder name and the desired permissions. For example, to give user alice
read and write permission on file.txt
, use:
setfacl -m u:alice:rw file.txt
Here, -m
stands for “modify,” u
stands for “user,” and rw
adds read and write permission. To remove the ACL, use -x
instead of -m
.
To set SELinux contexts, use the chcon
command followed by the context and the file or folder name. For example, to set the SELinux context of file.txt
to httpd_sys_content_t
, use:
chcon -t httpd_sys_content_t file.txt
Here, -t
stands for “type” and httpd_sys_content_t
is a predefined context for files that are served by the Apache HTTP server.
Best Practices for Setting File and Folder Permissions on Linux
While setting file and folder permissions on Linux is a powerful tool for managing access to files, it is important to do so in a way that maximizes security and minimizes the risk of unauthorized access. One of the best practices is to set the permission bits as strictly as possible. For example, if a file is intended to be read-only, set the permission bits to 444
, which means read-only for all users. Another best practice is to use groups to manage file and folder access instead of individual users. By adding users to specific groups, you can easily manage access to files and folders without having to modify the permission bits for each user.
Another best practice is to use ACLs for more granular control over file and folder access. ACLs allow you to specify permissions for specific users or groups, which can be useful in scenarios where you need to grant access to a specific user or group without giving access to others. However, it is important to keep in mind that ACLs can make the permission system more complex and harder to manage, so use them judiciously and only when necessary.
Conclusion
Setting file and folder permissions on Linux is an essential skill for system administrators and developers who need to manage access to files and folders on Linux-based systems. By understanding the basic permission system and the advanced features like ACLs and SELinux, you can ensure that your files and folders are accessed only by authorized users and protected against malicious attacks. By following best practices like setting the permission bits strictly and using groups and ACLs, you can maximize security and minimize the risk of unauthorized access.
In this article, we have explored how to set file and folder permissions on Linux. We have seen how the permission system is based on three attributes: read, write, and execute, and applies to three categories: owner, group, and others. We have also seen how to enable special permissions like setuid and setgid, and how to use advanced permissions like ACLs and SELinux. By mastering Linux’s permission system, you can ensure that your files and folders are protected and accessed only by authorized users.
📕 Related articles about Linux
- How to list directory content in reverse in Linux
- How to Benchmark CPU Speed in Linux
- How to Check for Disk Error in Linux
- Most Common Utilities to Extract Archives in Linux
- How to Enable X11Forwarding in SSH Server
- How to extract 7z file in Linux