File Permissions in Linux

Introduction
• Linux is a clone of UNIX, the multi-user
operating system which can be accessed by
many users simultaneously. Linux can also be
used in mainframes and servers without any
modifications. But this raises security
concerns as an unsolicited or malign
user can corrupt, change or remove crucial
data.
 Introduction
• For effective security, Linux divides authorization
into 2 levels.

• Ownership

• Permission
 Introduction

• In this Linux file commands we will learn-

• Ownership of Linux files
• Permissions
• Changing file/directory permissions with 'chmod' command
• Absolute(Numeric) Mode
• Symbolic Mode
• Changing Ownership and Group
• Summary
 Ownership of Linux files
• Every file and directory on your Unix/Linux system
is assigned 3 types of owner, given below.

• User

• Group

• Other
 Types of owner
• 1. User
• A user is the owner of the file. By default, the person who created a
file becomes its owner. Hence, a user is also sometimes called an
owner.

• 2. Group
• A user- group can contain multiple users. All users belonging to a
group will have the same access permissions to the file. Suppose
you have a project where a number of people require access to a
file. Instead of manually assigning permissions to each user, you
could add all users to a group, and assign group permission to file
such that only this group members and no one else can read or
modify the files.
 Types of owner
• 3. other
• Any other user who has access to a file. This person has
neither created the file, nor he belongs to a usergroup who
could own the file. Practically, it means everybody else.
Hence, when you set the permission for others, it is also
referred as set permissions for the world.
• Now, the big question arises how does Linux
distinguish between these three user types so that a user 'A'
cannot affect a file which contains some other user 'B's' vital
information/data. It is like you do not want your colleague,
who works on your Linux computer, to view your images. This
is where Permissions set in, and they define user behavior.
 Permissions

• Let us understand the Permission system on Linux.

• Every file and directory in your UNIX/Linux system has following 3

permissions defined for all the 3 owners discussed above.

• Read: This permission give you the authority to open and read a file. Read
permission on a directory gives you the ability to lists its content.
• Write: The write permission gives you the authority to modify the
contents of a file. The write permission on a directory gives you the
authority to add, remove and rename files stored in the directory.
Consider a scenario where you have to write permission on file but do not
have write permission on the directory where the file is stored. You will be
able to modify the file contents. But you will not be able to rename, move
or remove the file from the directory.
 Permissions

• Execute: In Windows, an executable program usually

has an extension ".exe" and which you can easily run.
In Unix/Linux, you cannot run a program unless the
execute permission is set. If the execute permission
is not set, you might still be able to see/modify the
program code(provided read & write permissions are
set), but not run it.
Permissions
 Permissions

• ls - l on terminal gives.
• ls – l

• Here, we have highlighted '-rw-rw-r--'and this weird

looking code is the one that tells us about the
permissions given to the owner, user group and the
world.
 Permissions

• Here, the first '-' implies that we have selected a file.

• Else, if it were a directory, d would have been shown.

 Permissions

• The characters are pretty easy to remember.

• r = read permission

• w = write permission

• x = execute permission

• - = no permission
 Permissions

• The first part of the code is 'rw-'. This suggests that

the owner 'Home' can:

• Read the file

• Write or edit the file
• He cannot execute the file since the execute bit is set
to '-'.
 Permissions

• The second part is 'rw-'. It for the user group 'Home' and
group-members can:
• Read the file
• Write or edit the file

• The third part is for the world which means any user. It says 'r-
-'. This means the user can only:

• Read the file

 Changing file/directory permissions
with 'chmod' command
• Say you do not want your colleague to see your personal
images. This can be achieved by changing file permissions.

• We can use the 'chmod' command which stands for 'change

mode'. Using the command, we can set permissions (read,
write, execute) on a file/directory for the owner, group and
the world.
• Syntax:
• chmod permissions filename
 Changing file/directory permissions
with 'chmod' command
• There are 2 ways to use the command –

• Absolute mode

• Symbolic mode
 Absolute(Numeric) Mode

• In this mode, file permissions are not represented as characters but a

three-digit octal number.
• The table below gives numbers for all for permissions types.
Number Permission Type Symbol
0 No Permission ---

1 Execute --x

2 Write -w-
3 Execute + Write -wx

4 Read r--

5 Read + Execute r-x

6 Read +Write rw-

7 Read + Write +Execute rwx

 Absolute(Numeric) Mode
• chmod command in action.

• In the above-given terminal window, we have changed the permissions of

the file 'sample to '764'.
 Absolute(Numeric) Mode
• '764' absolute code says the following:

• Owner can read, write and execute

• Usergroup can read and write

• World can only read

• This is shown as '-rwxrw-r-This is how you can change the permissions on

file by assigning an absolute number.
 Symbolic Mode

• In the Absolute mode, you change permissions for all 3

owners. In the symbolic mode, you can modify permissions of
a specific owner. It makes use of mathematical symbols to
modify the file permissions.

Operator Description

+ Adds a permission to a file or

directory

- Removes the permission

= Sets the permission and overrides

the permissions set earlier.
 Symbolic Mode

• The various owners are represented as -

User Denotations
u user/owner

g group
o Other

a all
 Symbolic Mode

• We will not be using permissions in numbers like 755 but

characters like rwx. Let's look into an example.
 Changing Ownership and Group
• For changing the ownership of a file/directory, you can use the following
command:

• chown user

• In case you want to change the user as well as group for a file or directory
use the command.

• chown user:group filename

Changing Ownership and Group
 Changing Ownership and Group
• In case you want to change group-owner only, use the
command
• chgrp group_name filename

• 'chgrp' stands for change group.

 Changing Ownership and Group
• You can use the command "groups" to find all the groups you
are a member of.
 Summary:
• Linux being a multi-user system uses permissions and ownership for
security.
• There are three user types on a Linux system viz. User, Group and
Other
• Linux divides the file permissions into read, write and execute
denoted by r,w, and x
• The permissions on a file can be changed by 'chmod' command
which can be further divided into Absolute and Symbolic mode
• The 'chown' command can change the ownership of a file/directory.
Use the following commands: chown user file or chown user:group
file
• The 'chgrp' command can change the group ownership chrgrp
group filename
• What does x - eXecuting a directory mean? A: Being allowed to
"enter" a dir and gain possible access to sub-dirs.
 File Transfer to window
• 1) WinSCP
• WinSCP is an FTP software for Microsoft Windows. It enables
you to smoothly copy any file between the local system and
the remote server. This software has a primary file manager
and file synchronization functionality.
 File Transfer to window
• Features:
• It offers easy to use Graphical User Interface (GUI).
• Supports scripting and task automation.
• It has integrated text editor
• WinSCP interface can be translated into many languages
• Provides Command-line interface.
• Security through file encryption.
• Port forwarding is possible.
• It can be downloaded in the form of standalone portable
executables.
• Link: https://winscp.net/eng/index.php
 Linux/Unix User Administration
• As Linux is a multi-user operating system, there is a high need
of an administrator, who can manage user accounts, their
rights, and the overall system security.

• You should know the basics of Linux admin so that you can
handle the user accounts and usergroups.
 1 - Creating a User
• In Linux, every user is assigned an individual account which
contains all the files, information, and data of the user. You
can create multiple users in a Linux operating system. The
steps to creating a user are:

• Using Terminal

• Using GUI
 1 - Creating a User
• Using Terminal.
Step 1) Use command sudo adduser
 1 - Creating a User
• Step 2) Enter password for the new account and confirmStep.
 1 - Creating a User
• Step 3) Enter details of the new user and press Y

• New account is created.

 1 - Creating a User
• Using GUI
Step 1) Go to the system settings look for an icon which says
'User Accounts'.
 1 - Creating a User
• Step 2) Click on the unlock icon and enter a password when
prompted, then click the plus sign.
 1 - Creating a User
• Step 3) A new window would pop up, asking you for adding
information to the new user account.The account type offers
two choices - standard and administration(Ubuntu Limitation).
If you want the new user to have administrative access to the
computer, select Administrator as the account type.
Administrators can do things like add and delete users, install
software and drivers, and change the date and time.
Otherwise, choose standard.Fill in the full name, username
and click on create.
 1 - Creating a User
• Step 3)
 1 - Creating a User
• Step 4) The new account would show, but would be disabled
by default.
 1 - Creating a User
• To activate it, click the password option and add a new
password. Click change to enable the account.