Understanding and Changing Permissions in Linux

Understanding operating systems is impossible without understanding permissions.

They are everywhere. They are needed everywhere. And once you understand how to alter them, you will be well on your way to comprehend the basics of today’s computers.

Managing Permissions

Viewing permissions on any Unix-based machine is simple.

$ ls -l

ls called with the -l parameter will output the POSIX permission convention. It will give you an idea as to what you can do with the file. There are only three type of permissions.

r : Read permission
w : Write permission
x : Execute permission

These permissions exist on three different user levels: user (u), group (g), and others (o). By calling ls -l on a directory, we get the following output.

-rw-r--r-- 1 myuser mygroup        6 Mar  1 16:40 touched.txt

This can be disected into four parts:

Directory/File   User    Group    Others
-                rw-     r--     r--

The first ‘-‘ distinguishes between files, where it is ‘-‘, and directories ‘d’.

Then each other part displays read, write and execute permissions. A ‘-‘ indicates that the user or entity does not have the corresponding permission.

The ls -l output for the touched.txt can be translated in the following way:

-rw-r--r-- 1 myuser mygroup        6 Mar  1 16:40 touched.txt

-                       touched.txt is a file
rw-     User  (myuser)  has read and write permission
r--     Group (mygroup) has read-only permission
r--     Others          have read-only permission

With chmod we can change these permissions however we suit fit, given we have the permissions to do so.

There are two ways in which chmod works, the first is changing permissions using numbers and the second one is using the POSIX style notation. Using POSIX notation, we add write permissions to the group and others.

$ chmod go+w touched.txt
$ ls -l
-rw-rw-rw- 1 myuser mygroup        6 Mar  1 16:40 touched.txt

‘go’ stand for group and others, the ‘+’ adds permissions and ‘w’ is the writing permission.

The same can be done in order to revoke the permissions, just replacing the ‘+’ with a ‘-‘

$ chmod go-w touched.txt

The other way to change permissions is by relying on numbers. You might have seen something like this before:

$ chmod 644 touched.txt

Each number stands for a or multiple permissions. The way it works is that you add the different permissions together that you want to give the different levels.

0 = no operations allowed
1 = execute or the ability to cd in the case of a directory
2 = read
4 = write

Wanting to give the group and others read and write permissions but none to the user, you could write the following

$ chmod 066 touched.txt

user:   0 for no operations allowed
group:  6 = 4 (write) + 2 (read)
others: 6 = 4 (write) + 2 (read)

That’s it. The next step is to explore permissions more deeply.