Linux and Unix File Permissions

Linux Directory Listing
Listing Files and Directories

What Do You Mean I Can’t Do This?

If this hasn’t happened to you already, it surely will:  On your Mac or Linux computer, you attempt to load, save, copy, paste, or delete a file, and you receive a message on your screen that your request has been canceled because you do not have the correct permissions to perform the action (load, save,copy, paste, or delete), and you should contact your Administrator.   I was putting together a Linux file server for a business in 1998.  Linux then was a devil to configure, and once I got to the point of loading files onto the server’s hard drive (and feeling pretty cocky that I had mastered this beast) , I realized there was little I could do with some of files I had transferred.   It seems I lacked the permissions  to write, save,  or delete a large number of the files.  After a few hours of trying to logically work my way through this, I must now confess that I did something no self respecting 21st century male would ever do:  read the instructions (actually, I bought a book on Linux, and then read the instructions located there in).   Now armed with this new found information, I quickly set up my files, and was then able to have full access to whatever I wanted to do with them on the server.   The sun again rose in the morning, birds sang in the trees, and life was good.  Here are  some informative points that will begin your journey to understanding file permissions  in your Unix (OS X) and Linux operating systems:

Owners and Modes

1.  Each folder or file has three types of owners:

  • User (u) The one who owns the file or folder (for folders, almost always the creator of the “folder”}
  • Group (g) a number of users usually defined by an Adminstrator
  • Other (o) Anyone who is not a “User” or in the “Group”, i.e., everyone else

2.  A User, Group Member, and “Everyone Else” can do any combination of the three actions (modes) to files or to folders and their contents.  These modes are the permissions that are granted:

  • Read (r) – view a file and/or the contents of a directory
  • Write (w) – write to a file and/or add and remove the contents of a directory
  • Execute (x) – run a script or a program and/or access a file in a directory

The Terminal

Now that we know how files and directories can be owned and used, we need to be able to see who “owns” the files and folders, and what these owners can do with them.  To accomplish this, we will use the Terminal, and to use the Terminal for this process you will need to know some basic commands (for simplicity’s sake, I am going to presume you are using a Mac):

To open your Terminal, in Finder, go to the Applications’ folder, click it, find the Terminal application, and click it.    Your prompt will look nothing like this:  Larrys-iMac:~ larry$   The first part of the prompt is the name of your computer.   The next notation, the “~”, indicates the current working directory,  – simply, the directory that is open.  The tilde in this case is a shorthand symbol meaning “your own Home directory”.  Finally, the name and $ represents who is logged into the terminal, and/or the Mac at this moment.  So, in my example of the prompt, Larrys-iMac is the computer; we are at the user’s home directory, and the user is larry.

terminal-exercise Linux and Unix File Permissions Discussions How To Linux OS X OS X Security Tips
Terminal Exercise

Change Directory (cd)

  • At the prompt, type:  cd Applications and hit the Enter key (You can follow each step in the window named “Terminal Exercise”, above).  Note that the working directory has changed from the “~” to Applications.  You are now located in the Applications directory of user (in my example) larry.
  • Now, at the prompt type cd ../     (Note that there is a space between the cd and the two periods.)  Press Enter.  You are now back where you started, at the home directory of user (in my case) larry.
  • Again at the prompt, type cd ../../   Press Enter.  Notice that the “~” is replaced by “/” in the prompt.  This means you are in the root directory, a place that is potentially dangerous for a noobe.  Let’s go back Home.
  • Type cd     Press Enter.   What has happened?  The “/” is gone, and the “~” is back.  Like I always say, “There is no place like Home.”
directory Linux and Unix File Permissions Discussions How To Linux OS X OS X Security Tips
Listing Files and Directories

List The Contents Of A Directory (ls)

Follow along using the window “Listing Files and Directories”, above.

Type cd ../../ at the prompt.  Press Enter.  The “~” should be gone, and the “/” is now present.  We have returned to the root directory.  Now at the prompt, type ls and press Enter.  You now see all the folders in the “root” directory, but you still do not know who owns them, and what the permissions are.

Terminal commands often use “switches” to add additional responses to the initial command.  A switch will follow the command, and have something alphanumeric proceeded by a space and a hyphen, something like this:  ls -l   Basically, the command is saying, “Show me the contents of the directory, in a long or verbose list.”  Lets try this switch out.  At the prompt, type ls -l   Press Enter.  Now you have all sorts of information about the folders in the “root” directory, including the elusive Permissions.  Here is a breakdown of what you see:

  • The first line below the prompt displays the grand total of all the loose files in directory, measured in 512 kilobyte blocks.
  • On the very right side you will see a list of folders that reside in the “root” directory, beginning with the folder Applications.  These folders also are the path relative to the directory they are in (in this case /Applications, means the folder “Applications” in the “/” (root) directory.
  • On the far left side are the Permission strings for the folder.  The first character in the string indicates “type”, – the permission string can be for a “d” for directory, “-” for file, or a “l” which is a Unix alias.  In our case, for Applications, it is a “d” for directory.
  • Following the “type”, you see is a Unix shorthand like rwxrwxr-x, and when unraveled become the actual permissions ( often called the mode) for the folder.   We will explore this in more detail in a moment.
  •  The owner of the folder is listed next on the same line, after the Permissions, and then the name of the group associated with the folder is listed.  In the case, Applications is owned by “root”, in the group “admin”.

Now, let’s dig a little deeper, and practice using the “cd” and “ls” commands at the same time.  At your prompt, type cd     Press Enter.  Now at the prompt, type:  cd /Applications   (Be sure the is a space between “cd” and “/”).  Press Enter.  You are now at the root directory, located at the Applications folder.  At the prompt type:  ls -l    Press Enter.  You are now looking at the contents the folder “Applications”.  You can see the Permissions, and owners of the files and folders located within.

Now that we know where to find the information about ownership and authorized activity for directories, folders, and files, we have to determine what it all means?

permission-window1 Linux and Unix File Permissions Discussions How To Linux OS X OS X Security Tips
ls -l Root Directories

Decoding Permissions

Let’s take a look at the permissions for the Applications directory, the first line shown in the Root Directories above.  In the first column, we see the Permissions for the directory.  We already know that the “D” is telling us that the permissions directly to the right of the “D” are for a directory.  The next 9 characters breakdown into groups of three, and from there we can see who can do what to the Application’s directory.

From “rwxrwxr-w” we get:  Owner = rwx        Group = rwx        Other = r-x      Now we know that the Owner of the directory Applications is root, and root can read, write, and execute.   In addition, the Group that has access to the directory Applications is admin, and like root, they can read, write and execute.  Finally, anyone who is either not the owner (root) or in the Group (admin), meaning other can only read and execute, the hyphen denotes no authorization (in this case other cannot write).  Note:  When an Owner, Group, or Other have rwx permissions, this is also termed Full Permissions.

There are times when working with some programs, the permissions are shown numerically, called Octal numbers.  In this method, Read = 4; Write = 2; and Execute =1.  Octal expressions are 4 places.  Here are some examples of Octal expressions:

Full Permission.                 0+r+w+x = 0+4+2+1 = 7

Only Read and Write        0+r+w+x = 0+4+2+0 = 6

Only Read and Execute    0+r+w+x = 0+4+0+1 = 5

For our example using the Applications, the  octal number is 775.  Let’s try another, the Owner has full permission, the Group can read and write, and everyone else can just read (the answer is 762).

Changing Permissions

Before you can change permissions, you must have authority to do so.  For Macs, you are usually OK,  unless the file is owned by “root”.  There is a work around for this, but to so requires some “under the hood” hacking and  is beyond the scope of this article.  Here is the link for how to become “root” from Apple Support:  http://support.apple.com/kb/ht1528.  Be very very very careful doing this.  For Linux users, at the prompt type:  su root    From here, you will be asked root’s password, enter it, and you are home free.  Anytime you are operating as root or a superuser, you must be careful because a mistake could cause loss of data or damage your system.  I recommend before you use su or sudo that you do a little homework that will help you have a safe experience in using these commands.  Here are some links that should provide you with some additional information:

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo

http://www.thegeekstuff.com/2010/09/sudo-command-examples/

http://en.wikipedia.org/wiki/Su_%28Unix%29

http://www.linfo.org/su.html

Now that you have authorization out of the way, you can change permissions of a file by using the chmod command in your terminal.  Open the terminal, and using the cd command, go to the directory holding the file that wish to have a different set of permissions.  Let’s say we want to change permissions from 662 to 770 for file fuzzywuzzy.txt.  Set permissions using chmod as follows:  chmod 770 fuzzywuzzy.txt

Let’s say we have a number of files in directory Data, and the permissions are 662, and we want 772.  We could change each individual document, or we could use the -R switch with chmod, and all files and folders in the directory will have their permissions changed at once.  For example:  chmod -R Data     Here is some further documentation on this command:

http://www.thegeekstuff.com/2010/06/chmod-command-examples/

Summary

Now that you know about file and directory permissions, you can decipher permissions and, if available to you, make appropriate changes as needed.  In addition, you can tighten up security on files and folders by limiting access to them.   Always be careful with files owned by root and the group admin.  These are usually system files, and developers and administrators have reasons why access to the files are limited.  Enjoy.

–Larry

By prometheus

Husband. Father. Grandfather. World class Geek.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.