Sets of Users and Permissions
Granting several levels of access permissions according to types of users
Every file and folder stored on the hard drive of a Linux System is associated with a set of permissions. Varying levels of access permissions are granted to three types of users. The following are the types of users associated with every file:
- The owner (U) of a file is the person who created the file.
- The file's group (G) is typically the group the owner was logged in under while creating the file; all users that belong to the file's group have a common level of access to the file.
- The others (O) group refers to all users on the system other than the owner and the file's group members.
Files and directories have three types of permissions:
- Read permission just allows users to look at the file. Read permissions to a directory allow users to view the directory's contents.
- Write permission allows users to modify and save files and add or delete files in directories
- Execute permission allows users to execute the file as if it were a command. For directories, this permission simply allows users to access files within the directory
To view the permissions for each type of user for all files in a directory, issue the long listing option (-l) of the ls command:
[ LinuxUser ] ~$ ls -l total 15 drwxr-xr-x+ 2 LinuxUser None 0 Nov 26 18:11 Java -rw-r--r-- 1 LinuxUser None 57 Nov 24 21:21 errors -rw-r--r-- 1 LinuxUser None 55 Nov 24 21:25 errors.txt -rw-r--r-- 1 LinuxUser None 8728 Nov 24 20:19 lsinfo.txt -rwxr-xr-x 1 LinuxUser None 43 Nov 26 01:42 myScript [ LinuxUser ] ~$
The initial string of letters:
drwxr-xr-x
represents the permissions that correspond to each user. The following table explains what each letter stands for in sequence:
| d | r | w | x | r | w | x | r | w | x |
| Owner | Group | Other | |||||||
| item type |
Read | Write | Execute | Read | Write | Execute | Read | Write | Execute |
Thus, the first position indicates the type of file (d for directory, l for link), the next three indicate the user's permissions, positions 5-7 indicate the group's level of access while positions 8-10 indicate everyone else's level of access. A hyphen in any position indicates that the corresponding type of user does not have the permission referenced by the position:
· drwxr-xr-x
- This folder allows read, write and execute permissions for the owner, but only read and execute for the group and for other users.
· -rw-rw-rw-
- This file allows everyone to read and write; none may execute.
· -rw-------
- This file may be read and written to by the owner; all other users do not have access
The chmod command may be used to change the permissions of a file. This may be accomplished by the following type of command:
chmod [permissions][+or-][UserType] file_name [ LinuxUser ] ~$ ls -l errors -rw-r--r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod g+w errors [ LinuxUser ] ~$ ls -l errors -rw-rw-r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod g-w errors [ LinuxUser ] ~$ ls -l errors -rw-r--r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod go+wx errors [ LinuxUser ] ~$ ls -l errors -rw-rwxrwx 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$
The set of commands above demonstrate the changes in the 'errors' file's permissions following 'chmod' command. In short, the g+w option adds group write permission for the errors file, the listing right after this command displays the change. The g-w option removes this permission again. The go+wx option adds write and execute options to group users and other users. Note that 'a' (all users) may be used instead of 'ugo' and that '=' may be used instead of + or - to set (rather than add or remove) permissions. The following command gives all permissions to the owner and the group, and only execute permission to others.
[ LinuxUser ] ~$ chmod ug=rwx,o=x errors [ LinuxUser ] ~$ ls -l errors -rwxrwxrw- 1 LinuxUser None 57 Nov 24 21:21 errors
A set of three numbers may be used instead of letters to accomplish the same results. Each number may range from 0 to 7. The first number corresponds to the owner's permissions, the second number to group permissions and the final number to other users' permissions. The following table explains the meaning of each value in the range:
| Number | Read (R) | Write (W) | Execute (X) |
| 0 | No | No | No |
| 1 | No | No | Yes |
| 2 | No | Yes | No |
| 3 | No | Yes | Yes |
| 4 | Yes | No | No |
| 5 | Yes | No | Yes |
| 6 | Yes | Yes | No |
| 7 | Yes | Yes | Yes |
Thus, 777 is the same as for ugo+rwx - the end result looks like -rwxrwxrwx. 755 is the same as u+rwx,go+rx - the end result looks like -rwxr-xr-x. Let us see how we would issue the same set of chmod commands on the errors file using numbers:
[ LinuxUser ] ~$ ls -l errors -rw-r--r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod 664 errors [ LinuxUser ] ~$ ls -l errors -rw-rw-r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod 644 errors [ LinuxUser ] ~$ ls -l errors -rw-r--r-- 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$ chmod 677 errors [ LinuxUser ] ~$ ls -l errors -rw-rwxrwx 1 LinuxUser None 57 Nov 24 21:21 errors [ LinuxUser ] ~$
The root user may use the chown command to change the owner of a file. The following command changes the owner of the exams directory to smith and changes its group to professors. The -h option makes this change to all sub files and directories of exams/. The chown command may change just the owner by not specifying a color or group after the new owner's userid.
# chown -hR smith:professors exams/
