Hidden Wonders

Linux·Technology·Tutorial

How Unix File Permissions Work


Published:

Table of Contents

Basics[#]


Unix-style file permissions are the kind of thing that seems really confusing at first, but is actually incredibly simple when explained properly. There are some confusing parts, but the contents of this basic section is all you’d ever need to know as an average computer user.

Essentially, every file stores with it some information regarding permissions. We can view the permissions of the files I use to generate this website using the command ls -l, the -l meaning “long”.

-rw-r--r-- 1 user user  3740 Aug 14 20:00  do_not_go_into_debt.md
-rw-r--r-- 1 user user 16314 Aug 14 20:55  how_much_abstraction_is_too_much.md
-rw-r--r-- 1 user user   307 Sep  1 13:41  how_unix_file_permissions_work.md

The most relevant part here is the far left column, which shows the permissions for each file whose name is displayed in the far right column. From this, we can determine that the user named user can read and write to these files, a member of the group named user can only read from the files, and any user on the system can also read from the files.

Let me explain first what each permission means:

Now you might then notice that there are 3 sets of these bits contained in the output of ls -l: why would you have to have 3 r’s to denote that a file can be read? The answer is that Unix has 3 different types of permissions: user permissions, group permissions, and all permissions. The first is self-explanatory: the user permission is what permissions the owner of the file has. Then there is the group permission: essentially, you can add users to the same group to give them the same file permissions. Finally, there is the all permission section, which are the permissions given to people who aren’t the owner of the file and aren’t in the file’s group.

So, a file with all it’s permissions (rwx for user, group, and all) would be -rwxrwxrwx.

Changing File Permissions[#]


We can change the permissions of a file using the chmod command. The most common example is making a file executable. This is done very often even for basic Linux users if you have to run some script from the Internet (which you shouldn’t be doing anyways, always read and understand the script first). Anyway, you can make a file executable with this command:

chmod +x file

# `file` is now executable
./file

There are similar looking commands for giving certain user the read and write command as well, but I prefer the old fashioned way of just specifying the file mask manually in octal.

Very simple: octal is a base 8 number system, so from 0 to 7. It can be represented by 3 bits: so something like 111 would equal 7, right, because the first bit from the right is 1, second bit is 2, and third bit is 4 (they increase by powers of 2, that’s how binary works).

So, internally, Unix systems are representing these file permissions with 3 octal digits. And we can give this form as the argument to chmod. This is best explained through example:

# Give all permissions to a file
chmod 777 file

# Executable to all users
chmod 111 file

# Writable to all users
chmod 222 file

# Readable for all users
chmod 444 file

# The permissions from the previous example, read+write for user, read for everyone else
chmod 644 file

If you still don’t get it try it yourself, checking the permissions with ls -l after each permission change.

Also recall that each file has a user and group associated with it. Intuitively, the command chown (change owner) is used to change the user that owns the file, and the command chgrp (change group) is used to change the group associated with the file.

Directories[#]


WORK IN PROGRESS

Special Bits[#]


WORK IN PROGRESS

Masks[#]


They set the default file permissions bits.


Home Top


Site Licensing Site last updated: 2024-06-08