UNIX/Linux Permissions
September 21 2005I'm often approached by people with questions about Linux file permissions. The easy solution to everyones problem is just to tell them "type in chmod 2775" or whatever. But in the spirit of the old saying "Give a man a fish, feed him for a day, teach a man to fish, feed him for life" I'm putting together an easy cheat sheet. I hope someone finds it useful.
All Unix/Linux Permissions are based on octal (8-base) numbers. These numbers can be combined to represent read, write and execute permissions for a file and/or directory. These same numbers are also used to represent special permissions such as set user id, set group id and the ever famous sticky bit. I'm going to try to break them down into simple definitions the way that I have come to understand them.
File Permissions
Files are handled quite simply as what can be read, written to or executed. Here is the common breakdown used to define these controls.
| action | bit | description |
|---|---|---|
| read | 4 | File contents can be read |
| write | 2 | File can be overwritten or created |
| exec | 1 | File can be executed |
| - | 0 | All types of access are denied |
Directory Permissions
Directories use the same permissions that files do, but their meanings are slightly different. After all, a directory can't really be executed like a file can, but it can browsed.
| action | bit | description |
|---|---|---|
| read | 4 | Directory listing can be obtained |
| write | 2 | Directory contents can be changed; files can be created, deleted and/or renamed |
| exec | 1 | Directory can be accessed; make it the current working directory |
| - | 0 | All types of access are denied |
Special Bits
And last but not least, the special permissions. These are for actions beyond the scope of simple read, write and execute controls. Most people tend to gloss over this section but don't, because they're really not that difficult. In some instances this lesson can make the difference between a user and an administrator.
| action | bit | description |
|---|---|---|
| suid | 4 |
Gives any user the same level of execution as the owner of the file Note: If the "user" column is already executable the permission will be represented by "s" instead of "x", otherwise it will be represented by "S" |
| sgid | 2 |
Gives any user the same level of execution as the group of the owner of the file Note: If the "group" column is already executable the permission will be represented by "s" instead of "x", otherwise it will be represented by "S" |
| sticky | 1 |
Prevents any user from deleting a file from a directory that they are not the original owner of Note: If the "other" column is already executable the permission will be represented by "t" instead of "x", otherwise it will be represented by "T" |
| - | 0 | All special bits are cleared |
Permission Combinations
Now that you know what the values are and what they mean you need to know how they're combined to form permission values. This is really simple because there's only one way to create each value. I'm using the terms for files and directories in this example, but the numbers are the same as they are for the special permissions just change the definitions for 1, 2 and 4 to see what I mean.
| bit | formula | result |
|---|---|---|
| 0 | 0 | no access |
| 1 | 1 | execute |
| 2 | 2 | write |
| 3 | 2 + 1 | write + execute |
| 4 | 4 | read |
| 5 | 4 + 1 | read + execute |
| 6 | 4 + 2 | read + write |
| 7 | 4 + 2 + 1 | read + write + execute |
Use what you've learned
That's basically it, now you can combine these numbers together to change the way that a permission applies to any file or directory (assuming that you have the priveleges to do so). Just remember that the order of the numbers are important. The chmod command accepts four digits, but the first digit (special permission) is optional. So the four digits are for special, user, group and other (in that order) with special being optional. You can use this worksheet to practice with.
| user | group | other | ||||||
|---|---|---|---|---|---|---|---|---|
| r | w | x | r | w | s | r | - | x |
Happy permission changing!