💭 Understanding Linux - File Permissions ✅ and Ownership 👨‍🦰

👉 Quick Intro 🔥

• Every file in Linux has few permissions for three roles - user, group & other

• Along with permission, every file has two owners, first is the user and the second is a group

👉 File Permissions 📄

• The file can have three types of permissions

  1. read (r) 📖

  2. write (w) ✍️

  3. execute (x) 🏃‍♂️

Whenever you run ls -l you see the permissions for each file at the start of line

This string has 🔟 characters and is available for each file, divided into 4️⃣ parts

• The first character represents what kind of file it is, d for directory files and - for normal files

• The next three parts are permission for each kind of role, user, group, and other

• In the above image, file1.sh has rw- for user, which means the user owner has read and write access but no execute access

• Similarly temp1 directory has rwx for a user, which means the user owner has all three access

👉 Changing Permissions 🫣

• To change permissions chmod command is used

• If you are a user or group owner of a file then no need to use sudo before chmod

There are two methods to change permissions of user, group & other. let's see

1. Symbolic Mode ➕➖🟰

   + represents add

   - represents remove

   + and - are useful to remove or add any permission for any role without affecting other permissions

   = is used to set the permissions

   = is useful if you want to override existing permissions for a specific role

   u for user

   g for group

   o for other

   a for all

   chmod u+x file --> Add execute permission for user

   see the below image there was no execute permission for the user earlier on aws.txt, but after executing this command user got execute permission

   

   chmod g-w file1 file2 --> Remove write permission for group two files

   Multiple files can be provided in the command

   

   chmod o+wx file --> Add write and execute permission for others

   One or more permissions can be given at a time

   

   chmod u+r,g-x file --> Add read for a user, Remove execute for group

   Multiple roles with multiple permissions can be given at the same time

   

   chmod u+rx-w,g-r+w --> Add read and execute, remove write for user & remove read and add write for group

   Complex commands are also possible

   

   chmod a+x --> Add execute for all three roles

   

   chmod u=w file --> Remove read and execute, add write for a user

   

   chmod g=r,o=wx file --> Remove write, execute & add read for group and remove read & add write, execute for others

   

   chmod a=rwx file --> Give all permissions to all role

   

2. Numeric Mode (0️⃣to7️⃣)

   The digits from 0 to 7 represent different combinations of permissions

   This will override the existing permissions for other roles as well

   just remember which number denotes what permission

   

   chmod 205 file --> 2 (write) for user, 0 (no) for group, 5 (read & execute) for other

   

   chmod 350 file --> 3 (write & execute) for user, 5 (read & execute) for other, 0 (no) for user

   

   chmod 777 file --> All permissions for all roles

   

👉 File Ownership 👤👥

• To change permissions chown command is used

• If you are a user or group owner of a file then no need to use sudo before chown

There are two types of owners for each file

1. User Owner

2. Group Owner

Whenever you run ls -l you can see the owner for each file in the 3rd and 4th columns i.e user owner & group owner

👉 Changing Ownership 🫣

• To change ownership chown & chgrp command is used

1. Change user owner 👤

   chown <username/UID> file --> Change user owner using username or UID

   chown <username/UID> file1 file2 --> Change user owner for multiple files

   

   

   \==> 1001 is the UID of user1, you can find it in /etc/passwd

   

2. Change group owner 👥

   sudo chown :<groupname/GID> file --> Change group owner using group name or GID

   Multiple files can be given in the command

   

   

   sudo chgrp <groupname/GID> file --> Change group owner using group name or GID

   Multiple files can be given in the command

   

   

3. Change both owners 👤👥

   sudo chown <username/UID>:<groupname/GID> file --> Change both owners

   Multiple files can be provided in the command

   Any combination of ID and name works

   

👉 Special File Permissions ✨

Other than read, write execute there are three special file permissions

1. SUID (set-user-id) 🆔

• In Linux by default when a user executes the file, the file gets executed by the name of the user who executes it

• If we set SUID on that file, then no matter who executes the file, it always gets executed by the name of the user owner

• Set SUID

  sudo chmod u+s file --> Set SUID only for user owner

  

  sudo chmod 4xxx file --> Set SUID along with other permissions for the user owner

  

  \==> In numeric mode, '4' at beginning represents SUID

  sudo chmod u-s file --> Remove SUID for user owner

  

  NOTE:- If a file has both 'x' and SUID then it is represented as 'S' otherwise 's'

1. SGID (set-group-id) 🆔

   • In Linux by default when a user creates a file inside the directory, the file gets the group owner same as the user's default group

   • If we set SGID on the directory, then no matter who creates the file inside that directory, it always gets the group owner same as the directory group owner

   • Set SGID

     sudo chmod g+s file --> Set SUID only for group owner

     

     sudo chmod 2xxx file --> Set SUID with other permissions for group owner

     

     \==> In numeric mode, '2' at beginning represents SGID

     sudo chmod g-s file --> Remove SGID for group owner

     

     NOTE:- If file has both 'x' and SGID then it is represented as 's' otherwise 'S'

If you look at above image, SGID is not set on directory, so after creating file inside it, the group owner is same as the primary group of one who created it

If you look at above image, after setting SGID on directory, when file is created inside it, the group owner is same as of group owner of directory

1. Sticky Bit ⛔

   If sticky bit is set on directory, then files inside that directory can only be deleted by user owner of file, owner of directory or root user.

   This is useful to prevent users from deleting other user’s file inside a shared directory, where everyone has read, write, and execute access on that directory.

   sudo chmod +t directory --> Set sticky bit on directory

   

   NOTE:- If file has both 'x' and sticky bit then it is represented as 't' otherwise 'T'

   There is file inside the sharedFolder, now login using some other user and try to delete that file, it wont allow you to delete it, if sticky bit was not set then any user could have deleted it

   

   sudo chmod -t directory --> Remove sticky bit from directory

   

   Happy Learning !!! 👋