Home » Linux » Managing file permissions in Linux Operating System

Managing file permissions in Linux Operating System

Update on:
Apr 28, 2021

We have created users and groups. In this recipe, you will work with default file permissions for users and groups, as well as see how to modify those permissions.

Getting ready

Create two users, user1 and user2. Create new group editor and add user1 and user2 as members.

How to do it…

Follow these steps to manage file permissions, follow these steps:

To change groups for files and directories:

Log in with user1.

Create a new directory documents under home:

[et_pb_dmb_code_snippet code=”dXNlcjFAdWJ1bnR1On4kIG1rZGlyIGRvY3VtZW50cw==” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjFAdWJ1bnR1On4kIG1rZGlyIGRvY3VtZW50cw==[/et_pb_dmb_code_snippet]

Create a text file under documents:

[et_pb_dmb_code_snippet code=”dXNlcjFAdWJ1bnR1On4kIGVjaG8gImhlbGxvIHdvcmxkIj4gZG9jdW1lbnRzL2ZpbGUudHh0″ _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjFAdWJ1bnR1On4kIGVjaG8gImhlbGxvIHdvcmxkIj4gZG9jdW1lbnRzL2ZpbGUudHh0[/et_pb_dmb_code_snippet]

Now log in with user2:

[et_pb_dmb_code_snippet code=”dXNlcjFAdWJ1bnR1On4kIHN1IHVzZXIy” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjFAdWJ1bnR1On4kIHN1IHVzZXIy[/et_pb_dmb_code_snippet]

Try to edit the same text file. It should say Permission denied:

[et_pb_dmb_code_snippet code=”dXNlcjJAdWJ1bnR1Oi9ob21lL3VzZXIxJCBlY2hvICJoZWxsbyBhZ2FpbiI+ZG9jdW1lbnRzL2ZpbGUudHh0″ _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjJAdWJ1bnR1Oi9ob21lL3VzZXIxJCBlY2hvICJoZWxsbyBhZ2FpbiI+ZG9jdW1lbnRzL2ZpbGUudHh0[/et_pb_dmb_code_snippet]

log in as user1 and change the group of documents to editor:

[et_pb_dmb_code_snippet code=”dXNlcjFAdWJ1bnR1On4kIGNoZ3JwIC1SIGVkaXRvciBkb2N1bWVudHM=” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjFAdWJ1bnR1On4kIGNoZ3JwIC1SIGVkaXRvciBkb2N1bWVudHM=[/et_pb_dmb_code_snippet]

Switch to user2 and try editing the same file. Now it should work:

To set permissions with chmod, follow these steps:

Create simple shell script with the following command:

[et_pb_dmb_code_snippet code=”JCBlY2hvICdlY2hvICJIZWxsbyBXb3JsZCEhIic+IGhlbGxvLnNo” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBlY2hvICdlY2hvICJIZWxsbyBXb3JsZCEhIic+IGhlbGxvLnNo[/et_pb_dmb_code_snippet]

Execute a shell script with the following command:

[et_pb_dmb_code_snippet code=”JCAuL2hlbGxvLnNo” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCAuL2hlbGxvLnNo[/et_pb_dmb_code_snippet]

Set executable permission to hello.sh with the following command:

[et_pb_dmb_code_snippet code=”JCBjaG1vZCB1K3ggaGVsbG8uc2g=” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBjaG1vZCB1K3ggaGVsbG8uc2g=[/et_pb_dmb_code_snippet]

Check new permission with the following command:

[et_pb_dmb_code_snippet code=”JCBscyAtbA==” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBscyAtbA==[/et_pb_dmb_code_snippet]

Execute hello.sh again.

To protect shared files with sticky bit, follow these steps:

Log in as user1 and set sticky bit for directory documents:

[et_pb_dmb_code_snippet code=”dXNlcjFAdWJ1bnR1On4kIGNobW9kICt0IGRvY3VtZW50cw==” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dXNlcjFAdWJ1bnR1On4kIGNobW9kICt0IGRvY3VtZW50cw==[/et_pb_dmb_code_snippet]

Log in as user2 and create a new file.

Try to delete any file under documents. It should fail.

How it works…

When you create a new file or directory in Ubuntu, the default permissions for files are read and write access to owner and owner’s private group, along with read, write, and execute access for directories. You can check the default setting with umask -S.

In our example, we have user1 and user2. Both of them are members of the editor group. When user1 creates a file, the default permissions are limited to user1 and its private group (user1) named after the user account. This is the reason user2 sees Permission denied on editing file. By changing the group of documents to editor we allow all members of editor to read and write to files in documents.

With the chmod command, we can set permissions at a more granular level. In our example of hello.sh, we have set the executable permission for hello.sh. Similarly, we can set read permission as follows:

[et_pb_dmb_code_snippet code=”JGNobW9kICtyIGZpbGVuYW1l” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNobW9kICtyIGZpbGVuYW1l[/et_pb_dmb_code_snippet]

To set write permission, use the following command:

[et_pb_dmb_code_snippet code=”JGNobW9kICt3IGZpbGVuYW1l” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNobW9kICt3IGZpbGVuYW1l[/et_pb_dmb_code_snippet]

You can set more selective permissions with additional parameters before mode expression as follows:

[et_pb_dmb_code_snippet code=”JGNobW9kIHVnbyt4IGZpbGVuYW1l” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNobW9kIHVnbyt4IGZpbGVuYW1l[/et_pb_dmb_code_snippet]

Here, u sets the permission for user, g for group, and o for all others.

To remove permissions, replace + with -. For example, $chmod o-w filename. Alternatively, you can use the Octal format to specify permissions:

[et_pb_dmb_code_snippet code=”JGNobW9kIDc3NyBmaWxlbmFtZQ==” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNobW9kIDc3NyBmaWxlbmFtZQ==[/et_pb_dmb_code_snippet]

This gives read, write, and execute permission to user group and others, whereas the command $chmod 600 filename gives set, read, and write permissions for owner and no permission to groups and others. In Octal format [777], the first bit is used for the user or owner of the file, the second bit is for group, and the third bit is for everyone else. Check out the following table for more information:

Notation Octal value Permissions
-|—|—|— 0|000|000|000 Regular files, no permissions
d|r–|r–|r– d|400|400|400 Directory, read permission to owner, group, and others
-|rw-|r–|r– -|644|644|644 Regular file, read and write permission to owner and read permission to group or others
-|rwx|rwx|rwx -|777|777|777 Regular file, all permissions to everyone

Finally, when you share files within a group of users, there are chances that someone deletes the file that is required by other users. Sticky bit can protect these file from deletion. When sticky bit is set, only the owner or a user with root privileges can delete a file.

You can set sticky bit with the command chmod as $chmod +t directoryName. Sticky bit is shown in long listing (ls -l) with symbol t or T. Additionally, sticky bit works only with directories and is ignored on ordinary files.

Many times when working as a root user, all files and directories created are owned by root. A non-root user can’t write to these directories or files. You can use the command chown to change the ownership of such files and assign them to respective users.

To change ownership of a file, use the following command:

[et_pb_dmb_code_snippet code=”JGNob3duIG5ld3VzZXIgZmlsZW5hbWU=” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNob3duIG5ld3VzZXIgZmlsZW5hbWU=[/et_pb_dmb_code_snippet]

To change the owner as well as the group of file, use the following command:

[et_pb_dmb_code_snippet code=”JGNob3duIG5ld3VzZXI6bmV3Z3JvdXAgZmlsZW5hbWU=” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNob3duIG5ld3VzZXI6bmV3Z3JvdXAgZmlsZW5hbWU=[/et_pb_dmb_code_snippet]

You can skip changing owner and change only the group with the following command:

[et_pb_dmb_code_snippet code=”JGNob3duIDpuZXdncm91cCBmaWxlbmFtZQ==” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JGNob3duIDpuZXdncm91cCBmaWxlbmFtZQ==[/et_pb_dmb_code_snippet]

Note that the chown command can only be used by users with root privileges.

Related Posts

Creating a lame utility HTTP server in Linux Operating System

In this article, we will discuss the cURL tool in Linux. The cURL tool is used for transferring the data from or to a server. It supports many protocols, and http is one of them. cURL is used to transfer the data from URL. It has so many tricks to offer, such as http...

Finding binary dependencies in Linux Operating System

In this article, we are going to check the executable. We will find out which string is present in it by using the string command.PrerequisitesBesides having a terminal open, make sure you have a binary present in your directory.Find dependencies First, we...

Capturing network traffic headlessly in Linux Operating System

In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.PrerequisitesBesides...

Follow Us

Our Communities

More on Linux

The Ultimate Managed Hosting Platform
Load WordPress Sites in as fast as 37ms!



Submit a Comment

Your email address will not be published.

17 + three =