Permissions and Ownership

3 minute read

Overview

In Linux (and Unix systems in general), access to files and directories is controlled by a system of owners, groups, and permission bits. Changing these settings is necessary to control access by other users. The permission system also affects what files can be executed.

Ownership Levels

  • user (u) - User ownership of a file/directory. This user has the special right to change the permission bits and group ownership.
  • group (g) - Group ownership of a file/directory. Members of this group may be assigned greater access rights than non-members.
  • other (o) - Everyone else that isn’t the owning user or from the owning group.

Permission Bits

The elemental permissions in Linux/Unix are read, write, and execute. Users and groups can have one many, or none of these rights. Their meanings are as follows:

LetterNumberFileDirectory
Readr4View the contentsView the listings
Writew2Modify the contentsCreate a new file, or rename or delete existing files
Executex1Execute a program/scriptTraversal rights

Checking Permissions

Annotated output for ls -la:

---------- File type (d = directory, - = regular file, l = symlink)
|--------- User permission triplet
||  ------ Group permission triplet
||  |  --- Other permission triplet
||  |  |
||  |  |       [user] [group]
drwx-----x  61 username groupname   4096 Feb 24 16:39 ./
drwxr-xr-x 688 root   root       262144 Feb 24 11:05 ../
drwx------   2 username groupname   4096 Feb  2 22:45 .ssh/
drwxr-xr-x   5 username groupname   4096 Dec 12 15:57 Downloads/
drwxr-xr-x   2 username groupname   4096 Jan  9 16:29 bin/
-rw-------   1 username groupname   7960 Feb 23 18:37 .bash_history
-rw-r--r--   1 username groupname    306 Nov  3 15:08 .bashrc
-rw-r--r--   1 username groupname    677 Apr  8  2013 .profile
-rw-r--r--   1 username groupname    128 Nov 30 12:38 .tmux.conf
-rw-r--r--   1 username groupname  12126 Nov  2 13:14 .vimrc
lrwxrwxrwx   1 username groupname     23 Sep 12 10:49 bigdata -> /bigdata/groupname/username/
-rw-r--r--   1 username groupname   5657 Sep 19 11:31 bookmarks.html
lrwxrwxrwx   1 username groupname     23 Sep 12 10:49 shared -> /bigdata/groupname/shared/

Assign write and execute permissions to user and group

chmod ug+rx my_file

To remove all permissions from all three user groups

chmod ugo-rwx my_file
            # '+' causes the permissions selected to be added
            # '-' causes them to be removed
            # '=' causes them to be the only permissions that the file has.

chmod +rx public_html/ or $ chmod 755 public_html/ # Example for number system:

Change ownership

chown <user> <file or dir>         # changes user ownership
chgrp <group> <file or dir>        # changes group ownership
chown <user>:<group> <file or dir> # changes user & group ownership
Last modified July 8, 2021: added aliases from old site (9ab14f0)