File permissions in Linux are required to restrict access to owners, groups and others. It secures the files and directories from unauthorized access. There are 3 types of file permissions:
Basic permission
Special permission
Access Control List (ACL permission)
Viewing Permissions
Check the file permission.
ubuntu@ip-172-31-93-3:~$ ls -al newfile_txt # Permission Link Owner GroupOwner FileSize Date Time Filename -rw-rw-r-- 1 ubuntu ubuntu 0 Mar 31 20:21 newfile_txtCheck the directory permission.
ubuntu@ip-172-31-93-3:~$ ls -ld dev # Permission Link Owner GroupOwner FileSize Date Time directoryName drwxrwxr-x 2 ubuntu ubuntu 4096 Mar 31 20:29 dev
Permission Groups/ Classes:
Owner (u) | Permissions are used for the owner of the file |
Group (g) | Permissions used by members of the group |
Other (o) | Permissions used by all other users |
Permission Types:
| Permission | Access to a file | Access to a directory |
| Read (r) | display file contents and copy the file | view the contents of the directory |
| Write (w) | modify the file contents | modify the contents of the directory |
| Execute (x) | execute the file if it is an executable allow | allow the use of the cd command to access the directory |
Permission with Numeric & Symbols :
| Number | Permission Type | Symbol |
| 0 | No Permission | - - - |
| 1 | Execute | - - x |
| 2 | Write | - w - |
| 3 | Execute + Write | - w x |
| 4 | Read | r - - |
| 5 | Read + Execute | r - x |
| 6 | Read + Write | r w - |
| 7 | Read + Write + Execute | r w x |
Change permissions of the file/folder :
Give execute permission to the owner/user
# [syntax: chmod u+<permission_type> <name of file or directory>] ubuntu@ip-172-31-93-3:~$ chmod u+x newfile_txtGive write and execute permissions to groups
# [syntax: chmod g+<permission_type> <name of file or directory>] ubuntu@ip-172-31-93-3:~$ chmod g+wx newfile_txtGive write permission to others
# [syntax: chmod o+<permission_type> <name of file or directory>] ubuntu@ip-172-31-93-3:~$ chmod o+w newfile_txtRemove execute permission of the owner/user
# [syntax: chmod u-<permission_type> <name of file or directory>] ubuntu@ip-172-31-81-146:~$ chmod u-x newfile_txtChange ownership of a file
# [syntax: chown <user_name> <name of file or directory>] ubuntu@ip-172-31-81-146:~$ chown steve newfile_txtChange group ownership
# [syntax: chown <group_name> <name of file or directory>] ubuntu@ip-172-31-81-146:~$ chgrp steve newfile_txtSet the permission with a numeric value of a file 'rwx' for a user, 'rw' for group, 'r' for others
# [syntax: chmod <numeric_permissions> <name of file or directory>] ubuntu@ip-172-31-81-146:~$ chmod 764 newfile_txtAccess Control List (ACL)
It provides an additional, more flexible permission mechanism for file systems. It is a service that provides special permissions to specific users and groups for particular directories and files.
Also, we can provide read-and-write access to a particular user that is not a member of the group created by you using ACL.
Check ACL permission
# [syntax: getfacl <name of file or directory>] ubuntu@ip-172-31-94-49:~$ getfacl newfile.txtSet ACL permission to the user
# [syntax: setfacl -m u:<user_name>:<permission_type> <name of file or directory>] ubuntu@ip-172-31-94-49:~$ setfacl -m u:steve:rwx newfile.txtSet ACL permission to group
# [syntax: setfacl -m g:<group_name>:<permission_type> <name of file or directory>] ubuntu@ip-172-31-94-49:~$ setfacl -m g:testgrp:rw newfile.txtRemove ACL permission of the user
# [syntax: setfacl -x u:<user_name> <name of file or directory>] ubuntu@ip-172-31-94-49:~$ setfacl -x u:steve newfile.txtRemove ACL permission from the group
# [syntax: setfacl -x g:<group_name> <name of file or directory>] ubuntu@ip-172-31-94-49:~$ setfacl -x g:testgrp newfile.txtRemove all ACL permissions
# [syntax: setfacl -b <name of file or directory>] ubuntu@ip-172-31-94-49:~$ setfacl -b newfile.txt