In this article, we will have a look at the fundamentals of Linux permissions, describing their importance in the context of a VPS environment. We will shed light on the puzzling world of user privileges, file ownership, and access restrictions, providing you with the knowledge needed to safeguard your server and its data.
So, whether you are a web developer, a system administrator, or simply someone curious about the inner workings of VPS management, read on as we describe Linux permissions on your virtual server. By the end of this article, you will be well-equipped to navigate the labyrinth of permissions and confidently secure your VPS.
Understanding Linux File Permissions
As a system administrator, comprehending file permissions is related to understanding the language of control and access. Linux file permissions are your gatekeepers, dictating who can view, modify, or execute files and directories on your VPS. They are ensuring that only authorized entities can access your data and applications.
The Three Permission Types
At the heart of Linux file permissions are three fundamental attributes, each governing a specific facet of file access:
Read (r): This permission allows a user or group to view the contents of a file or list the contents of a directory. It is represented by the letter r in permission settings.
Write (w): The write permission empowers users or groups to modify the contents of a file or create and delete files within a directory. It is symbolized by the letter w.
Execute (x): Execute permission, represented by the letter x, grants the ability to run scripts or execute programs. Without this permission, executing programs or changing into directories is impossible.
The Three Permission Levels
In Linux, permissions are not granted universally; they are tailored for specific entities. There are three primary permission levels:
User (u): This level refers to the owner of the file or directory. The user can be the person who created the file or a designated user with specific access rights.
Group (g): Group permissions apply to a predefined set of users who share access to the file or directory. Groups are an efficient way to manage permissions for multiple users with similar needs.
Others (o): The “others” category includes everyone else who is neither the owner nor a member of the group associated with the file or directory. These permissions are the most open and typically apply to all users on the system.
Numeric and Symbolic Permission Representation
Linux permissions can be represented in two formats: numeric and symbolic notation.
Numeric Notation: In this format, each permission is assigned a numeric value. Read is represented by 4, write by 2, and execute by 1. These values are then summed to create a three-digit number, where the first digit represents user permissions, the second digit represents group permissions, and the third digit represents others. For example, a file with permissions of 644 would mean that the user has read and write access (4+2=6), while the group and others have only read access (4).
Symbolic Notation: Symbolic notation employs a combination of letters and symbols to represent permissions. r signifies read, w represents write, x means execute and ‘-’ meaning no permissions. These symbols are used with user, group, and others to set permissions. For instance, rw-r–r– translates to user=read+write, group=read, others=read.
In the next section, we will explore the practical applications of these permissions and take a closer look at umask.
Viewing File Permissions
To gain insight into the existing file permissions on your Linux VPS, you will need to harness a couple of trusty commands. Let us look at how you can use ls -l and stat to reveal the complex details of your files and directories.
Using the ls-command
The ls command, with the -l option, is your go-to tool for viewing file permissions in a user-friendly and human-readable format. Simply open your terminal and navigate to the directory containing the file or directory of interest. Then, execute the following command:
ls -l filename_or_directory
Replace filename_or_directory with the actual name of the file or directory you want to inspect. When you run this command, it will display a detailed listing that includes file permissions, ownership information, file size, modification date, and more.
The output will look something like this:
lrwxrwxrwx 1 root root 7 Aug 25 2021 filename
Here, the lrwxrwxrwx portion represents the file’s permissions in symbolic notation. The user and group values indicate the file’s owner and group, respectively.
For a better examination of file permissions and additional file information, you can utilize the stat command. This command provides a comprehensive overview of a file’s attributes.
To use stat, simply enter the following command:
Again, replace <filename_or_directory> with the actual name of the file or directory you wish to inspect. The output will present lots of information, including access, modification, and change times, in a structured format.
These commands will empower you to examine and understand the permissions of files and directories on your VPS, an essential skill for managing access and security effectively.
How to Use chmod to Modify Permissions
The chmod command is used to change file permissions. It allows you to set or modify the permissions for a file or directory using either symbolic notation or octal notation.
Symbolic Notation: This method uses letters (u, g, o, a) and symbols (+, -, =) to add or remove permissions.
|u||User (owner of the file)|
|g||Group (users who are in the same group as the file)|
|o||Others (everyone else)|
|a||All (a combination of u, g, and o)|
|+||Adds the specified permission|
|–||Removes the specified permission|
|=||Sets the specified permission and removes all others|
Example: To add write permission for the user and group and remove all permissions for others on a file named example.txt, you can use the following command:
chmod ug+w,o-rx example.txt
Octal Notation: This method uses three digits (0-7) to represent permissions for the owner, group, and others. Each digit corresponds to read (4), write (2), and execute (1) permissions.
|Digits (0-7)||Corresponding Permissions|
|3||Write + Execute (2+1)|
|5||Read + Execute (4+1)|
|6||Read + Write (4+2)|
|7||Read + Write + Execute (4+2+1)|
Example: To give read and write permissions to the owner, read-only permission to the group, and no permissions to others on a file named example.txt, you can use the following command:
chmod 640 example.txt
Understanding User and Group Ownership
Ownership plays a significant role in determining file and directory permissions. In this chapter, we will explore how ownership affects permissions and how to check file ownership using the ls -l command.
How Ownership Affects Permissions
In Unix-based systems, every file and directory is associated with two levels of ownership: user ownership and group ownership. Understanding these ownership levels is crucial because they directly influence who can access, modify, or execute a file or directory.
User Ownership: The user who creates a file or directory becomes its owner by default. This user has special privileges and can change the file’s permissions, read, write, and delete it, regardless of the permissions set for others.
Group Ownership: Each user on a Unix system belongs to one or more user groups. A file or directory can be assigned to a specific group. Users who are part of that group gain group ownership over the file or directory. Group ownership allows group members to access the file according to its group permissions.
How to Check File Ownership Using the ls -l Command
The ls command lists files and directories in a directory. When used with the -l option, it provides a detailed listing that includes ownership information. Here is how you can use it to check file ownership:
The output of this command will display information in a format like the following:
-rw-r--r-- 1 user1 group1 1234 Sep 6 10:00 file.txt
Here is a breakdown of what each column represents:
– -rw-r–r–: These characters represent the file’s permissions. The first character indicates the file type (in this case, a regular file), followed by three sets of permissions for the file owner, group owner, and others.
– 1: This number indicates the number of hard links to the file.
– user1: This is the name of the file owner.
– group1: This is the name of the group owner.
– 1234: This is the file size in bytes.
– Sep 6 10:00: This is the date and time of the last modification.
– file.txt: This is the file or directory name.
In the example above, user1 owns the file file.txt, and it is part of the group group1. The file’s permissions are rw-r–r–, which means that the owner has read and write permissions, but others can only read the file.
Changing File Ownership
Changing file ownership is an essential task, allowing you to transfer ownership of files and directories between users and groups. In the following chapter, we will explore how to change the owner and group of a file or directory using the chown and chgrp commands and provide code examples.
How to Change File Ownership using chown
The chown command changes the owner of a file or directory. It allows you to transfer ownership from one user to another. To use chown, you will need superuser (root) privileges or ownership of the file or directory.
If you want to learn more about the different users on a Linux server, check out our Practical Guide to Superuser Accounts, sudo & root.
The basic syntax for chown is as follows:
chown [new_owner:new_group] [file_or_directory]
– new_owner: The new owner’s username.
– new_group: The new group’s name (optional).
– file_or_directory: The file or directory whose ownership you want to change.
How to Change Group Ownership using chgrp
The chgrp command changes the group ownership of a file or directory. Like chown, you need superuser privileges or ownership of the file or directory to use chgrp.
The basic syntax for chgrp is as follows:
– new_group: The new group’s name.
– file_or_directory: The file or directory whose group ownership you want to change.
Code Examples for Changing Ownership
Here are some practical code examples for changing ownership of files and directories:
1. Changing File Ownership with chown:
To change the owner of a file named file.txt to a user named newuser, use the following command:
sudo chown newuser file.txt
To change both the owner and group ownership of the same file, use:
sudo chown newuser:newgroup file.txt
2. Changing Directory Ownership with chown:
To change the owner of a directory named mydir and all its contents to newuser, use the -R option for recursive ownership change:
sudo chown -R newuser mydir
3. Changing Group Ownership with chgrp:
To change the group ownership of a file named file.txt to a group named newgroup, use the following command:
sudo chgrp newgroup file.txt
4. Changing Group Ownership of a Directory with chgrp:
To change the group ownership of a directory named mydir and all its contents to newgroup, use the -R option for recursive group ownership change:
sudo chgrp -R newgroup mydir
Always remember to replace newuser and newgroup with the actual usernames and group names you want to assign. Additionally, use sudo to execute these commands with superuser privileges, as changing ownership typically requires elevated permissions. Be cautious when changing ownership, as it can have significant implications for access control and security on your system.