In this post we are going to see how the file and folder permissions system works in a Linux-based operating system like Raspbian on Raspberry Pi.
We have already had many posts within the Raspberry Pi section aimed at seeing the fundamental management of the Linux operating system, which will allow us to tackle more advanced tutorials.
Getting used to the file and folder permissions system is another one of those things that, sooner or later, we will have to deal with in Linux since it is one of the main features of this operating system.
As we know, one of the strengths of Linux is its security. An important part of this security lies in its simple but robust permissions system. So it is important to understand and manage them with ease.
Show permissions in Linux
Each file and folder in Linux has an owner, a group of owners, and a set of permissions associated with each of these roles. We can verify the permissions simply by listing the files with this command
#Show permissions
ls -lh
For example, the file ‘hola.txt’ we see has:
-rw-r--r-- pi piThis means that the owner of the file is the user ‘pi’, and the group of users is ‘pi’.
On the other hand, the beginning of the line represents the permissions that the different user roles have on the file or folder.
- The first character is reserved for special permissions
- The next three, permissions of the owner user (u)
- The next three, permissions of the group owners (g)
- The last three, permissions of the rest of the users (o)
On the other hand, the characters of each of the role’s characters mean a permission, being,
- r: read
- w: write
- x: execute
Therefore, in the example, the permissions mean,
- : There are no special permissions
- rw- : Owner user can read and write
- r— : Group owner can read
- r— : Other users can read
Change owner
To change the owner user of a file or folder we use the ‘chown’ command (change owner)
#change file user
chown user fileWe can change the permissions of all the folders and subfolders of a directory recursively with the ‘-R’ parameter
#change user for all files in a directory
chown -R user directoryWe can also change the group owner of a file with the ‘chgrp’ (change group) command
#change file group
chgrp group fileFinally, we can change the user and group simultaneously with the following command.
#change user and group of file
chown user:group fileChange permissions
To change the permissions of a file we use the ‘chmod’ command. This command receives the different parameters
- Role, u (user) / g (group) /o (others)
- Action, + (add permissions) / - (remove permissions)
- Permission, r (read) / w (write) / x (execute)
So, for example, to give complete permissions for all roles we would use
## give complete permissions to all roles
chmod ugo+rwx file/directoryIf we want to apply the permissions to all the files in a directory and subdirectory, we use the ‘-R’ parameter.
For example, if we wanted to remove write and execute permissions from other users recursively, we would do,
## remove write and execute permissions from other users
chmod -R o-wx directoryOctal representation of permissions
Finally, it is also very common to work with the octal representation of permissions. In this representation, the same information is shown but grouped in 4 octal digits, where each octal groups the 3 permissions (r,w,x) of each user role.
- First octal, special permissions
- Second octal, owner user permissions
- Third octal, group owner permissions
- Fourth octal, other users permissions
The equivalence between the octal and the equivalent in r-w-x is as follows.
| OCTAL | R | W | X |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
| 1 | 0 | 0 | 1 |
| 2 | 0 | 1 | 0 |
| 3 | 0 | 1 | 1 |
| 4 | 1 | 0 | 0 |
| 5 | 1 | 0 | 1 |
| 6 | 1 | 1 | 0 |
| 7 | 1 | 1 | 1 |
With the octal representation, the ‘chmod’ command directly receives the desired permission, instead of adding them with ’+’ or ’-‘.
For example, to give total permissions to the owner user, and no permissions to the other roles we would do
#assign permissions 0700
chmod 700 file/directoryFor example, if we want to give total permissions to the owner user, read to the group owner, and none to the rest of the users, we would do
#assign permissions 0740 to file
chmod 740 directoryThat’s it for the permissions management topic. At first, it may seem cumbersome, but in reality, it is a very robust and simple system.
With a little practice, you will soon get the hang of it. See you in the next post. Bye for now!