Mastering Linux File Permissions: A Practical Guide from Basics to Advanced

Technical Alley

Read time:

5 minutes

Remember to star our public account

Mastering Linux File Permissions: A Practical Guide from Basics to AdvancedIn Linux systems, managing file and directory permissions is crucial for ensuring system security. Whether it is to limit the operational scope of ordinary users or to ensure that critical files are not accidentally deleted, permission configuration plays an important role. This article guides you through the management of Linux permissions, from basic permission representation to special permission applications, and then to ACL fine control. It is suitable for beginners in operations and maintenance to quickly get started, and can also help experienced users fill in gaps.Mastering Linux File Permissions: A Practical Guide from Basics to Advanced

1. Permission Representation Methods

1. Viewing File and Directory Permissions

  • File permission example:
[root@localhost ~]# ls -l /etc/fstab - rw- r-- r--. 1 root root 465 Jul  5 13:51 /etc/fstab  Owner Group Others   Owner Group
  • Directory permission example (the first letter ‘d’ indicates a directory):
[root@localhost ~]# ls -ld /etc/drwxr-xr-x. 148 root root 8192 Jul  13 09:08 /etc/

2. General Permissions

  • Permission symbols and values: r (read, 4), w (write, 2), x (execute, 1)
  • For files:
    • r: view content (cat/head/tail, etc.)
    • w: modify content (vim, etc.)
    • x: execute scripts
  • For directories:
    • To view directory files, both r and x permissions are required
    • r: list directory contents (ls)
    • w: add/delete/modify files in the directory (touch/rm/mv)
    • x: change directory (cd)

2. Modifying File/Directory Permissions

1. Changing Owner and Group (chown)

# Format: chown username[.groupname] file[root@localhost ~]# chown zzj.caiwu /opt/test/1.txt  # Change both owner and group[root@localhost ~]# chown martin /opt/test/2.txt     # Change only owner

2. Changing Group (chgrp)

# Format: chgrp groupname file[root@localhost ~]# chgrp caiwu /opt/test/3.txt

3. Changing Permissions (chmod)

  • Symbolic method:<span>chmod {a/u/g/o}{+/-/=}{rwx} file</span>
    • a: all users; u: owner; g: group; o: others
[root@localhost ~]# chmod g+w /opt/test/1.txt       # Add write permission for group[root@localhost ~]# chmod g-rw,o+x /opt/test/1.txt  # Remove read/write for group, add execute for others
  • Numeric method:<span>chmod xxx file</span> (xxx is the sum of permission values)
[root@localhost ~]# chmod 600 /opt/test/2.txt  # Owner read/write, others no permissions (6=4+2)

3. facl: File Access Control List

Advantages

Allows for fine-grained permissions to be set for individual users or groups.

1. Setting Permissions

  • For a single user:<span>setfacl -m u:username:permissions file</span>
    [root@localhost ~]# setfacl -m u:user4:r /opt/test/file03
  • For a single group:<span>setfacl -m g:groupname:permissions file</span>

2. Viewing Permissions

[root@localhost ~]# getfacl /opt/test/file03# file: opt/test/file03# owner: user1# group: user3user::rw-user:user4:r--  # Additional user permissionsgroup::rwxmask::rwxother::r-x

3. Revoking Permissions

# Revoke user permissions[root@localhost ~]# setfacl -x u:martin /opt/test/file04# Revoke group permissions[root@localhost ~]# setfacl -x g:groupname /opt/test/file04

4. Special File Permissions

1. Special Permission Values

suid (4), sgid (2), sticky bit (1)

2. suid (for commands/scripts)

  • Function: Ordinary users temporarily gain owner permissions when executing commands
  • Example (the passwd command is by default with suid):
[root@localhost ~]# ls -l /usr/bin/passwd -rwsr-xr-x. 1 root root 27856 Apr  1 2020 /usr/bin/passwd
  • Add/Remove:<span>chmod u+s command</span> / <span>chmod u-s command</span>

3. sgid (for directories)

  • Function: New files in the directory automatically inherit the directory’s group
  • Add/Remove:<span>chmod g+s directory</span> / <span>chmod g-s directory</span>
[root@localhost ~]# chmod g+s /opt/linux/[root@localhost ~]# ls -ldh /opt/linux/drwxr-srwx. 2 root jishu 201 Jul  13 14:50 /opt/linux/

4. sticky bit (for directories)

  • Function: Prevent ordinary users from deleting each other’s files
  • Add/Remove:<span>chmod o+t directory</span> / <span>chmod o-t directory</span>
[root@localhost ~]# chmod o+t /opt/work/[root@localhost ~]# ls -ldh /opt/work/drwxrwxr-t. 2 root IT 50 Jul  13 14:58 /opt/work/

5. umask: Permission Mask

Function

Determines the default permissions for newly created files/directories.

1. Viewing umask Value

[root@localhost ~]# umask
  • Root default 0022: file permissions 666-022=644; directory 777-022=755
  • Ordinary user default 0002: file 666-002=664; directory 777-002=775

6. Batch Modifying Permissions (-R option)

Recursively modify permissions for directories and their contents:

[root@localhost ~]# chown -R martin.caiwu /opt/test/  # Recursively change owner and group[root@localhost ~]# chmod -R 755 /opt/test/           # Recursively change permissions

Mastering Linux File Permissions: A Practical Guide from Basics to Advanced

Leave a Comment