Linux files have 2 basic kinds of permissions:
- read, write, and execute (rwx) which control if a file can be read, written to, and run (executed).
- user and group permissions that control who owns the file and the group of people that have some sort of access to the file.
It’s this second set of permissions that this post covers.
Each file (or directory, which is just really a fancy file that stores information about files) has one owner. That owner has permissions (the read, write and execute kind) that are normally different from others who might have access to a file. An owner of a file can do anything with the file, including changing the permissions on the file (e.g. to give someone else access or revoke someone’s access to a file).
Files are also affected by group permissions. A group is simply a list of users. The simplest way to think of this is an office type environment where you might have different departments: accounting, sales, marketing. Within each of those departments you have staff (Bob, Betty, Billy, etc.). Bob might own a file that he wants to share with the accounting group. The simplest way Bob can do this is with the chown command:
sudo chown bob.accounting nextyearsbudget.odf
Chown changes the ownership of the file, in this case nextyearsbudget.odf, to the user bob (it’s already bob, but you could assign another person ownership), and the group accounting. The period separates the user ownership and the group access. If we listed the nextyearsbudget.odf in a terminal (ls -al nextyearsbudget.odf) we might see permissions like the following:
The first – identifies the file either as a (-) file, (d) directory or link (l). The next 3 letters, rwx, are the owner’s permissions. Without going into this too much in this case the owner has read, write and execute permission, but this is not always the case. The second set of three characters, rw-, show the group’s permission. In this case they can read and write to the file, but they cannot run the file. Lastly, the r– set of permissions indicates the permissions for all users other than the owner and those in the file’s group. Others can read the file, but not write to it (change it) or execute it. You can deny others permission to even view the file by removing the read permission using the chmod command:
chmod o-r nextyearsbudget.odf
Think of o as others, not owner. User, Group, Others, ugo are used in conjunction with the chmod command. So if you wanted to change both the user/owner’s permission and the group’s permission at the same time you’d type:
chmod ug+x nextyearsbudget.odf
In this case the user/owner already had +x (execute) permission, so all we’ve really done is give the group execute permission. If we listed the same file now we’d see it changed these permissions:
Again the first character is the type of file (-), the three characters after represent the user/owner’s permission, then the group permission, then the others’ permission. Notice the 7th character in has changed from a – to an x (execute) permission. More on permissions in the next post.