6.5 The Unix permission system

Let us have a closer look at the file permissions.

Linux allows us to do pretty anything we want. This of course comes along with a lot of dangers - we might delete directories we didn’t intend to or uninstall essential programs that are needed for Linux to run. In addition, also malign user inputs (like viruses) can corrupt, change or remove crucial data. To prevent this, there is the Unix permission system that secures the filesystem. It divides authorization into two levels:

  1. Ownership
  2. Permission

6.5.1 Ownership

Every file and directory is assigned to three types of owners:

  1. User: The user is the owner of the file. By default, this is the person who created the file.

  2. Group: A group can contain multiple users. By default, the group has simply the same name as the user. However, imagine a project where a bunch of people need to access a file. Instead of manually assigning permissions to each user, we could add all users to a group, and then give group permissions to the file, such that all users of this group have the same permissions.

  3. Other: Any other user who has access to the file. This person is neither user nor part of the group. Essentially, this boils down to “everybody else”.

6.5.2 Permissions

Linux defines permissions for each of the three owners described above. That way, Linux can e.g. allow me as a user to view my images, while preventing my colleague, who works on the same computer, to see them.

Every file and directory has the following three permissions defined:

  1. Read: The read permission allows us to open and read a file, as well as to list the content of a directory. This permission is abbreviated with an r.

  2. Write: The write permission allows us to modify the content of a file, as well as to add, remove or rename files in a directory. This permission is abbreviated with an w.

  3. Execute: The execute permission allows us - big surprise - to execute a file. This permission is abbreviated with an x.

6.5.3 Viewing permissions

With this knowledge in mind, let’s now inspect the first column from the ls -l command above.

This column encodes the permissions given to the user, group and others

  • The very first letter is the file type. The - implies that we have selected a file. A directory is encoded by a d.

  • The next three letters are the permissions for the user. In our example, rw- means that the user can read and write, but not execute the file.

  • The next three letters are the permissions for the group. As discussed above, Linux will by default add the user to a group with the same name as the user. Therefore, the group has by default also the same permissions as the user, in our example again rw-.

  • The last three letters are the permissions for the others. In our example, r-- means that the others can only read, but not write nor execute.