For effective management of files, Linux decided to categorize authorization in two levels, which distinguishes how users of the system access files and directories. These two categories are ownership and permissions.
Every file created in the system is assigned to three types of owners; the user, group, and others. A created file is owned by the user who created it by default. A single group can also own the file, usually the primary group of the user or a supplementary group; which is only accessible by its members. All other users in the system can also own a file or directory. This type of users neither created the file or belonged to any of the groups in the system. This is more like setting the file and directory to be owned by everyone who has access to the system
In other to distinguish who owns and have access to a particular file among users, groups, and others, Linux decided to introduce permissions so that user “A” won't be able to have access to sensitive files of user “B.” This will, in turn, provide some level of security among Linux users.
The concept of permissions is crucial among Linux users, and it should be something worth understanding if you want to venture into Linux as an administrator. Here we will be discussing the effect of permissions on files and directories and how you can interpret permission on files and directories.
HOW PERMISSIONS AFFECT FILES AND DIRECTORIES
Every file in the Linux system has three categories of permissions set for the three types of owners (User, Group and Others). These are read, write, and execute permissions.
Unlike the Windows operating system, Linux Permissions are only applied to file and directories they are set on. The subdirectories or files in it do not automatically inherit permissions set on directories. Permission set on directories may prevent access to its content. So it is necessary to set separate permissions on files and subdirectories within a directory.
The root has full control over all files and directories in the system, but its access to files can also be restricted using SELinux policy. SELinux will be discussed later in subsequent articles
The following are the three types of permission used in restricting access among users and groups;
Read Permission: When read permission is set on files, the files can be opened, and its content can be read. When set on a directory, it permits to open the directory to see the filenames in the directory. The read permission on directories is similar to the list folder in Windows
Write Permission: When write permission is set on files, the content of the file can be modified. When set on directories, it gives the right to create, delete or rename files and subdirectories in the directory. Write permissions on a directory in Linux is similar to modify in Windows.
Execute permission: When execute permission is set on files. The file can’t be executed as commands. That’s to say if you have a bash script file whose execute permission is not set, that file can’t be executed as a command when called on. When execute permission is set on a directory, the content of the directory can be accessed, but that depends on the permission set on the files in the directory.
Please note that if a user has only the execute permission set on a directory, the user can not list the filenames of the files which resides that directory, but they can view the content of the file by explicitly specifying the filename of the file which they have permission to read
Most beginners find it difficult to understand this. So, I will be giving you a step by step practical guide and explanation of how it works
Forget about the command you see above; focus on the explanation. chmod command will be discussed in the subsequent article.
In the command, the root user has a directory called the farm and decided to set read and write permission for the user and group and only execute permission for others. Remember that user Henry is not the owner of the file; neither does the user belonging to the same group as the root. So user Henry belongs to others. You can see that the user was able to view the content of the file but unable to list the filenames that reside in that directory.
HOW TO VIEW FILE AND DIRECTORY PERMISSIONS AND OWNERSHIP
To view the permissions set on a file or directory, you used the ls command followed by –l option and filename for files or –ld option following by directory name for a directory.
This is the interpretation of the command above. The permission is set for users group and others. The user, group and others have only read (r) permission and no write (w) and execute (x) permission set for all three categories.
The next command displays the permission for a directory. The d in front of the permission signifies a directory. The permission shows the user and the group has read (r) and write (w) permission while others have only the execute permission
This is the first step understanding Linux file and directories permission. In the next article, we will discuss further how to set this file permissions on files using different methods.
Please remember that the root user has access to all files and directories regardless of the permission set. However, the root access can be restricted by the system’s SELinux policy. This will be discussed later.
RedHat System Administrator I Student Workbook