Linux is multi-user operating system that is based on unix concepts of file ownership and permission to provide filesystem level security. It is always good to understand various aspects of linux file ownership and permission that how it works and effect for linux processes to provide secure for user and group level for efficient filesystem permission.

In this post, we would try to view and understand Linux file ownership and permission.
linux_file_system_permission

Types of Permission

Before we understand permission on file and directory, we should understand the type of permissions and its significance.

Read
For a normal files, read permission allow a user or group to view content of files.
For a directory, read permission allow a user or group to view or copy the content of the directory.

Write
For a normal files, write permission allow a user or group to delete or modify files.
For a directory, write permission allow a user or group to delete, modify its content (creation, deletion, modification and renaming of content in it)

Excute
For a normal file, excute permission are required to run file as a script or as programe.
For a directory. execute permission are allow users or group to change directory (cd). It required entering the directory for work.

In Linux every file is owned by a user and group and primarily its permission also based on file ownership and group membership. Command used to see file permission is ‘ls’ command.Long list of ‘ls -l file-name’ command will show the detail of any file or directory.

Permission    Owner   Group     Size  Modify-date  File-name  
-----------  ------- -------   ------ ------------ -----------  
drwxrwxr-x 2 ssirohi ssirohi     4096 Apr  6 23:22 backup
-rw-r--r-- 1 ssirohi ssirohi   262232 Apr  6 23:21 expect-5.44.1.15-5.el6_4.x86_64.rpm
-rwxr-xr-x 1 ssirohi ssirohi      325 Apr  6 23:21 expect.sh
-rw-r--r-- 1 root    root           0 Apr  6 23:25 f1
-rw-r--r-- 1 root    root           0 Apr  6 23:25 f12
-rw-r--r-- 1 root    root    75890847 Apr  6 23:25 fedora_doker.tar.gz
drwxrwxr-x 2 ssirohi ssirohi     4096 Apr  6 23:18 http
-rw-r--r-- 1 ssirohi ssirohi      512 Apr  6 23:21 mbr.bin

Each file permission column contains permission for owner of file, group of file and others. we need to understand how permission displayed and effect those to its belongs.
As we can see above in permission tab, drwxrwxr-x Four type of infomration is stored in these Ten characters which could be described as below.

First character (d or -)
— First character is not actually permission value. This denotes file type,there are many file type. d for directory for normal file.

Next nine
— These represent the permission. First three for file owner, second three for file group owner and all others. Each value or characters indicates permission read, write and execute.

Each permission represents by single letter:
r — read permission
w — write permission
x — execute permission
This is alphabetic notation for permission. It is easy to understand, remember and widely used in Operating system. This way we can identify permission provided to onwer, group and other for file.
like an example, drwxrwxr-x means Directory has read, write and execute permission for owner and group. Other has only read and execute permission.

There is one more way to represent permission, this is numeric or octal notation. This method is easy to used for assigning permission for files and directories.
1 — execute permission
2 — write permisssion
4 — read permission
This notation is used by adding to provide permission for owner, group and others. Like an example, rwxrwxr-x could represent as 775. In this 7 permission for owner, 7 means 1+2+4 (read+write and execute) all permission.same way 7 for group and 5 for all others.

Changing permisssion for owner, group and others could be done with chmod command. Below are few examples.

chmod 740 /data
chmod 655 /backup
chmod u+x /root/mysql_script.sh
chmod u+x,go-rwx /data/backup_log_read.sh

Chmod could work on both ways Alphabetic and Numeric, numeric is easier one, just need to use three digit for permission for owner, group and others.

chmod 755 /var/lib/mysql
chmod 774 /var/ftp/pub/upload
chmod 700 /http_db

In above examples, it is quit clear how we could assign permission in a numeric way. It is easy to use and understand. only one digit is used per permission( one digit for owner, group and all oethers).Only three digit able to determine the complete set of permissions for file.

Second type is an Alphabetic type. In which we should understand many more things before using it with chmod
Each permission represents by a single letter:
r — read permission
w — write permission
x — execute permission

Onwer, Group and All Others represent ny single letter:
u — File owner
g — File group
0 — All Others

Permission assignation could done with following operators or actions:
+ — Addition of permission
– — removal of permission
= — assigination of permission

With this way, we could add, remove and assign permission for owner, Group and others with below way.

chmod +x script-file          -- add execute permission for globally(owner, group and others)
chmod u+rwx directory-path    -- add Read, write and execute permission for owner
chmod go-wx script-file       -- remove execute and write permission for group and others
chmod go=r script file        -- assign only read permission for group and others

In this post, I tried to cover various aspects for normal permission. I hope it was interesting for you. thanks for reading