Open in app

Sign in

Write

Sign in

File Permissions and Ownership in Linux

Ahmet Okan YILMAZ
6 min readMar 31, 2022

--

Linux is a multi-user operating system. There would be multiple users accessing the same system. This means that more than one user can work in this operating at the same time when the computer is attached to a network or Internet. But if any user could access and modify all files belonging to other users or system files, this would certainly be a security risk.

In this article, I want to talk about users, file permissions and file ownership.

Source: https://www.bitslovers.com/wp-content/uploads/2021/06/linux-file-permission.png

Users

Actually there is no difference between the system and regular users. Typically system users are created when installing the OS and new packages. In some cases, you can create a system user that will be used by some applications.

In order to list all users in Linux, use catcommand:

$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
....

Each line has seven fields. And these are separated by a colon.

  • Username: User login name used to login into the system. It should be between 1 to 32 characters long.
  • Password: User password stored in /etc/shadow file in encrypted format.
  • User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UID’s ranging from 1–99 are reserved for other predefined accounts. Further UID’s ranging from 100–999 are reserved for system accounts and groups.
  • Group ID (GID): Group Identification Number stored in the /etc/group file.
  • User Info: This field is optional and allows you to define extra information about the user.
  • Home Directory: The absolute location of the user’s home directory.
  • Shell: The absolute location of a user’s shell i.e. /bin/bash.

How to Create a New User in Linux

To create a new user account, invoke the useradd command followed by the name of the user. When executed without any option, useradd creates a new user account using the default settings specified in the /etc/default/useradd file.

$ sudo useradd username

Then you need to set the user password.

$ sudo passwd username

Once a new user is created, its entry is automatically added to the ‘/etc/passwd‘ file. The file is used to store the user’s information and the entry should be.

new_user:x:1000:1000:new_user:/home/new_user:/bin/bash

Use the -m flag to create the user home directory as /home/new_user

$ sudo useradd -m username

Linux Groups

The primary purpose of groups is to define a set of privileges such as reading, writing, or executing permission for a given resource that can be shared among the users within the group. There are two types of groups:

  • The Primary group: When a user creates a file, the file’s group is set to the user’s primary group.
  • Secondary group: Useful when you want to grant certain file permissions to a set of users who are members of the group.

To add an existing user to a secondary group, use the usermod -a -G command:

$ sudo usermod -a -G group1,group2 username

To change a user primary group, use the usermod command:

$ sudo usermod -g groupname username

File Permissions

All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.

Every file and directory on a Linux system is assigned 3 types of owner, given below:

User: A user is the owner of the file. By default, the person who created a file becomes its owner.

Group: A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file.

Other: Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file.

Three permission types exist in the Linux system: Read, Write and Execute.

Read: This permission is used to read any file or folder only. It is denoted by ‘r’.

Write: This permission is used to write, append, or override any file or folder. It is denoted by ‘w’.

Execute: This permission is used to execute any file only. It is denoted by ‘x’.

Viewing Permissions

To view the permissions for files and directories, use the ls -l commands.

# ls -l agatha.txt
-rwxrw-r-- 1 abhi itsfoss 457 Aug 10 11:55 agatha.txt
  • File type: Denotes the type of file. d means directory, — means regular file, l means a symbolic link.
  • Permissions: This field shows the permission set on a file. I’ll explain it in detail in the next section.
  • Hard link count: Shows if the file has hard links. Default count is one.
  • User: The user who owns the files.
  • Group: The group that has access to this file. Only one group can be the owner of a file at a time.
  • File size: Size of the file in bytes.
  • Modification time: The date and time the file was last modified.
  • Filename: Obviously, the name of the file or directory.

You see the file permission like this in the nine digit format:

rwxrw-r--

Permissions are always in the order of read, write and execute. And then these permissions are set for all three kind of owners in the order of User, Group and Other.

According to this picture, we can say that the file has read, write and execute permissions for the User, read and write permissions for the Group but not execute and only read permission for Other.

Change file permissions

You can use chmod command for changing the permissions on a file. There are two ways to use the chmod command:

  • Numeric mode
  • Symbolic mode

Numeric Mode

In the numericmode, permissions are represented in numeric form.

r = 4; w = 2; x = 1rwx — — = 111 000 000
rw- rw- rw- = 110 110 110
rwx rwx rwx = 111 111 111r– = 100 in binary = 4
r-x = 101 in binary = 5
rw- = 110 in binary = 6
rwx = 111 in binary = 7

The basic syntax is:

$ chmod mode file

A sample:

$ chmod 666 file.txt
-rw-rw-rw- 1 new_user new_user 457 Aug 10 11:55 file.txt

Symbolic mode

In symbolic mode, owners are denoted with the following symbols:

  • u = user owner
  • g = group owner
  • o = other
  • a = all (user + group + other)

The symbolic mode uses mathematical operators to perform the permission changes:

  • + for adding permissions
  • – for removing permissions
  • = for overriding existing permissions with new value

if you want to add execute permission for group owner, you can use chmod command like this:

$ chmod g+x file.txt
-rw-rwxrw- 1 new_user new_user 457 Aug 10 11:55 file.txt

You can also combine multiple permission changes in one command.

$ chmod o-rw+x,u+x file.txt
-rwxrwx--x 1 new_user new_user 457 Aug 10 11:55 file.txt

If you want to change the permissions for all three kinds of users at the same time, you can use it in the following command:

$ chmod a-x file.txt
-rw-rw---- 1 new_user new_user 457 Aug 10 11:55 file.txt

File Ownership

To change the ownership of a file, you can use the chown command.

chown new_user file

If you want to change the user as well as group:

chown new_user:new_group file

If you just want to change the group:

chown :new_group file
Data Engineering
Linux

--

--

Ahmet Okan YILMAZ
Ahmet Okan YILMAZ

Written by Ahmet Okan YILMAZ

179 Followers
79 Following

Industrial Engineer | Data Scientist | Factory Manager

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams