As a system administrator managing Linux servers, understanding file permissions and ownership is critical for security and access control. Permissions determine who can access files and directories and what operations they can perform. This article provides a detailed guide on how to check file permissions and ownership in Linux using both command line tools and graphical user interfaces.
Table of Contents
Introduction to File Permissions and Ownership
Every file and directory in a Linux system has an associated owner and group. The owner is generally the user who created that file or directory. The group allows assigning permissions to multiple users at once.
Additionally, there are three basic permissions in Linux – read, write, and execute, represented by letters r, w and x respectively:
- Read (r): View or copy file contents
- Write (w): Edit, delete or rename files
- Execute (x): Run a file as a script or program
These permissions can be independently set for the owner, group and all other users, also called “others”.
So a permission string like “rwxr-xr–” gives read, write and execute access to the owner, read and execute to group members, and only read to others.
Checking Permissions from Command Line
The most common way to view permissions of a file or directory is by using the ls -l command.
For example:
$ ls -l file.txt
-rw-r--r-- 1 john staff 1024 Jan 18 09:28 file.txtHere:
- First 10 characters show the permissions (-rw-r–r–)
- Next field is number of hardlinks (1)
- Then owner name (john)
- Then owner group (staff)
- Followed by file size, date and name
The first character indicates the file type:
-: Regular filed: Directoryl: Symlink
The next 9 characters represent the rwx permissions for owner, group and world.
Some key points:
- Use
ls -ldto show permissions of a directory itself ls -lalists all files including dotfiles- Long listing automatically when opening home folder in GUI file managers
Checking Permissions from GUI File Manager
Graphical file managers provide an interface to view and modify permissions without command line:
On GNOME or Ubuntu
- Right click file > Properties > Permissions tab
- Or sidebar > Information > Permissions
On KDE Plasma
- Right click file > Properties > Permissions tab
- Or sidebar > Information > Octal representation
The GUI shows rwx permissions for owner, group and others using more intuitive checkboxes. Additional access control lists (ACLs) can be viewed and edited as well.
Modifying File Permissions
The chmod command is used to change permissions from command line.
For example, to give execute right to all:
chmod +x fileSome useful options:
chmod 754 file– Set absolute rwx valuechmod o+w file– Add write to otherschmod g-rx file– Remove group read & executechmod -R– Apply recursively to directories
Graphical file managers also provide interface to change permissions easily.
Changing File Ownership
The owner or group for a file can be altered using chown and chgrp commands.
For example:
chown user file
chgrp group fileBy default only root can change ownership. Regular users can change group to one of their own secondary groups.
Graphical utilities like file managers also enable changing owner and group easily.
Checking Effect of Default Permissions
The default permission for newly created files depends on the umask value. This can be verified by:
umaskCommon umask values are 002 or 022 which cause new files to default to 775 or 755 permissions.
The umask can be temporarily set to verify behavior:
umask 027
touch testfile
ls -l testfile # => -rw-r----- Conclusion
Understanding ownerships and permissions is vital for security hardening of Linux systems. Misconfigurations often lead to data breaches and unauthorized access.
Use ls -l to routinely audit critical system files and server data. Set strict umasks, access control lists and use principle of least privilege to restrict damage from potential intrusions. Graphical tools provide convenience, but do learn the chmod, chown and chgrp commands well.
With practice, these concepts will become second nature and allow you to effectively control access to sensitive systems and data.
