Linux/unix system permissions allow or prevent other users from viewing, modifying or executing any particular file.
Info! You should read this message.
View permissions with ls
The ouptut of ls -l will show the current permissions for files and folders:-rwxr--rw- 1 user user 0 Jan 19 12:59 file1.txt
The letters rwx stand for Read/Write/Execute permission. These rights are shown three times, first for the Owner, then the Group and lastly Others (world)
In the example above the Group permission is r-- so members of the group will have Read permission but not Write or Execute permission to file1.txt
Edit permissions with chmod
The command to modify permissions is chmod. There are two ways to modify permissions, with numbers or with letters. Using letters is easier to understand for most people. See the chmod page for more detail.
Some files are configured to have very restrictive permissions to prevent unauthorized access. Changing these permissions can create security problems.
To change or edit files that are owned by root, sudo chmod must be used. Note that changing permissions incorrectly can quickly make your system unusable! Please be careful when using sudo!
$ sudo chmod o+x /usr/local/bin/somefile
Recursive Permission Changes
chmod -R will change all the permissions of each file and folder under a specified directory at once.
$ chmod 777 -R /path/to/Dir
To assign reasonably secure permissions to files and folders/directories, it's common to give files a permission of 644, and directories a 755 permission, using the find command and a pipe we can target just files or just folders as in the following examples.
$ sudo find /path/to/Dir -type f -print0 | xargs -0 sudo chmod 644
$ sudo find /path/to/Dir -type d -print0 | xargs -0 sudo chmod 755
Again if using sudo be careful, in particular watch for extra spaces in your command/path.
Changing Ownership and Group membership
A file's owner can be changed using the chown command.
$ sudo chown kate file1.txt
A file's group can be changed using the chgrp or chown command.
$ sudo chgrp mygroup file1.txt
$ sudo chown :mygroup file1.txt
chown can also change the owner and group in a single command:
$ sudo chown tux:mygroup file1.txt
ACLs - Access control lists
Posix ACLs are a way of achieving a finer granularity of permissions than is possible with the standard Unix file permissions.
To enable Posix ACLs, install the acl package
$ sudo apt-get install acl
Documentation can then be found in the man pages for acl, setfacl, getfacl
The Sticky bit (t) will prevent users from altering or replacing any other user's files. Only the file owner and the superuser can remove files from that directory. All PUBLIC directories should be configured with sticky bit.
Unlike with file sticky bits, the sticky bit on directories remains there until the directory owner or superuser explicitly removes the directory or changes the permissions.
The sticky bit, together with the default umask of 077, solves a big problem for less secure systems. Together, both features prevent other users from altering or replacing any file you have in a public directory. The only information they can gain from the file is its name and attributes.
$ chmod u+t directory
Danger! You should read this message.