Engineer's Musings

File Permissions in Linux

January 31, 2019

Like all things in life, it doesn’t hurt to know how the thing works rather than blindly following instructions on StackOverflow/Google. For the longest time, I could never understand how file permissions work. But they’re rather simple. I’ll try to break it down to what the steps are.

  1. Three different types of access privileges

    For every file, there is:

    1. Read access(r) - Someone can read the file.
    2. Write access(w) - Someone can write to the file.
    3. Execution(x) - Someone can execute the file.

    We need to be able to describe that file with the 3 parameters. And it’s binary - yes someone can read the file, or no someone cannot read the file. In total, there are 3 bits to represent the 3 attributes, and most unix systems describe those attributes as rwx.

  2. Permissions for 3 different Groups

    So one file. Three attributes describing the privileges. Now we’re done right? Nah.

    There are three different types of groups/individuals who have access to the files. That’s how Linux is laid out.

    Category 1: Owner- The person who owns the file, most likely the person who created the file.

    Category 2: Group - There is a group that is attributed to that file.

    Category 3: Other - Everyone else.

    For each of them, we have to have 3 attributes - read, write, execute(rwx) for a total of 9 bits describing file permissions.

  1. Great. Now we’re almost there. Now a command that a novice user writes a lot(and in reality they shouldn’t) is chmod 777 . What does this mean?

    The number represents each category. The first 7 in the hundreds place(777) represents permissions for the owner, the second 777(tens) represents permissions for the group, and the third 777(ones) represent the other category.

    Recall back to how binary works. Each place represents a higher power of 2. Starting with 2^0, 2^1, 2^2, and so on.

    Here’s a picture for clarification: When you type Chmod 777, this means: Set the owner bits to add up to 7( 4 + 2 + 1). For this to happen you have to set the R bit to 1, W bit to 1, and X bit to 1. Similarly, if you did chmod 077, this means to set the owner bits to add up to zero(no one can read, write, or execute the file). Chmod 377 would mean allow write and execution privileges since 3 = 2 + 1, which is only possible when W bit is set to 1 and X is set to 1. This logic works for all three categories.

  2. Shortcuts: chmod u+x, instead of writing down the numbers manually, are labels to convert letters to the numerical values. In this case, it means allow user category an execution privilege.

It’s a simple, yet fascinating system.