A Guide to Permissions in Ubuntu

Photo by FLY:D on Unsplash

A Guide to Permissions in Ubuntu

Permissions

  • As regular users, we do not have permission to write or even read every file on the machine.

  • For example, if I try to read the file /etc/sudoers using cat /etc/sudoers I get a "permission denied" message.

  • On Unix systems, a single user may be the owner of files and directories, meaning that they have control over their access.

  • You can view permissions by running ls -l

File Attributes

  • The weird looking 10 characters we see printed out first are the file attributes.

      -rw-rw-r--
    
  • These characters tell us the type of the file, the read, write, and execute permissions for the file's owner, the file's group owner, and everyone else.

  • The very first character indicates the type of the file. Some of the more common types and their corresponding attributes are:

    • - regular file

    • d directory

    • c character special file

    • l symbolic link

CharacterEffect On FilesEffect on Directories
rfile can be readdirectory's contents can be listed
wfile can be modifieddirectory's contents can be modified (create new files, rename files/folders) but only if the executable attribute is also set
xfile can be treated as a program to be executedallows a directory to be entered or "cd"ed into
-file cannot be read, modified, or executeddirectory contents cannot be shown, modified, or cd'ed into
  • In the example below we see that the file's owner has read and write permissions but NOT execute permissions. No one else has any access

      - rw- --- ---
    
  • In the example below, we see that the file's owner has read, write, AND execute permissions. No one else has any access

      - rwx --- ---
    
  • In the example below, we see that the file's owner has read, and write BUT NOT execute permissions. Members of the file's owner group can only read the file and everyone else can read the file too.

      - rw- r-- r--
    
  • In the example below, we see that the directory's owner and members of the owner group can enter the directory, rename, and remove files from within the directory

      d rwx rwx ---
    

Altering Permissions

chmod

  • To change the permissions of a file or directory, we can use the chmod command (change mode).

      chmod mode file
    
  • To use chmod to alter permissions, we need to tell it:

    • Who we are changing permissions for

    • What change are we making? Adding? Removing?

    • Which permissions are we setting?

  • When specifying permissions with chmod, we use a special syntax to write permission statements.

  • First, we specify the "who" using the following values:

    • u - user (the owner of the file)

    • g - group (members of the group the file belongs to)

    • o - others (the "world")

    • a - all of the above

  • Next, we tell chmod "what" we are doing using the following characters:

    • (minus sign) removes the permission

    • (plus sign) grants the permission

    • \= (equals sign) set a permission and removes others

  • Finally, the "which" values are:

    • r - the read permission

    • w - the write permission

    • x - the execute permission

    # Before : - rw- r-- r--
    chmod g+w file.txt
    # After : - rw- rw- r--

    # Before : - rw- rw- r--
    chmod a-w file.txt
    # After : - r-- r-- r--

    # Before : - rwx rwx r--
    chmod a=r file.txt
    # After : - r-- r-- r--

chmod Octals

  • chmod also supports another way of representing permission patterns: octal numbers (base 8). Each digit in an octal number represents 3 binary digits.

      chmod 755 file.txt # rwx r-x r-x
    

Root User

  • In Linux systems, there is a super user called root. The root user can run any command and access any file on the machine, regardless of the file's actual owner.

  • The root user has tons of power and could easily damage or even destroy the system by running the wrong commands!

  • For this reason, Ubuntu locks the root user by default.

sudo

  • Even if the root user is locked by default, we can still run specific commands as the root user by using the sudo command.

  • Individual users are granted an "allowed" list of commands they can run as the super user.

  • Run sudo -l to see the permitted commands for your particular user.

  • To run a command as the root user, prefix it with sudo. You will then need to enter the password for your account.

  • For example, to update Ubuntu, I would need to run apt update. However, I can't do this as my "regular" user, as it's something that impacts all users. Instead, I need to run the command as the root user using sudo apt update

  • If you run into permissions denied, prefix the command with sudo

Did you find this article valuable?

Support Mustafa's Blog by becoming a sponsor. Any amount is appreciated!