File Permissions in Linux

Note: Any time you change permissions (such as what groups a user belongs to, etc) while that user is logged in, the permission change will not take affect in the current session. The user will need to log out and log back in (or start a subshell with “su – username”) in order to get an environment with the changed permissions. The Administrator may optionally force (kick) those users off the system so that they will have to log back in to get the updated file permissions.

File Permissions

Lets take a directory listing:

[[email protected] /root]# ls -ltra
-rw-r--r--    1 root     root            0 Oct 12 07:51 testfile
lrwxrwxrwx    1 root     root            8 Oct 12 08:20 linktotestfile -> testfile

Notice the first column which has 10 entries “-rw-r–r–“. This should be divided out into 4 sections.

  1. 1st section – 1 character long
  2. Owner Permissions – 2nd section – 3 characters long
  3. This first set of rwx controls what the owner of the file can do with it.

  4. Group Permissions – 3rd section – 3 characters long
  5. This second set of rwx controls what the group users of the file can do with it.

  6. Other/Everyone Permissions – 4th section – 3 characters long
  7. This second set of rwx controls what all other users of the file can do with it.

What is rwx for files?

r = read (4)
w = write (2)
x = execute (1)

If an “r” shows in a field, then the users defined by that field are able to read the file.

If a “w” shows in a field, then the users defined by that field are able to write to the file.

If a “x” shows in a field, then the users defined by that field are able to execute that file.

How does rwx work on Files?

The following tests are run as follows: Create a new directory and set its permission to full control (0777). Create 8 new files with permissions as listed in the table. Then began performing the various actions and noting the results. The owner and group are set to root, I am testing as a non-root user.

File Permissions

Action r– -w- –x rw- r-x -wx rwx
read – cat file no yes no no yes yes no yes
write – ls /tmp >> file no no yes no yes no yes yes
write – ls /tmp > file no no yes no yes no yes yes
remove file yes* yes* yes yes* yes yes* yes yes
executing a script no no no no no yes no yes

remove file = yes* – These files gave a “rm: remove write-protected file ‘filename’?” error. Saying “yes” removes these files. Also performing a “rm -rf” file removes the file without any warning. The ability to remove a file is controlled at the directory level.

How does rwx work on Directories?

The following tests are run on 8 directories with permissions as listed in the table. Each of these directories contain 1 file each with full permissions (0777) on the file. The owner and group are set to root, I am testing as a non-root user.

Directory Permissions

Action r– -w- –x rw- r-x -wx rwx
cd into directory no no no yes no yes yes yes
ls directory no yes* no no yes* yes no yes
file name completion no yes no no yes yes no yes
create new file in dir. no no no no no no yes yes
read file in dir. no no no yes no yes yes yes
modify file in dir. no no no yes no yes yes yes
remove files no no no no no no yes yes
execute script no no no yes no yes yes yes

ls = yes* – Only the files are listed with error. No other file attributes are able to be listed. File name completion works in these cases as well.

Using the”file” Command

Strange way to use the sh Command

[[email protected] /root]# cat file-0774.txt | sh

File actually executes

Executing a script

8 directories with 8 scripts each were created. The 8 directories had the 8 different combinations of the permissions – so did each of the 8 scripts in each of the directories. 64 scripts in all. The following results were noted:

Directory/File permissions
0771/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0773/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0775/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0777/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0770/all: permission denied
0772/all: permission denied
0774/all: permission denied
0776/all: permission denied

denied* – All of these gave a strange error on 0771 and 0773 – seems like “r” on the file permission is required for execution

Executing a script by way of “cat script| sh”

8 directories with 8 scripts each were created. The 8 directories had the 8 different combinations of the permissions – so did each of the 8 scripts in each of the directories. 64 scripts in all. The following results were noted:

Directory/File
0771/0774 thru 0777 ran, 0770 thru 0773: permission denied
0773/0774 thru 0777 ran, 0770 thru 0773: permission denied
0775/0774 thru 0777 ran, 0770 thru 0773: permission denied
0777/0774 thru 0777 ran, 0770 thru 0773: permission denied
0770/all: permission denied
0772/all: permission denied
0774/all: permission denied
0776/all: permission denied

Leave a Comment