Linux File Permissions

On Unix and Linux systems, when you use the ls command, you may see lines similar to the following:

-rw-r--r-- 1 root root 5360 Jul 26 17:31 somefile01.txt
-rw------- 1 root root 1704 Jul 26 17:31 another002.pdf

What do the first ten chracters in each line mean? In the line -rw-r--r-- 1 root root, the first dash character indicates the file has no special permissions on it. If the entry was a directory rather than a file you would see a d instead of a dash. E.g.:

# ls -ld /var/www/html
drwxr-xr-x. 2 joe www-data 23 Mar 12 11:08 /var/www/html

The next 3 characters "rw-" on the first example indicate that the owner of the file can read and write to the file, but the file is not executable, i.e., it is not a program that you could run. If it was also executable, you would see "rwx" rather than "rw-".

The next 3 characters, "r--" indicate that any other accounts in the group for this file, which is "root", only have read access; since there are dashes where the "w" and "x" could appear, that indicates those permissions aren't granted to the file for the group. Each group has a unique group identifier that is found in /etc/group.

The following "r--" indicates that "others", i.e., accounts that aren't the owner and which aren't in the group that has access to this file have only read access. When you see "root root", The first "root" is the account that owns the file. The second "root" shows the group that applies to the file. The group doesn't necessarily have to be the same as the owner; they could be different. E.g., there could be a group named "test" that has root and the account jdoe in it. But in this case, the root account is likely the only account in the root group. You can see the groups on the system by issuing the command cat /etc/group You could set the permissions for another002.pdf to be the same as somefile01.txt with chmod 644 another002.pdf or chmod g+r,o+r another002.pdf. In the latter example you are adding read access for the group and read access for others, i.e., all accounts on the system.

For references, see Understanding Linux File Permissions and Linux Tutorial - 8. Permissions, which will explain why chmod 644 another002.pdf also works. But, basically you can think of the 3 positions in each grouping having a numeric value of 4 for the first position, 2 for the second position and 1 for the third position. So, if the permission is "rw-", you would have a total of 6. If it is "r--" you have a value of 4. If it was "rwx", you would have a total of 7. Those numbers apply to each grouping. So using 644 means that you have 6 for the owner (rw-), 4 for the group (r--) and 4 for all other accounts on the system (r--). But you can always use the chmod g+r,o+r another002.pdf format and not worry about how to set permissions numerically. For that format, using a plus sign adds the permission and using a minus sign removes the permission.

If you have a program, such as a Python script, which you wish to make executable, i.e., be able to run it from a shell prompt, you can add "execute" permissions to the file. E.g., suppose I have a Python script named The file has the following lines in it:

print "hello world"

The file has the following default permissions:

$ ls -l
-rw-rw-r--. 1 joe joe 39 Nov  1 12:02

I can run the script using python, but, because it isn't marked as executable, I can not run it by just typing ./ at the command line interface (CLI) - the ./ prior to the file name tells the system that I want to run a file in the current working directory.

$ python
hello world
$ ./
-bash: ./ Permission denied

But I can run it by just typing ./, if I add execute permissions to the file.

$ ls -l
-rw-rw-r--. 1 jim jim 38 Nov  1 12:13
$ chmod u+x
$ ./
hello world

If I wish to allow all accounts on the system to be able to run the script, I can use the command shown below:

$ chmod u+x,g+x,o+x
$ ls -l
-rwxrwxr-x. 1 joe joe 38 Nov  1 12:13



Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: Sunday November 1, 2015