Understanding Linux Permission Sets
Understanding Permission Sets
It’s all about control. Who gets to do what? In Linux, every file and directory has a set of permissions assigned to it. The permissions identifies “who can do what”. There are three categories of "who" (owner, group, and world). Each of these ownership types is given or denied three permissions. The three permissions are (read, write, and execute).
Basics Permissions (Read, Write, Execute) Ownership (Owner, Group, World) Identifying Permissions ls –l File Types (Normal, Directory) Changing permissions.(Symbolic) Group permissions (groupadd, chgrp) Advanced Permissions (SUID, SGID, Sticky bit) Ownership (Root, sudo) Defaults Permissions File Types Changing permissions (Octal) Managing permissions Finding special permissions
Basic Permissions
The three permission (read, write, and execute) have slightly different meanings depending on what object they are applied to. The two most common objects are files and directories. Below you can see how the permissions vary when applied to these two objects.
Ownership
There are three types of ownership:
- Owner - this is the ultimate user. The creator or current owner of the object. Also known as user.
- Group - this is an assigned membership. You need to be a member of the group to get it.
- World - this is everyone else. All the other guys. Also known as other.
Permission Sets provide security to your files and directories. You can either give or not give permissions. Permission Sets are made up of three triplets, each of which contains three characters. These three characters are "r" for read, "w" for write, and "x" for execute. A dash taking the place of any of those characters in the triplet means that the permission is denied. The first set of triplets represents the owner's(user's) permissions. The second set of triplets represents the group's permissions. The third set of triplets dictate the permissions for everyone else.
There are actually ten positions in a Permission Set. The tenth position is in front of the rest. It tells you the type of file that it is. It can be a dash(regular file), a "b"(block device), a "c"(character device), a "d"(directory), an "l"(link), or many others.