On a Linux filesystem, each file and directory has a set of information defining who can do what. The mechanism is simple, as well as powerful. The operations allowed on a file (or directory) are read, write, and execute (r, w, and x, respectively). These operations can be done by the owner of the file or directory, by a group of users, or by all users. Linux represents this information with Owner: rwx; Group: rwx; All Users: rwx; or, more simply: rwx-rwx-rwx (9 in total). Actually, Linux has one more flag on top of these ones that represents the type of file. It can be a folder (d), a symbolic link to another file (l), a regular file (-), a named pipe (p), a socket (s), a character device file (c), and a block device (b). Typical permissions for a file look like this:
root@90f5b4545a54:/# ls -l
-rwxr-xr-x 1 root root 13 May 8 20:11 conf.json
Let's see this in detail:
- Reading from the left-hand side, the first character, -, informs us that conf.json is a regular file.
- The next three characters are about the current user, rwx. The user has full read (r), write (w), and execution (x) permissions over the file.
- The next three chars are about the group to which the user belongs, r-x. All the users belonging to the group can read and execute the file, but cannot modify it (w is not selected, marked as -).
- The last three characters are about all the other users, r-x. All other users can just read and execute the file (r and x are marked, but w is not).
The owner (or the root user) can change the permissions of the file. The easiest way to achieve this is through the chmod command:
$ chmod g+w conf.json
Here, we're asking the Linux kernel to add the write permission (w) to the group user type (g). The types of users are as follows: u (for user), o (for others), a (for all), and g (for group), and the permissions flag can be x, w, and r, as explained previously. chmod can also accept an integer:
$ chmod 751 conf.json
There is a binary-to-decimal conversion on permission flags for each group type, for example:
wxr: 111 = 7
w-r: 101 = 5
--r: 001 = 1
It could be a little cryptic at the beginning, but it is very practical and handy for everyday use.