Lesson 3.1: Understanding Permissions

In Linux, every file and directory has a set of permissions that control who can read, write, or execute it. Understanding these permissions is fundamental to working securely and effectively with Linux.

Real World Analogy: Think of file permissions like keys to different rooms in a building. Some people have keys to all rooms (owner), some have keys to specific rooms (group), and others can only look through windows (others).

Permission Types: The Three Pillars

Linux uses three basic permission types. Let's break them down:

Read Permission (r)

The read permission lets you:

For files: View the contents of the file
For directories: List what's inside the directory

Example: Reading a file

$ cat myfile.txt Hello, this is the content of my file!

This works because you have read permission on myfile.txt.

Write Permission (w)

The write permission lets you:

For files: Change or delete the file contents
For directories: Create, delete, or rename files within that directory

Example: Writing to a file

$ echo "New content" >> myfile.txt $ cat myfile.txt Hello, this is the content of my file! New content

This works because you have write permission on myfile.txt.

Execute Permission (x)

The execute permission lets you:

For files: Run the file as a program or script
For directories: Enter the directory (use cd to navigate into it)

Example: Running a script

$ ./myscript.sh Hello from my script!

This works because you have execute permission on myscript.sh.

Who Gets Permissions? The Three Categories

Permissions are assigned to three categories of users:

Owner (u)

The user who created the file. The owner typically has the most control over the file.

Group (g)

Users who belong to the same group as the file. Groups are useful for team collaboration.

Others (o)

Everyone else on the system who isn't the owner and isn't in the file's group.

Memory Tip: Think "UGO" - User (Owner), Group, Others. This is the order Linux always displays permissions.

Reading Permission Strings

When you use ls -l, you'll see permission strings like this:

$ ls -l -rw-r--r-- 1 valente students 1024 Dec 10 15:30 notes.txt drwxr-xr-x 2 valente students 4096 Dec 10 15:30 projects/ -rwxr-x--- 1 valente developers 512 Dec 10 15:30 script.sh

Let's break down -rw-r--r--:

- - File type (regular file)
rw- - Owner permissions (read, write, no execute)
r-- - Group permissions (read only)
r-- - Others permissions (read only)

File Types

The first character tells you the file type:

- - Regular file
d - Directory
l - Symbolic link
c - Character device
b - Block device

Permission Matrix

Here's a visual breakdown of how permissions work:

Category	Read (r)	Write (w)	Execute (x)
Owner	View file contents	Modify file	Run as program
Group	View file contents	Modify file	Run as program
Others	View file contents	Modify file	Run as program

Directory Permissions Are Special

Directory permissions work a bit differently than file permissions:

Read (r) on a directory lets you list its contents with ls
Write (w) on a directory lets you create, delete, and rename files within it
Execute (x) on a directory lets you enter it with cd

Important: You need execute permission on a directory to access anything inside it, even if you have read permission on the files within!

Directory Permission Example

$ ls -ld mydir drwxr-x--- 2 valente students 4096 Dec 10 15:30 mydir/

Breaking this down:

d - It's a directory
rwx - Owner can read, write, and enter the directory
r-x - Group members can list and enter, but not create files
--- - Others have no access at all

Common Permission Patterns

Here are some common permission patterns you'll encounter:

Files

644 (-rw-r--r--) - Normal text files (owner can read/write, others can read)
755 (-rwxr-xr-x) - Executable programs (everyone can execute)
600 (-rw-------) - Private files (only owner can read/write)
666 (-rw-rw-rw-) - Shared files (everyone can read/write)

Directories

755 (drwxr-xr-x) - Most directories (owner has full control, others can enter)
700 (drwx------) - Private directories (only owner can access)
777 (drwxrwxrwx) - World-writable (avoid this unless necessary!)

Security Warning: Never use 777 permissions unless absolutely necessary. It's a major security risk!

Checking Your Own Permissions

You can check what permissions you have on files with these commands:

$ ls -l myfile.txt # Check permissions -rw-r--r-- 1 valente students 1024 Dec 10 15:30 myfile.txt $ whoami # Check current user valente $ groups # Check your groups valente adm cdrom sudo dip plugdev lpadmin sambashare

What's Next?

Now that you understand how permissions work, it's time to learn how to change them! In the next lesson, we'll cover the chmod command and practice modifying permissions.

Practice with Permission Exercises

Key Takeaways

Linux has three permission types: read (r), write (w), and execute (x)
Permissions apply to three categories: owner (u), group (g), and others (o)
Directory permissions work differently than file permissions
Always use the most restrictive permissions that still allow necessary access
Use ls -l to view permissions and ls -ld for directory permissions