Understanding File Permissions Model

Linux file permissions are a fundamental element of the operating system’s security model. They regulate who can access a file or directory and what actions they can perform, protecting data integrity and privacy.

Every file and directory in Linux has associated permissions that define three types of access—read, write, and execute—for three categories of users: the file owner, the user's group, and others. Understanding this model is essential for managing security, collaboration, and system administration in Linux environments.

The Three User Categories

Linux controls file access by dividing users into distinct permission groups. Below are the three user categories that determine how files and directories can be accessed.

1. Owner (User): The individual who owns the file or directory. Usually, the creator is the owner. They typically have the most permissions.

2. Group: A set of users who share certain permissions for the file or directory. Groups facilitate collaborative workspaces.

3. Others (World): All other users who are not the owner or part of the group. Their permissions are usually the most restricted.

The Three Basic Permissions

Every file and directory in Linux is protected by a set of permission rules. Following are the three basic permissions used to manage access.

1. Read (r): Permission to view or read the contents of the file or list the contents of a directory.

2. Write (w): Permission to modify or delete the file or add/remove files in a directory.

3. Execute (x): Permission to run a file as a program or script, or to enter (cd into) a directory.

Permission Representation

Permissions are displayed in long listing format using ls -l command and look like this:

1. The first character indicates the type (- for file, d for directory).

2. The next three characters (rwx) are permissions for the owner.

3. The next three (r-x) are for the group.

4. The last three (r--) are for others.

In this example, the owner of the file has full permissions, allowing them to read, write, and execute it. Members of the group are permitted to read and execute the file but cannot modify it. All other users have the most restricted access and are allowed to read the file only.

Numeric (Octal) Representation

Permissions can also be represented numerically by summing values:

• Read = 4
• Write = 2
• Execute = 1

For example:

7 (4+2+1) means read, write, execute.

5 (4+0+1) means read and execute.

4 means read only.

A permission like 755 translates to:

• Owner: 7 (rwx)
• Group: 5 (r-x)
• Others: 5 (r-x)

Changing Permissions: chmod Command

chmod modifies file or directory permissions. Using symbolic mode, you can add, remove, or set permissions:

1. chmod u+x file: Adds execute permission to the owner.

2. chmod g-w file: Removes write permission from group.

3. chmod o=r file: Sets others permission to read only.

Using numeric mode, you can assign all permissions at once: chmod 755 file

Special Permissions

1. Setuid (s): Executes a file with the permissions of the file owner.

2. Setgid (s): Executes a file with the permissions of the file's group; for directories, new files inherit the group.

3. Sticky bit (t): Restricts deletion inside a directory to the file’s owner or root, commonly used for /tmp.

Viewing Ownership and Permissions

The command ls -l shows permission strings, ownership, and group affiliations:

Here, user is the owner and group is the owner’s group of the file file.txt.