CIS120 Book

CIS120 Linux Fundamentals by Scott Shaper

Linux Permissions

Think of Linux permissions like a security system for your files and folders. Just like how you might have different keys for different rooms in your house, Linux uses permissions to control who can access and modify your files. Understanding permissions helps you keep your work safe and share it with others when needed.

Quick Reference

Permission Type	What It Does	Common Use
Read (r)	View file contents	Opening files, listing directories
Write (w)	Modify contents	Editing files, creating/deleting files
Execute (x)	Run programs/scripts	Running commands, accessing directories

When to Use Permissions

When you need to protect your files from others
When you want to share files with specific people
When you need to run scripts or programs
When you want to control who can modify your work
When you need to organize group projects

Understanding Permission Types

Think of permissions like different levels of access to a room:

Permission	What It Does	Real-World Example
Read (r)	View file contents	Like having a window to look into a room
Write (w)	Modify contents	Like having a key to enter and change things
Execute (x)	Run programs/scripts	Like having permission to use equipment in the room

User Categories

Think of user categories like different groups of people who might need access to your files:

Category	Who It Includes	Example
Owner (u)	You, the file creator	Like being the owner of a house
Group (g)	Users in the same group	Like family members sharing a house
Others (o)	Everyone else	Like visitors or guests

Assigning a Document or Folder to a Group

In the basic permission system, every file and folder has one owner and one group. The group is the set of users who get the "group" permissions (the middle set of rwx in ls -l). You don't assign a file to "multiple groups" in the traditional sense—you choose which single group owns it, then set what that group can do.

How to assign a file or folder to a group:

Change the group owner with chgrp (change group, shown later in this chapter). Only the file owner or an administrator can do this.

Changing the group of a file or folder

# Assign report.pdf to the group "biology101"
chgrp biology101 report.pdf

# Assign a whole folder (and optionally its contents) to a group
chgrp biology101 project_folder/

# To change the group of the folder and everything inside it, use -R (recursive)
chgrp -R biology101 project_folder/

After you run chgrp, the file or folder is "owned" by that group. Everyone in biology101 then gets whatever permissions you set for the group (e.g. with chmod g+rw project_folder). If you need a different group to have access later, run chgrp again with the new group name—the file can only have one group at a time in this basic model.

What if more than one group needs access?

Sometimes you want several groups to use the same file or folder (for example, both "biology101" and "tas" for a shared handout). In the basic permission system you can only set one group per file. What you can do is create a shared group that contains everyone who should have access (e.g. "course_staff"), assign the file to that group with chgrp, and give that group the right permissions. Everyone in the group gets the same access.

In short: use chgrp to assign a document or folder to a single group; set the group’s permissions with chmod; and if more than one group needs access, use one shared group.

Viewing Permissions

You can see permissions using the ls -l command. Let's break down what you see:

Example Output

$ ls -l
-rwxr-xr-- 1 user group  4096 Jul 10 14:55 file.txt

Let's break this down:

-rwxr-xr-- - The permission string (we'll explain this below)
1 - Number of hard links
user - Owner of the file
group - Group that owns the file
4096 - File size in bytes
Jul 10 14:55 - Last modified date/time
file.txt - File name

Understanding Permission Strings

Let's decode the permission string -rwxr-xr--:

Position	Meaning	Example
1st character	File type (- for file, d for directory)	`-` means it's a file
2nd-4th characters	Owner permissions	`rwx` means owner can read, write, and execute
5th-7th characters	Group permissions	`r-x` means group can read and execute
8th-10th characters	Others' permissions	`r--` means others can only read

Numeric Permissions

Numeric permissions in Linux use a three-digit number system (like 755 or 644) to represent file permissions. Each digit represents a different user category (owner, group, others) and is calculated by adding up the values of individual permissions:

Read (r) = 4
Write (w) = 2
Execute (x) = 1

To understand how this works, let's break it down:

First Digit (Owner): Controls what the file owner can do
Second Digit (Group): Controls what group members can do
Third Digit (Others): Controls what everyone else can do

For example, the number 7 (4+2+1) means full permissions (read, write, execute). Here's how to calculate common permission numbers:

Number	Calculation	Permissions	What It Means
7	4+2+1	rwx	Full access (read, write, execute)
6	4+2	rw-	Can read and modify, but not execute
5	4+1	r-x	Can read and execute, but not modify
4	4	r--	Read only access
3	2+1	-wx	Can write and execute, but not read
2	2	-w-	Write only access
1	1	--x	Execute only access
0	0	---	No access at all

When you see a three-digit number like 755, it means:

First digit (7): Owner has full access (4+2+1 = read, write, execute)
Second digit (5): Group can read and execute (4+1)
Third digit (5): Others can read and execute (4+1)

This system makes it easy to set permissions with a single command. For example, chmod 755 file.txt sets the permissions to rwxr-xr-x in one step.

Common Numeric Permission Examples

# 755: Owner has full access, others can read and execute
# rwxr-xr-x
chmod 755 script.sh

# 644: Owner can read and write, others can only read
# rw-r--r--
chmod 644 document.txt

# 750: Owner has full access, group can read and execute, others have no access
# rwxr-x---
chmod 750 private/

# 600: Only owner can read and write
# rw-------
chmod 600 secret.txt

Symbolic Mode

Think of symbolic mode like using simple words to set permissions. You can use letters to specify who gets what permissions:

Part	What It Means	Example
u (user)	File owner	You
g (group)	Group members	Your project team
o (others)	Everyone else	Other students
a (all)	All users	Everyone

You can use these operators to change permissions:

Operator	What It Does	Example
+	Add permission	Add execute permission
-	Remove permission	Remove write permission
=	Set exact permissions	Set read and write only

Symbolic Mode Examples

# Add execute permission for owner
chmod u+x script.sh

# Remove write permission from group
chmod g-w document.txt

# Set read and write for others
chmod o=rw shared.txt

# Add execute for all users
chmod a+x program

# Set read and execute for group and others
chmod go=rx file.txt

Tips for Success

Always check permissions before trying to access files
Use ls -l to see current permissions
Remember that directories need execute permission to be entered
Start with restrictive permissions and add more as needed
Use groups to manage permissions for multiple users

Common Mistakes to Avoid

Giving too many permissions (especially execute)
Forgetting to set directory permissions
Not checking group membership
Using 777 permissions (too open)
Not understanding the difference between file and directory permissions

Best Practices

Use the principle of least privilege (give only needed permissions)
Regularly review and update permissions
Use groups for collaborative projects
Document permission changes
Test permissions after changing them

Practical Examples

Common Permission Scenarios

# Check current permissions
ls -l

# See permissions for a specific file
ls -l file.txt

# See permissions for a directory
ls -ld directory/

# Check your own permissions
ls -l ~/myfile.txt

# Check group permissions
ls -l /group/project/