DEV Community

Cover image for Understanding file access permissions in Unix-like systems
Adavize
Adavize

Posted on

Understanding file access permissions in Unix-like systems

Before we jump right in, allow me to test your knowledge on this topic. Take a look at this list below, Can you confidently interpret the file access permissions on each line?

drwxr-xr-x   7 user1  group3   224 Jun 10  2022 nodejs-tutorials
-rw-rw-r--   3 user1  group1    96 Nov 25 00:25 hello_world.txt
drwxr--r--  20 user3  group2   640 Oct 23 18:56 docker-notes
lrwxr-xr--   3 user1  group2    96 Sep 12 10:58 repos
-rwxr-xr-x  11 user2  group1   352 Oct  5 11:42 main.sh
Enter fullscreen mode Exit fullscreen mode

If your answer is "NO," then this article is for you. Here, Together, we will explore the concept of file access permissions, including its composition, various access levels, how to grant user and group access to a file, and more. By the end, you should have a comprehensive understanding of this topic.

BTW, the strange looking characters at the beginning of each line are called 'permission bits'. They are a set of flags in a Unix-like operating system that define the access rights of a file or directory.

So what is file access permission?

File access permissions refer to the rules and settings that determines who can perform specific actions (such as reading, writing, or executing) on a file or directory within a computer's file system.

It shouldn't be surprising that at the core of file access permissions are files, permissions and access levels. So let let us take a look at each aspect:

Files

Files are categorised into several types based on their characteristics and usage. They include:

  • Regular file: These are the most common type of files that contain data, such as texts, images, or programs. In Unix based file systems, files are represented by the '-' character
  • Directory: These files contain lists of other files and directories. They are represented by the 'd' character
  • Symbolic link or symlink: These are links or references to existing files or directories. They allow you to create a link to a target file or directory from another location in the file system. Symbolic links are represented by the 'l' character

Permissions

Every file or directory that exists in a system has permission and access level depending on the desired need. Permissions for a file can be one of or a combination of read, write and execute:

  • Read permission allows reading a file's contents and listing a directory's contents, respectively. It is represented by the letter 'r'
  • Write permission allows for the modification of a fileโ€™s contents and creating, deleting, and renaming files within a directory. Write permission is represented by the letter 'w'
  • Execute permission allows executing the file if it is a program or script and accessing a directory. It is represented by the letter 'x'

Access levels

Each permission 'read' 'write' 'execute' can be controlled within three(3) access levels of user, group and others;

  • User represents the owner of the file or directory
  • Group represents a collection of users associated with the file or directory
  • Others represents every other user in the system who are not the owner and also do not belong to the group associated with that file or directory

This diagram below breaks down permission bits, illustrating how file type is presented and how permissions are represented for each access level

diagram showing the breakdown of permission bits

  • The first letter in this case the letter 'd' represents the file type which is a directory
  • The next 3 characters represent permissions for the user or owner of the file
  • The following 3 characters in green represent the members of the associated group
  • The last 3 characters represent permissions for others who do not own the directory or are not members of the associated group

Now that you understand the composition of permission bits, let us apply this new found knowledge to the example we saw earlier. I added some comments explaining each section:

# d: 'nodejs-tutorials' is a directory
# rwx: user/file owner(user1) has read, write and execute permission
# r-x: associated group(group3) has read and execute permission
# r-x: others have read and execute permission
drwxr-xr-x   7 user1  group3    224 Jun 10  2022 nodejs-tutorials

# -: 'hello_world.txt' is a regular file
# rw-: user/file owner(user1) has read, and write permission
# rw-: associated group(group1) has read and write permission
# r--: others have only read permission
-rw-rw-r--   3 user1  group1    96 Nov 25 00:25 hello_world.txt


# d: 'docker-notes' is a directory
# rwx: user/file owner(user3) has read, write, execute permission
# r--: associated group(group2) has only read permission
# r--: others have only read permission
drwxr--r--  20 user3  group2   640 Oct 23 18:56 docker-notes

# l: 'repos' is a symbolic link or symlink
# rwx: user/file owner(user1) has read, write and execute permission
# r-x: associated group(group2) has read and execute permission
# r--: others have only read permission
lrwxr-xr--   3 user1  group2    96 Sep 12 10:58 repos

# -: 'main.sh' is a regular file
# rwx: user/file owner(user2) has read, write and execute permission
# r-x: group(group1) has read and execute permission
# r-x: others have read and execute permission
-rwxr-xr-x  11 user2  group1   352 Oct  5 11:42 main.sh

Enter fullscreen mode Exit fullscreen mode

How to update file permissions

Changes to file permissions in a Unix-like system can be achieved using the chmod command. The chmod command expects 2 arguments: the [MODE] and the [FILE]

i.e $ chmod MODE FILE

The MODE can be specified using either symbolic or numeric representation but I will only be focusing on symbolic representation as it is easier to grasp and remember:

Examples

$ chmod u+x main.sh # gives execution permission to the user or file owner
$ chmod o-rw main.sh # removes read and write permission from other users
$ chmod g+w main.sh # gives write permission from the group
Enter fullscreen mode Exit fullscreen mode

What if we want to grant all 3 permissions to all access levels?

# This gives read, write, execute permission to the user, group and other users
$ chmod ugo+rwx main.sh
# The above can otherwise be written as:
$ chmod a+rwx main.sh
# 'a' which means all can be used to represent all access levels
Enter fullscreen mode Exit fullscreen mode

And that is it, hopefully this article turned out helpful and you are able to get a better understanding of file access permissions. If you found this helpful, let me know by liking, sharing and leaving comments.

Cheers!

Top comments (3)

Collapse
 
semo profile image
semo

Maybe it's out of scope. But at least you should mention SE Linux and that it may influence the permissions, regardless of what one set.

Collapse
 
somdev profile image
Somdev Das

Informative for me

Collapse
 
ize profile image
Adavize

Glad it is, thanks for the comment