Permissions & Ownership in Linux

Setting up proper permissions and ownership of files and directories is one of the most important tasks to do on any Linux server. It guarantees which user or which group have access (read, write, and execute) to which files and directories.

In this article, we will be going through the permissions available, what each one means, and how to set them up to allow specific users or groups to access a file.

Prerequisites

• A Linux system (I personally use Ubuntu 22.04)
• Root access on the Linux system

Ownership

We will first be going through creating users, groups, directories, and files, then explaining the ownership concept and how it works in our case.

Creating Some Users

Before we dive into the permission and ownership setting, we need some users. We basically have a total of 4 users, 2 of them should already exist and the other 2 need to be created:

• Root (built in)
• Your own user (mine is called hazem)
• Tester
• Not-Tester

You can create a user tester with their own home directory by running the below command as root:

useradd tester

We can also create the other user:

useradd not-tester

Joining Groups

Before we continue, we need to assign the correct users to the correct groups, you can check the table below for reference:

As you can see, the user hazem is assigned to the group tester, which will be used to demonstrate the permissions and ownership.

You can add the user to the specific group by running the below command as sudo:

usermod -a -G tester hazem

The above command appends (-a) the group tester (-G tester) to the user hazem.

We should now have the right user groups set for each user.

Creating a Shared Directory

The first step is to create a directory in a location that can be accessed by anyone with the right permissions. We will first access the system as root or run the commands as sudo. We can create a directory in the /opt path called tester:

sudo su
cd /opt
mkdir tester

We will then set the tester user and also the group tester as the owners:

chown tester tester/
chgrp tester tester/

We now switch to the tester user and start creating some files:

sudo su tester

Make sure you are in the correct directory:

cd /opt/tester

And now you can create a file to test permissions:

touch run.sh
echo "echo hello tester" > run.sh

Explanation

In the steps above, we did the following:

• Create users (tester and not-tester)
• Join groups (added group tester to user hazem)
• Creating a shared directory (shared between members of the group tester)
• Creating a file (titled run.sh inside /opt/tester)

From the tasks we completed in those steps, we have a better understand of ownership. Let us go through what basically happened:

First, we created the users and assigned the user hazem to the group tester. Now the user hazem can access files or directories that are accessible by the tester group. Second, we created a directory accessible by the tester group and created a file inside called run.sh.

The user hazem should be able to use the file run.sh that was created in the shared directory, right? Let us see.

Permissions

We will now be going through permissions in Linux, and how to utilize them in the system.

What are Permissions in Linux?

Files and Directories have 3 types of permissions:

• Read
  • Allows a user/group to read a file
• Write
  • Allows a user/group to write to a file
• Execute
  • Allows a user/group to run and execute a file

Each of the permissions has a number that refers to it:

When setting up the permissions to a file or directory, we can use a combination of these numbers, for example, we can add the permission 5 to refer to Write and Execute, or 7 to refer to Read, Write, and Execute.

The next thing we need to understand is how many permissions are actually set on a file.

File and directory permissions are assigned for three different categories of users:

1. User who owns file/directory
2. Group who owns file/directory
3. Other users in the system

We will continue where we left off previously to

Hands-on Example

If we run ls -l in the previously created /opt/tester folder, we should get this something like this:

-rw-r--r-- 1 tester tester 0 October  3 13:48 run.sh

The first nine characters are what refer to the permissions. While they are displayed as one, they stand for 4 different things:

• The first character -
  • This can be either a - or d. It defines whether the listed file is a directory or not
• The next 3 letters (char. 2 -> 4) rw-
  • These refer to the permissions assigned to this file that apply to the owner of it, which in our case is tester user.
  • With this combination of letters, we understand that this file can be Read and Written to by this owner, but not executed
• The next 3 letters (char. 5 -> 7) r--
  • These refer to the permissions that apply to the group that owns this file, which in our case is tester group
  • The users in the tester group can only Read this file
• The last 3 letters (char. 8 -> 10)
  • These refer to the permissions that apply to all other users in the system that are not in the tester group
  • The users in the tester group can only Read this file

Let us now try to change the permissions of the file.

Changing File Permissions

Let us start with defining which category of users should have which permissions. For the owner, he can do all actions: Read, Write, and Execute the file. For the group, the members should be able to Read the file and Execute it, but not Write to it. For other users in the system, they will have no permissions what so ever, so they should not be able to execute the file as well.

That means that the numerical display of the permissions will be 750 . All permissions for the owner (7), Read & Execute for the group members (5), and no permissions for others (0).

We can now change the permissions of the file, we just need to make sure we are signed in as the owner of it, which is the tester user, then we can run:

cd /opt/tester
chmod 750 ./run.sh

To confirm the new permissions, run ls-l:

-rwxr-x--- 1 tester tester 0 October  3 13:48 run.sh

We can now see that the owner can Read, Write, & Execute, while the team members can only Read & Execute, and other users cannot do anything (no permissions).

We can test this by signing into the user hazem

tester@ubuntu:/opt/tester$ exit

hazem@ubuntu:/opt/tester$

Now, if we attempt to run the file ./run.sh then it should execute fine. If we cat ./run.sh it will work fine. But if we attempt to write to the file, for example, using nano or vim, we won’t be able to edit it.

Open the file in nano, try to change the file content, and save the file, you should see the below error:

[ Error writing ./run.sh: Permission denied ]

Lastly, we could try to do anything with the file using the not-tester user. Switch to that user and try to execute the file:

not-tester@ubuntu:/opt/tester$ ./run.sh
bash: ./run.sh: Permission denied

We should see the same error if we try to read the file:

not-tester@ubuntu:/opt/tester$ ./run.sh
cat: ./run.sh: Permission denied

Explanation

In the steps above, we did the following:

• Understand what permissions are
• Who do permissions apply to
• Changed the permissions for the run.sh file
• Attempted to Read, Write, and Execute the file using different users

From the tasks we completed in those steps, we have a better understand of how permissions are applied, to which users, and what they mean.

Conclusion

Permissions and Ownership are (hopefully) topics that you have better understanding of. They are very important to understand for anyone using Linux, due to its impact on security.

Thank you for reading, hopefully you learned a thing or two from this article. See you in the next one!