# Permissions
### **Understanding Linux File Permissions**
Each file and directory in Linux has an associated **owner**, **group**, and **others**. The permissions define who can do what.
#### **Permission Structure**
Each file has three permission types:
| Symbol | Permission | Numeric Value | Description |
| ------ | ---------- | ------------- | --------------------- |
| `r` | Read | `4` | View file contents |
| `w` | Write | `2` | Modify file contents |
| `x` | Execute | `1` | Run file as a program |
These permissions apply to three categories:
| Symbol | Category | Description |
| ------ | -------- | ------------------------- |
| `u` | User | The owner of the file |
| `g` | Group | Users in the file’s group |
| `o` | Others | All other users |
#### **Example: Viewing File Permissions**
Run the `ls -l` command to see file permissions.
```bash
bashCopyEditls -l
```
Example output:
```
csharpCopyEdit-rwxr-xr-- 1 user group 1234 Jan 1 12:00 script.sh
```
**Breaking Down the Output**
```
csharpCopyEdit-rwxr-xr-- 1 user group 1234 Jan 1 12:00 script.sh
```
* `-rwxr-xr--` → **Permissions**
* `1` → **Number of hard links**
* `user` → **Owner of the file**
* `group` → **Group of the file**
* `1234` → **File size (in bytes)**
* `Jan 1 12:00` → **Last modified date**
* `script.sh` → **Filename**
**Explaining the Permissions (`-rwxr-xr--`)**
| Character | Meaning |
| --------- | ----------------------------------------- |
| `-` | Regular file (`d` for directories) |
| `rwx` | Owner (User) can read, write, and execute |
| `r-x` | Group can read and execute, but not write |
| `r--` | Others can only read |
***
### **Changing File Permissions**
#### **Using `chmod` (Change Mode)**
**Symbolic Method**
To **add**, **remove**, or **set** permissions using letters:
```bash
bashCopyEditchmod u+x script.sh # Add execute (x) for the user (u)
chmod g-w script.sh # Remove write (w) for the group (g)
chmod o=r script.sh # Set read-only for others (o)
```
**Numeric Method**
Each permission set is represented by a **3-digit number**:
* **rwx = 7** (`4+2+1`)
* **rw- = 6** (`4+2`)
* **r-- = 4** (`4`)
Example:
```bash
bashCopyEditchmod 755 script.sh
```
#### **Breakdown of `755`**
| User | Group | Others |
| ----- | ----- | ------ |
| `7` | `5` | `5` |
| `rwx` | `r-x` | `r-x` |
***
### **Changing Ownership**
Use `chown` to change file **owner** and `chgrp` to change file **group**.
```bash
bashCopyEditchown newuser script.sh # Change owner
chgrp newgroup script.sh # Change group
chown newuser:newgroup script.sh # Change both owner and group
```
***
### **Directory Permissions**
Permissions work similarly for directories:
* `r` → List files (`ls`)
* `w` → Create/delete files
* `x` → Enter the directory (`cd`)
Example:
```bash
bashCopyEditls -ld mydir
drwxr-x--- 1 user group 4096 Jan 1 12:00 mydir
```
To allow everyone to enter:
```bash
bashCopyEditchmod o+x mydir
```
***
### **Special Permissions**
| Symbol | Name | Used On | Description |
| ------ | -------------- | ----------- | ------------------------------------ |
| `s` | **SetUID** | Files | Run file as the owner |
| `s` | **SetGID** | Files/Dirs | Run file as the group; inherit group |
| `t` | **Sticky Bit** | Directories | Only the owner can delete files |
Example:
```bash
bashCopyEditchmod u+s script.sh # SetUID (User runs as file owner)
chmod g+s shared_dir # SetGID (New files inherit group)
chmod +t /tmp # Sticky Bit (Only owner can delete files)
```
***
### **Visual Representation of Linux Permissions**
```
pgsqlCopyEditOwner Group Others
rwx r-x r--
```
#### **Permission Breakdown Example**
```
makefileCopyEditFile: script.sh
Permissions: -rwxr-xr--
```
```
pgsqlCopyEditUser : rwx (read, write, execute)
Group : r-x (read, execute)
Others: r-- (read)
```
#### **Illustration of Numeric Representation**
```
luaCopyEdit7 5 4
rwx r-x r--
```
| Mode | User (Owner) | Group | Others |
| ----- | ------------ | ----- | ------ |
| `777` | rwx | rwx | rwx |
| `755` | rwx | r-x | r-x |
| `644` | rw- | r-- | r-- |
***
### **A Real-World Example**
#### **Scenario: Securing a Web Directory**
Let's say you have a web directory in `/var/www/html` and want:
* The **owner** (`www-data`) to have full control (`rwx`).
* The **group** (`developers`) to read and write (`rw-`).
* **Others** should only read (`r--`).
Commands:
```bash
bashCopyEditchown www-data:developers /var/www/html
chmod 775 /var/www/html
```
#### **Final Permissions**
```
cssCopyEditdrwxrwxr-x www-data developers /var/www/html
```
***
### Sources
ChatGPT helped with some of the examples, and thanks to the [Linux Foundation](https://www.linuxfoundation.org/blog/blog/classic-sysadmin-understanding-linux-file-permissions) for helping with tables and examples.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://bob-johns-book.gitbook.io/cyber-security-hand-book/linux/getting-started-with-linux/permissions.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
