1.3. Permissions
Let’s create a file using the touch command
$ touch myfile
Now do an ls -l on the directory
$ ls -l
-rw-r--r-- 1 dave admin 0 Feb 19 22:05 myfile
We have created an empty file, and as expected the first dash tells us that we have an ordinary file. You’ll find that most of your file creations will be for ordinary files and symbolic links (more on symbolic links later).
| User permissions | Group permissions | Other permissions |
| r w - | r - - | r - - |
The next three permission bits (rw-) are your permissions, the owner of the file. The following (r--) are the group permissions that you belong to, in this case the group admin. The last three (r--) are the rest of the world, or anybody else. My default group admin, of which I am a member, is also displayed. Let’s now look more closely at the file myfile, to see what the actual permissions mean.
| (first character) - | Ordinary file. |
| (next three characters) r w - | These are the owner permissions. |
| (next three characters) r - - | These are the groups. |
| (the last three characters) r - - | These are for anybody else. |
So each set of three characters (excluding the first) defines:
Permissions for the owner of the file.
Permissions of the default group you belong to (a user can belong to many groups).
Permissions for anybody else on the system.
For each of these sets we have the following set permissions.
| r | You can read this file. |
| w | You can write/amend this file. |
| x | You can execute this script or program. |
Or to display the permissions in another form for the file myfile:
| - | r w- | r-- | r- - |
| Type of file is ordinary | Owner can read and write | Group can read | Other can read |
You may have noticed that the file myfile wasn’t created with the execute permission for the owner, the system will not let you create any file with this permission bit set. This is due to the security enforced by the system. You have to change this manually: you’ll see why you don’t get execute permission when we deal with the umask command later. However, you can set the execute bit on directories, but these have a slightly different meaning, which we will discuss later as well.
Understanding all these permission bits can be a bit confusing, so let’s look at some examples (see Table 1.2).
To confuse you more, if the owner has only a read bit set, he can still write to it using file re-direction. Deleting a file is also dependent on the directory bits, as we shall see in a moment.
| Permission | What it means |
|---|---|
| r-- --- --- | The owner can read this, but cannot write or execute it. |
| r--r-- --- | The owner and the group (generally speaking the default group you belong to) can read it. |
| r-- r--r-- | Anybody can read this, but not write or execute it. |
| rwx r--r-- | The owner can read, write and execute it, anybody else can only read it. |
| rwx r-x--- | The owner can read, write and execute, the group can read and execute. |
| rwx r-x r-x | The owner can read, write and execute; both the group and anybody else can read and execute. |
| rw- rw- --- | The owner and group can read and write. |
| rw- rw- r-- | The owner and group can read and write, and anybody else can read. |
| rw- rw- rw- | The owner, group and anybody else can read and write. Caution should be used with this type of permission, as anybody can write to the file. |