File permissions under Linux are handled by three attributes: read, write, and execute, or RWX. While there are other permissions (some of which we will discuss later in this chapter), most interactions with regards to permissions will be handled by these three. Even though the names seem to speak for themselves, they behave differently with regards to (normal) files and directories. The following table should illustrate this:
Allows the user to see the contents of the file with any command that supports this, such as vim, nano, less, cat, and so on.
|
Permission |
On normal files |
On directories |
|
Read |
Allows the user to list the contents of the directory using the ls command. This will even list files in the directory on which the user has no other privileges! | Allows the user to list the contents of the directory using the ls command. This will even list files in directory on which the user has no other privileges! |
|
Write |
Allows the user to make changes to the file. | Allows the user to replace or delete files within the directory, even if the user has no direct permissions on that file. However, this does not include read permissions on all files within the directory! |
|
Execute |
Allows the user to execute the file. This is only relevant when the file is something that is supposed to be executed, such as a binary or script; otherwise, this attribute does nothing. | Allows the user to traverse into the directory by using cd. This is a separate permission from the listing of contents, but they are almost always used together; being able to list without being able to navigate into it (and vice versa) is mostly an ineffective configuration. |
This overview should provide a basis for the three different permissions. Please take a good look and see whether you can fully understand what is presented there.
Now, it's about to get a little more complicated. While these permissions on both files and directories show what can and cannot be done for a user, how does Linux deal with multiple users? How does Linux keep track of file ownership, and how are files shared by multiple users?