A Linux system may have many users with login accounts. To maintain privacy and security, most users can access only some files on the system, not all. This access control is embodied in two questions:
- Who has permission?
Every file and directory has an owner who has permission to do anything with it. Typically the user who created a file is its owner, but relationships can be more complex.
Additionally, a predefined group of users may have permission to access a file. Groups are defined by the system administrator and are covered in Group Management.
Finally, a file or directory can be opened to all users with login accounts on the system. You’ll also see this set of users called the world or simply other.
- What kind of permission is granted?
File owners, groups, and the world may each have permission to read, write (modify), and execute (run) particular files. Permissions also extend to directories, which users may read (access files within the directory), write (create and delete files within the directory), and execute (enter the directory with
cd).
To see the ownership and permissions of a file, run:
$ ls -l myfile -rw-r--r-- 1 smith smith 7384 Jan 04 22:40 myfile
To see the ownership and permissions of a directory, run:
$ ls -ld dirname drwxr-x--- 3 smith smith 4096 Jan 08 15:02 dirname
In the output, the file permissions are the 10 leftmost
characters, a string of r (read),
w (write), x (execute), other letters, and dashes. For
example:
-rwxr-x---
Here’s what these letters and symbols mean.
|
Position |
Meaning |
|---|---|
|
1 |
File type: |
|
2–4 |
Read, write, and execute permissions for the file’s owner |
|
5–7 |
Read, write, and execute permissions for the file’s group |
|
8–10 |
Read, write, and execute permissions for all other users |
So our example -rwxr-x---
means a file that can be read, written, and executed by the owner,
read and executed by the group, and not accessed at all by the rest of
the world. We describe ls in more
detail in Basic File Operations. To change the
owner, group ownership, or permissions of a file, use the chown, chgrp, and chmod commands, respectively, as described
in File Properties.