Linux Permissions

This is a basic, quick and dirty article on linux permissions. At EZProvider all of our servers run some flavour of Linux for the Operating System.

What are permissions?

Linux uses permissions (technically, I guess the linux filesystem does) to manage who is allowed access to files and directories and what level of access they have.

If you were to login to your account using SSH, and typed “ls -la”, you would see a bunch of files, possibly looking like:

-rw-rw-rw- 1 test test 1024 May 8 22:08 index.htm

This output has a lot of info for you. It may look like a bunch of mumbo jumbo, but it’s pretty simple actually. Let’s break it down.

First, look at the “-rw-rw-rw-” part of the line. This is the permissions line, presented in “Symbolic Notation”. The first character in that 10 character string indicates the file type. The most common characters are “-“, which means it is a regular file and “d” which denotes a directory. Occasionally you will see an “l” which means the file is a symbolic link (which is a subject for a future article perhaps!).

Also note the “test test” section – the first “test” denotes the owner of the file, which is the “User”. The second “test” denotes the “Group”.

Next, we have “1024”. This is the file size, in bytes.

After that, we have the date & time the file was created or last modified “May 8 22:08”.

Finally, you have the filename – in this case “index.htm”.

Pretty simple, right?

Okay, so back to the “rw-rw-rw-“. There are three groups of three characters here. First, let’s explain the three groups:

User - shows what the owner of the file can do.
Group - shows what the group members can do.
Other - shows what everyone else can do.

Then you have the three characters for each group. These are:

"r" if the read bit is set, "-" if not set.
"w" if the write bit is set, "-" if not set.
"x" if the execute bit is set, "-" if not set.

You may occasionally see an “s”, “S”, “t” or “T” in place of the “x” but rarely. This has to do with the setuid, setgid and sticky bit and are another subject to be explained in a future article perhaps.

You will often see permissions referenced by their “Octal Notation”. This is a fancy way of stating the permissions using numbers. There are two common forms of “Octal Notation”, 3 digit and 4 digit.

In 3 digit octal notation, the first number represents the “User”, the second is the “Group” and the third is the “Other”. They are represented by the sum of their component bits (read, write and execute). Each component bit is represented by a number, like so:

Read = 4
Write = 2
Execute = 1

Thus, if someone told you to set your permissions to “755”, you could break it down to it’s Symbolic Notation by the following handy list:

1 = Execute permissions (--x)
2 = Write permissions (-w-)
3 = Write and Execute permissions (-wx)
4 = Read permissions (r--)
5 = Read and Execute permissions (r-x)
6 = Read and Write permissions (rw-)
7 = Read, Write and Execute permissions (rwx)

In this case, 755 permissions would translate to “rwxr-xr-x” in symbolic notation.

With 4 digit octal notation, if we took the previous example of “755” it would now be specified as “0755”.

The first number is again referencing the setuid, setgid and sticky bit while the remaining 3 numbers are the same as the 3 digit explanation above. In some cases, you will see cPanel using 4 digit octal notation – such as when you use the file manager. You can simply put in the 3 digit octal notation number or put a zero in front of your 3 digit permissions number and everything should run fine.

As a note, the following permissions are generally considered “safe”:

644 - for your .html/.htm/.php files
755 - for your directories, .pl and .cgi files

A file or directory with “777” permissions is generally considered not safe!

I hope you enjoyed this basic permissions primer article. Please know that this is just scratching the surface of permissions. For example the whole permissions thing is based on binary but I leave learning binary up to you! 🙂