Permissions

There are a lot of good security features built into Linux-based systems, one very important potential vulnerability can exist when local access is granted - that is file permission based issues resulting from a user not assigning the correct permissions to files and directories.

Here is an output from the ls -l command to see the file and directories permissions.

$ ls -l
total 56
drwxr-xr-x@  7 robin  staff    238  1 Oct 00:28 categories
-rw-r--r--@  1 robin  staff    411 16 Sep 22:50 desc.jade

The permissions string is illustrated in the following graph.

linux command - file permissions

Type - the first character ( -, d or | )

If you look at the permission string, the first character is used to indicate whether it is a Regular file by beginning with a -, or it will begin with a d if it is a Directory. Or an | if it is a Symbolic link.

SymbolType
- Regular file
dDirectory
| Symbolic link

Read, Write and Execute Characters ( r , w , and x )

The other characters that you encounter in the permissions string are r , w , and x . They represents the main types of permissions.

SymbolPermission
r Read
wWrite
xExecute

If you have a Read permissions to a file that means you can see its content. For example you can run cat against the file to see the file's content. If you have Write permissions to a file, you can modify its content. If you have Execute permission, you can run that file as a program.

Read, Write and Execute are fairly self explanatory when there applied to files. However, they have a slightly different meaning when they are applied to directories.

PermissionFileDirectory
Read (r) Allows a file to be read. Allows file names in the directory to be read.
Write (w)Allows a file to be modified. Allows entries to be modified within the directory.
Execute (x)Allows the execution of a file. Allows access to content and metadata for entries.

Permission Categories

There are categories of users that Read , Write and Execute permissions can be applied to. These categories are User , Group , Other and All . And like permission types, each one is represented by a single letter.

SymbolCategoriesMeaning
u UserRepresents the User that owns the file.
gGroupThe users that are in file's Group.
oOtherUsers that are not the owner or are not in the file's group are considered as Other.
aAllRepresents All, or everybody.

Group permissions and Changing permissions

You can run the groups command to displays what groups you are a member of. To change the group, you can run chgrp [groupname] [filename].

In addition, to change the permissions, you will need to use chmod command.

You can visit the following links for more details: