About Permissions

File ownership

The first important consideration is, who owns a file. In Linux, the owner will be a user that has a local user account on the system, while files will also be assigned to a group, making it a sort of double ownership, that allows for rather sophisticated permission setting.

To find the owner of a file, type the following into a terminal:

stat -c "%U %G" /path/to/file

which will return a result like

user group

For example, if I have a file /home/beowulf/somefile.txt, owned by the user beowulf, and the localusers group, the command, and its result, would look like this:

stat -c "%U %G" /home/beowulf/somefile.txt
beowulf localusers

There are numerous other ways to figure out a file's ownership information, the ls command being one of the most commonly used approaches. Even the stat command would have a lot more output if not the -c "%U %G" bit, which ensured that only the relevant information will be displayed. This is useful for demonstrative purposes, like here, or when you just don't care to find the only pieces of data that really interest you, buried in a lot of text.

Permission types

Each file and directory (which are treated as files), can have three types of permissions

  • read or r means the file's contents can be read and listed
  • write or w means the file's contents can be written and modified
  • execute or x means the file is executable, such as a binary programme or a script

If any of the above permissions is denied on a file, it will usually be marked by dash character (-) in place of the permission's letter.

There is also a special permissions flag on each file. Mostly you will see it set as - meaning no special permissions, or d indicating that the file is, in fact, a directory, or l, meaning that the file or directory is, in fact, a symbolic link. Being a directory is not technically a permission, but a useful piece of information for both you and the system, as in Linux (and other UNIX-like systems) directories are treated as files.

Other special permissions can appear in the place of the executable bit:

  • s - Indicates setuid/setgid of user or group respectively. also means x is set.
  • S - Same as s, but x is not set.
  • t - "Sticky bit".
  • T - Same as t, but x is not set.

To find out more about these, see the Special File permission article from the Oracle System Administration Guide.