File and Folder Permissions in Linux

In a typical UNIX/LINUX-style file listing, a file will be displayed in the following way:

ls -l index.php

Output:

-rw-r--r--. 1 www-data www-data 405 Nov 14 01:45 index.php

The first character indicates the file type. It can be a regular file (-), directory (d), a symbolic link (l), or other special types of files. The following nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last triplet shows everybody else permissions.

-rw-r--r--.

r stands for read permission;
w stands for write permission;
x stands for execute permission.

The permissions are divided into three parts.

The first three characters after the initial – are (rw-) are for Owner permissions. The owner of the file, the user “www-data”, can read the file and write (modify) it.

The next three characters (r–) are for group permissions. Members of the group “www-data” can read the file.

The last three characters (r–) are for other (world) permissions. These are the permissions for everyone else on the system. Users other than “group” who are not members of the “www-data” group can only read the file.

For directories, the permissions have a slightly different meaning.

For example:

ls -la
drwxr-xr-x  8 www-data www-data  4096 Feb 21 11:28 wp-content

Read determines if the user can get a list of the files in the directory;

Write determines if the user can create or delete files in the directory. A point of interest in this case is that if a user has write access to the directory, the user can delete files that are in that directory even if the username has no write permissions for the particular files;

Execute determines if the user can cd into the directory.

To summarize:

In this case, the owner, user, can do just about anything in the directory. Members of the group staff can list the contents of the directory and browse it. No one else is allowed access to the directory. Permissions are also often represented by digits. For example, 755 is the same as

-rwxr-xr-x.

The permission bits correspond to a certain number: 4 stands for r, 2 for w, 1 for x.

The reason for this is that in binary 100 (r–) is 4 in decimal; 10 (or 010, -w-) in binary is 2; and 1 (or 001, –x) in binary is 1 in decimal.

This allows for adding the numbers together, which can give a number from 0 to 7 for each of the three parts of the permissions set.

Here is a nice grid.

-rw-r--r-- 8 www-data www-data 12.0K Apr  28 10:10 file_name
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

Leave a Comment