Appendix B: File Permission Table

Understanding the Foundation of Linux Security

In the vast landscape of Linux system administration, few concepts are as fundamental yet as frequently misunderstood as file permissions. Like the intricate lock and key mechanisms that protect our most valuable possessions, Linux file permissions serve as the guardian angels of system security, determining who can access what, when, and how. This comprehensive reference guide will illuminate every aspect of Linux file permissions, transforming what might seem like cryptic numerical codes into a clear, logical system that you can master and manipulate with confidence.

The Linux permission system operates on a beautifully simple yet powerful principle: every file and directory in the system has an owner, belongs to a group, and has specific access rights defined for the owner, the group, and everyone else. This three-tier security model has protected Unix-like systems for decades, proving its effectiveness through countless implementations across servers, workstations, and embedded systems worldwide.

The Anatomy of File Permissions

Understanding Permission Types

Linux recognizes three fundamental types of permissions, each serving a distinct purpose in the access control mechanism:

Read Permission (r): This permission grants the ability to view the contents of a file or list the contents of a directory. When you execute commands like cat, less, or head on a file, you're exercising read permissions. For directories, read permission allows you to use commands like ls to see what files and subdirectories exist within.

Write Permission (w): This permission provides the authority to modify file contents or alter directory structures. With write permission on a file, you can edit, append to, or truncate the file's contents. For directories, write permission enables you to create new files, delete existing files, or rename files within that directory.

Execute Permission (x): For files, this permission allows the file to be run as a program or script. For directories, execute permission is particularly crucial—it grants the ability to traverse through the directory, essentially allowing you to "enter" the directory and access its contents.

The Three Permission Categories

The Linux permission system organizes access rights into three distinct categories:

User (Owner) Permissions: These permissions apply to the file or directory owner—the user account that created the file or was assigned ownership through the chown command. The owner typically has the most comprehensive access rights to their files.

Group Permissions: These permissions apply to all users who belong to the file's assigned group. Groups provide a convenient way to grant similar access rights to multiple users who need to collaborate on files or share resources.

Other (World) Permissions: These permissions apply to all other users on the system—essentially everyone who isn't the owner and doesn't belong to the file's group. These permissions define the baseline access level for the general user population.

Comprehensive Permission Reference Tables

Numeric Permission Values

The numeric (octal) representation of Linux permissions uses a three-digit system where each digit represents the permission set for user, group, and other respectively. Each digit is calculated by adding the values of individual permissions:

Permission

Numeric Value

Binary Representation

Read (r)

4

100

Write (w)

2

010

Execute (x)

1

001

Complete Numeric Permission Table

Numeric

Binary

Symbolic

Description

0

000

---

No permissions

1

001

--x

Execute only

2

010

-w-

Write only

3

011

-wx

Write and execute

4

100

r--

Read only

5

101

r-x

Read and execute

6

110

rw-

Read and write

7

111

rwx

Read, write, and execute

Common Permission Combinations

Understanding common permission patterns will help you quickly recognize and implement appropriate security settings:

Numeric

Symbolic

Typical Use Case

644

rw-r--r--

Regular files (owner can read/write, others can read)

755

rwxr-xr-x

Executable files and directories

700

rwx------

Private files/directories (owner only)

666

rw-rw-rw-

World-writable files (rarely recommended)

777

rwxrwxrwx

World-writable and executable (security risk)

600

rw-------

Private files (owner read/write only)

750

rwxr-x---

Group-accessible directories

640

rw-r-----

Group-readable files

Directory vs. File Permissions

File Permission Behavior

When permissions are applied to files, their behavior is straightforward and intuitive:

- Read (4): Allows viewing file contents using commands like cat, less, head, tail, and text editors
- Write (2): Permits modification of file contents, including editing, appending, and truncating
- Execute (1): Enables running the file as a program, script, or binary executable

Directory Permission Behavior

Directory permissions operate differently and require careful understanding:

- Read (4): Allows listing directory contents with ls and similar commands, but doesn't permit accessing the files themselves
- Write (2): Enables creating, deleting, and renaming files within the directory (requires execute permission to be useful)
- Execute (1): Grants traversal rights—the ability to "enter" the directory and access files within it

Critical Note: Directory execute permission is essential for accessing files within the directory, even if you have read permission on individual files. Without execute permission on a directory, you cannot access its contents regardless of other permissions.

Advanced Permission Concepts

Special Permission Bits

Beyond the standard read, write, and execute permissions, Linux supports three special permission bits that provide additional functionality:

Setuid (Set User ID) - 4000: When set on an executable file, the program runs with the privileges of the file's owner rather than the user executing it. This is commonly seen in system utilities like passwd that need elevated privileges.

Setgid (Set Group ID) - 2000: Similar to setuid, but grants the group's privileges. When applied to directories, new files created within inherit the directory's group ownership.

Sticky Bit - 1000: Primarily used on directories to restrict file deletion. Users can only delete files they own, even if they have write permission on the directory. The /tmp directory typically has this bit set.

Umask and Default Permissions

The umask command controls default permissions for newly created files and directories. It works by subtracting permissions from the maximum possible values:

- Files: Maximum 666 (rw-rw-rw-)
- Directories: Maximum 777 (rwxrwxrwx)

Common umask values and their effects:

Umask

File Permissions

Directory Permissions

022

644 (rw-r--r--)

755 (rwxr-xr-x)

002

664 (rw-rw-r--)

775 (rwxrwxr-x)

077

600 (rw-------)

700 (rwx------)

Practical Command Examples

Viewing Permissions

# Display detailed file permissions

ls -l filename

 

# Show permissions for all files including hidden ones

ls -la

 

# Display only permissions in numeric format

stat -c "%a %n" filename

 

# Show permissions with human-readable format

ls -lh

Changing Permissions with chmod

# Numeric method - set specific permissions

chmod 755 script.sh # rwxr-xr-x

chmod 644 document.txt # rw-r--r--

chmod 600 private_file # rw-------

 

# Symbolic method - modify existing permissions

chmod u+x script.sh # Add execute for user

chmod g-w document.txt # Remove write for group

chmod o+r public_file # Add read for others

chmod a+r shared_file # Add read for all

 

# Recursive permission changes

chmod -R 755 directory/ # Apply to directory and all contents

chmod -R u+w project/ # Add write permission recursively

Advanced chmod Usage

# Set multiple permissions simultaneously

chmod u+rw,g+r,o-rwx sensitive_file

 

# Copy permissions from one file to another

chmod --reference=source_file target_file

 

# Set permissions with special bits

chmod 4755 program # setuid + 755

chmod 2755 directory # setgid + 755

chmod 1755 shared_directory # sticky bit + 755

Changing Ownership

# Change file owner

chown newowner filename

 

# Change owner and group

chown newowner:newgroup filename

 

# Change only group

chgrp newgroup filename

 

# Recursive ownership changes

chown -R user:group directory/

Security Best Practices

Principle of Least Privilege

Always grant the minimum permissions necessary for users to accomplish their tasks. This fundamental security principle reduces the potential impact of security breaches and accidental modifications.

Recommended Practices:

- Regular files: 644 (owner read/write, others read-only)
- Executable files: 755 (owner full access, others read/execute)
- Private files: 600 (owner access only)
- Directories: 755 (owner full access, others read/execute)
- Private directories: 700 (owner access only)

Avoiding Common Security Pitfalls

Never use 777 permissions unless absolutely necessary and you understand the security implications. World-writable files and directories create significant security vulnerabilities.

Be cautious with setuid/setgid programs, as they can be exploited if not properly secured. Regularly audit files with special permissions:

# Find all setuid files

find / -type f -perm -4000 2>/dev/null

 

# Find all setgid files

find / -type f -perm -2000 2>/dev/null

 

# Find world-writable files

find / -type f -perm -002 2>/dev/null

Regular Permission Audits

Implement regular permission audits to maintain system security:

# Find files with unusual permissions

find /home -type f -perm 777 2>/dev/null

 

# Locate files without proper ownership

find /var/www -not -user www-data 2>/dev/null

 

# Check for world-readable sensitive files

find /etc -type f -perm -004 -name "*pass*" 2>/dev/null

Troubleshooting Permission Issues

Common Permission Problems

"Permission denied" errors typically indicate insufficient permissions. Use ls -l to examine current permissions and chmod to adjust them appropriately.

Cannot access directory contents despite having read permission on files usually means lacking execute permission on the parent directory.

Cannot delete files in a directory you own might indicate the sticky bit is set, or you lack write permission on the directory.

Diagnostic Commands

# Check your current user and groups

id

 

# Verify file permissions and ownership

ls -la problematic_file

 

# Test directory traversal

cd target_directory && pwd

 

# Check effective permissions

namei -l /path/to/file

Conclusion

Mastering Linux file permissions is essential for system administrators, developers, and power users alike. This comprehensive reference table and guide provide the foundation for understanding and implementing proper file security in Linux environments. Remember that permissions are not just technical settings—they're the guardians of your system's security and data integrity.

The permission system's elegance lies in its simplicity and consistency. Whether you're managing a single-user workstation or a multi-user server environment, these same principles apply universally across Linux distributions. Regular practice with permission commands, combined with adherence to security best practices, will ensure your Linux systems remain secure and properly configured.

Keep this reference handy as you work with Linux systems, and don't hesitate to experiment with permission settings in safe environments to deepen your understanding. The investment in mastering file permissions will pay dividends throughout your Linux journey, providing the confidence to secure systems effectively while enabling appropriate access for legitimate users and processes.