Understanding Linux Permissions: The Basics
Make permissions your friend, not your mysterious gatekeeper.
Why Permissions Matter
Permissions protect your system from accidents and mischief. Understanding them keeps your apps happy and your logs quiet.
The Three Characters
Users: owner, group, others. For each you can grant read, write, xecute.
-rwxr-x--- 1 app app 4096 Feb 20 index.js
Symbolic vs Numeric Modes
Two ways to set permissions.
- Symbolic:
chmod u=rw,g=r,o= file - Numeric:
chmod 640 filewhere 6=r+w, 4=r, 0=none
Common Recipes
- Make a script executable:
chmod u+x deploy.sh - Secure a private key:
chmod 600 ~/.ssh/id_rsa - Web directory typical perms:
find /var/www/site -type d -exec chmod 755 {{}}andfind /var/www/site -type f -exec chmod 644 {{}}
Ownership with chown and chgrp
Ownership defines who gets the keys.
chown -R app:app /var/www/site
Setuid, Setgid, and Sticky Bit
Special modes with special powers.
- setuid (4): run as file owner. Example:
chmod 4755 /usr/bin/somebin - setgid (2): run as group or inherit group on dirs. Example:
chmod 2755 /shared - sticky (1): only owner may delete in world writable dir. Example:
chmod 1777 /tmp
ACLs for Fine Grained Control
When traditional bits are not enough, use ACLs.
setfacl -m u:berty:rwx /data/reports getfacl /data/reports
Troubleshooting Checklist
- Check the mode:
ls -l - Check ownership:
ls -lthenchown - Check parent directory execute bit
- Watch out for umask
