Linux Fundamentals, March 2022

File Permissions and Ownership, the Real Model

Linux permissions look cryptic until you see the single model underneath them, and once you do, the whole system of access control on a Unix machine becomes readable at a glance. Every file and directory has an owner, a group, and a set of permissions defined separately for three classes, the owning user, the owning group, and everyone else. The permissions themselves are just three bits repeated for each class, read, write, and execute, and the string shown by ls, something like rwxr-xr--, is simply those bits spelled out for user, group, and other in turn.

NOTATIONMEANING
r, value 4Read, view the contents of a file or list a directory.
w, value 2Write, modify a file, or create and delete entries in a directory.
x, value 1Execute a file as a program, or enter and traverse a directory.
rwxr-xr--, 754Owner reads, writes, and executes, group reads and executes, others read only.

The point that trips people up is that the same bit means different things on a file and on a directory, and execute is where this matters most. On a file, execute permits running it as a program. On a directory, execute permits entering it and reaching the files inside by name, which is why a directory can be readable, letting you list its contents, and yet not executable, meaning you cannot actually open the files it lists. Write on a directory is likewise more powerful than it appears, because it governs creating and deleting entries, so a user with write access to a directory can delete a file inside it even without write permission on the file itself, a fact that surprises people until they understand that deletion is an operation on the directory, not on the file.

Beyond the basic nine bits sit three special ones worth knowing, the setuid and setgid bits, which cause a program to run with the privileges of its owner or group rather than those of the caller, and the sticky bit, which on a shared directory such as /tmp restricts deletion to the owner of each file. These are the mechanism behind commands like passwd running with elevated rights, and they are also a place to look during a security review, because an unexpected setuid binary is a classic path to privilege escalation. The permission model is deliberately simple, three classes and three bits, and its strength is that this simplicity composes into precise control once ownership, the directory subtleties, and the special bits are understood together, which is why learning it properly, rather than reaching for chmod 777 whenever something does not work, is one of the dividing lines between using a Linux system and administering one.