Introducing File Permissions
Users, superusers, and file permissions—controlling access to data
ANY FILESYSTEM WORTH ITS SALT applies restrictions to files in the form of permissions, limiting access based on users and groups. Windows does this to some degree with its NTFS filesystem, but it’s no substitute for Linux.
The Basics Everything in Linux is represented as a file, including folders and hardware devices. The ext filesystem applies permissions to these files to determine how they can be accessed, and by whom. These boil down to three basic levels of access: read, write, and execute, expressed as r, w, and x respectively. You can view a file’s permissions in the Terminal with the “ls -l” command, where you’ll see entries such as “rwx” (full access) or “r--” (read-only).
These “rwx” permissions apply to folders as well as files, and things are complicated by the fact that certain permissions—such as deleting a file—reside with its parent folder, not the file itself. Files can be viewed (r), edited (w), and executed if they’re a program (x), but unless their parent folder has “w” permissions, you can’t create (or delete) files within the folder. Similarly, you can’t view files unless the folder has “x” permissions.
Owners, Users, and Everyone Else Security is paramount in Linux, so permissions aren’t applied directly to each file and folder; they’re applied to three categories of user: owner (the user who created the file), specific user group, and “others” (everyone else).
The second category refers to a single user group for whom specific permissions have been defined. Although it appears to apply to a specific user (often the file or folder’s owner), it actually applies to a user group.
When you create a new user, a group of the same name is also created, your user is added to that group, and it’s this group that Linux references here. You can add users to multiple groups, so advanced users can set up groups into which multiple users are added, giving them all the same level of access to a file or folder based on the group.
Permissions are set when a file is created, with the file owner also set as the default user or group for the file. If you create a file when running in elevated mode (such as through “sudo” in the Terminal), the owner is “root,” not you. The owner typically has full access rights to the file or folder created, while “everyone else” has more limited rights to files, and is usually blocked from folders.
By default, all users have full ownership, access, and control over their home folder and its contents, while other users are blocked. Outside the home folder, access is more restrictive—certain folders are accessible, but most are read-only or off limits completely, requiring you to access them via the “root” superuser account.
View and Change Permissions It’s possible to change a file or folder’s permissions, if you’re the owner, via the Nautilus file manager. Rightclick the folder or file in question, and choose “Properties > Permissions tab.” From here, you can change permissions for owners, the featured group, and “others,” plus change which user group has special access to the item in question. Click the “Group” drop-down menu, and the list includes a load of unfamiliar names—these are specially created system users, designed to do specific things without compromising on security. There’s no reason to use these groups in the context of file and folder permissions, so leave them well alone.