Understanding Linux File Permissions: A Guide for Developers

Trushang SutharTrushang Suthar
4 min read

File permissions in Linux are key to keeping your files and directories secure while controlling who can access them. In this blog, we’ll explain file permissions in simple terms, show you how to calculate them, and guide you on using commands like chmod and chown.

What Are Octal Values in Linux File Permissions?

Octal values are a shorthand representation of file permissions in Linux, based on a base-8 numbering system. They use numbers 0 to 7 to define combinations of permissions for the file owner, group, and others.

Permission Values

Each permission is assigned a specific value:

  • 4: Read (r)

  • 2: Write (w)

  • 1: Execute (x)

To calculate the octal value for a set of permissions, add the values of the granted permissions:

  • rwx = 7 (4 + 2 + 1)

  • rw- = 6 (4 + 2 + 0)

  • r-- = 4 (4 + 0 + 0)

  • --- = 0 (0 + 0 + 0)

Example: chmod Command

To set specific permissions, you use the chmod command followed by a three-digit octal number:

chmod 750 filename

Here:

  • 7: Owner has rwx (read, write, execute).

  • 5: Group has r-x (read, execute).

  • 0: Others have no permission.

Tools for Managing File Permissions

  1. chmod (Change Mode)
    Modifies read, write, and execute permissions.

    • Absolute Mode: Use octal values to define permissions directly.

        chmod 640 file.txt
  # Owner: rw-, Group: r--, Others: ---

    • Symbolic Mode: Use symbols (+, -, =) to add, remove, or set permissions.

        chmod u+x,g+r,o-rwx file.txt
  # Add execute for owner, add read for group, remove all permissions for others.

    • Recursive Mode: Apply changes to directories and their contents.

        chmod -R 750 mydir

  2. chown (Change Ownership)
    Changes the ownership of a file or directory.

     chown user:group file.txt

  3. chgrp (Change Group)
    Changes the group ownership of a file or directory.

     chgrp group file.txt

  4. umask (Set Default Permissions)
    Defines default permissions for newly created files and directories.

     umask 022

    Here, permissions 022 remove write access for the group and others.

Think in Terms of Groups and Values

  1. Groups: Owner, Group, Others

  2. Values: Read (4), Write (2), Execute (1)

Mnemonic: “RWE = 421”

  • Read = 4

  • Write = 2

  • Execute = 1

How to Use It

For each group, add up the values of the permissions you want:

  • rwx = Read (4) + Write (2) + Execute (1) = 7

  • rw- = Read (4) + Write (2) = 6

  • r-- = Read (4) = 4

  • --- = No permissions = 0

Now combine the values for Owner, Group, and Others to get the final octal value!

Quick Example

To give:

  • Owner full access (rwx = 7)

  • Group read & execute access (r-x = 5)

  • Others no access (--- = 0)

The command would be:

chmod 750 filename

Remember: “421 adds up!”

Always add 4, 2, and 1 to figure out permissions for each group. This quick mental math will save you time!

Real-Life Example: EC2 Instance with Apache2 and Laravel API

Scenario

You have an EC2 instance hosting an Apache2 web server, and a Laravel API project located at /var/www/html/api. To ensure proper functionality, you need to:

  1. Set appropriate permissions for the project.

  2. Allow the web server (Apache2) to read and execute files.

  3. Grant write access to certain directories, like storage and bootstrap/cache, for Laravel's internal use.

Steps to Set Up Permissions

  1. Set Ownership for the Laravel Project
    The web server user (commonly www-data on Ubuntu or apache on CentOS) must own the Laravel project files. Use the chown command:

     sudo chown -R www-data:www-data /var/www/html/api

    This sets www-data as the owner of all files and directories in /var/www/html/api.

  2. Set Permissions for the Laravel Project
    Use chmod to configure permissions:

    • Assign 755 to directories (read, write, and execute for the owner; read and execute for group and others):

        sudo find /var/www/html/api -type d -exec chmod 755 {} \;

    • Assign 644 to files (read and write for the owner; read-only for group and others):

        sudo find /var/www/html/api -type f -exec chmod 644 {} \;

  3. Grant Write Permissions to Specific Laravel Directories
    Laravel requires storage and bootstrap/cache to be writable by the web server. Set permissions accordingly:

     sudo chmod -R 775 /var/www/html/api/storage /var/www/html/api/bootstrap/cache

  4. Verify Permissions
    Ensure the permissions are correctly applied:

     ls -ld /var/www/html/api
 ls -ld /var/www/html/api/storage

Conclusion

File permissions in Linux are important for keeping your applications secure and working properly. By setting the right ownership and permissions, you can make sure your web server has the access it needs while keeping sensitive files safe from unauthorized users. Learning how to manage file permissions is a basic but essential skill for every developer using Linux.

0
Subscribe to my newsletter

Read articles from Trushang Suthar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

LinuxSecurityLinux#filepermissionschmodDevopslinux-commandsfile-permissionec2Laravel

Written by

Trushang Suthar
Trushang Suthar