Linux Essentials - Understanding File & Directory Permissions

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello and welcome back to learn linux tv in today's video we are going to cover permissions this is one of those things that might be a bit challenging for newcomers to understand so i wanted to make this video to hopefully clear up how you can tell what permissions an object has and what the individual permission bits actually mean so let's dive in and get started so what i'm going to do right now is show you the output of the ls-l command and i've already gone over the ls command as well as other commands that were related to directory traversal in a previous video in this series but i'll press enter and we can see the contents of my current working directory and the dash l option of the ls command gives us a long listing and that's especially important for us because that allows us to see the permission string for each item in our current working directory and the first section here of each row is the permission string and a good portion of this video is going to be helping you understand what this actually means and how you can translate these characters to an understanding of what the permissions are for each individual item and the first thing to understand is that this string is actually broken down into four groups the first group is just a single character the very first character that you see here and most of these have a first character of the letter d but we also have a first character here that is simply a hyphen d actually stands for directory and as for me i often use the terms directory and folder interchangeably but just keep in mind that the d means directory and a hyphen what does that mean well that means that that particular object is a file so this right here is just a simple text document that i created for this video actually it has nothing in it it has a file size of literally zero but i wanted to have some sort of file here to illustrate the difference so i've just gone over the first group here in the permission string and the other three groups are broken down into three so this is group number two and this is group number three and then this is the fourth group so what i'm going to do is help you understand what each of these groups represents in the output to serve as an example to work with i have this line right here which is an actual line from the ls-l command output from my desktop this is a folder called vbox it's where i basically have my virtual machine files but we're going to pay special attention to the permission string all the way on the left now i've already gone over the first character which in this case is a d and it lets you know whether or not it's a file or a directory but it also lets you know whether or not it's a link which would be l in this case if this was a link i'm going to go over links in a different video so i'm not going to spend any time on that but if you were to check the ls output on various directories across your file system you'll more than likely eventually run into a file that is actually a link in which case the first character would actually be an l so the first item here is very easy because it's just a single character and it lets you know what type of object it is on that line now the next group which is actually consisting of three characters represents the permissions for the user of that file or that folder essentially the user that owns that file or folder now you notice i have user here at the top and it's pointing down to my name you actually see my name twice the first instance of my name is the user so i own this directory the second instance of my name is the group that owns the file or directory which is also my name it's very common in linux that when you create a user that there's actually a group named after the user as well but that group could be anything and we'll get into more about groups in just a moment but for right now we're going to focus on the user so you know that i own the file my name is there and we also know that the r w and x pertains to me in some way but what exactly does that mean well actually the r means read i am able to read that directory now if that was a file then read is pretty obvious as far as what it means if it's a file that means i can read the contents of the file so if it's a text file and it contains text then i'm allowed to look at it now when it comes to a directory read means something different it means i can read the contents of the directory so i guess you could say that r in this case means you can read the contents of the item whether that be the contents of a text file or the contents as far as what is inside a directory so i am able to read the contents of that folder or that file whatever it is because i have the r bit set the w means write if this were a file that means i can actually add content to the file i could add a new line of text to a text file if it's a word processor document i can add some new sentences or a paragraph or something i'm basically able to modify that item if it's a directory in which case this is i am able to add content to the directory i am able to put things into the directory so i'd be able to create a text file inside that directory if i wanted to because i have the ability to write to it that's what w means it means i can write to it now the x bit is a little interesting because it has two almost completely different meanings they're similar but different if it were a file that means i can execute that file as if it were a program so for example you could actually create a text file and put some linux commands in there and if it's marked executable then that means you could run that file as if it were a program which is essentially what a script is a script is a file that contains commands that are to be interpreted by the interpreter on the command line so if i was to for example add the ls command and save that into a text file market executable i could execute that text file and it would then execute the ls command and that's possible because x is set in this case but this is not a file though this is a directory what the x means when it comes to a directory is that i can go inside the directory i could change my current working directory to go inside that directory if that permission was not set it'd be a little weird because i'd be able to read the contents of that directory i would be able to add files to that directory because i have the w bit set but if the x bit was not set i wouldn't be able to go into the directory which is strange but it is the case so essentially we have r for read w for write and x for execute and those three characters there right after the first character which is a d in this case those three characters are the second group and they pertain to permissions for the owning user moving on we have the third group here another group of three characters in this case again it's r w and x these permissions pertain to the group in this case the group is also me when you create a user you get a group not always but a lot of distributions do that and then by default the files and folders that you create inside your home directory will be owned by you your user as well as your group now that in and of itself isn't that interesting i mean having a group that is named the same as me that isn't the best example to be honest but you can actually extend that a lot further when you are dealing with a file server for example you have some files that you want to make readable by an entire group of users you can create a group and then you can assign that directory and those files to be owned by that group for example you could have an accounting team at your company and maybe this folder contains some very confidential financial reports for your company you certainly don't want everyone to be able to see those reports only the people that need to see those reports in that case perhaps you'd create a group called accounting you would assign the object to that group and then make sure that only that group can read those files that are inside that directory you'd be able to do that because well you could create a group and then manage the permissions as you the administrator sees fit so anyway we have rwx again read write and execute and this section of the permission string here pertains to the group let's move on so the last group of three here pertains to other and this is also known as world essentially everybody else so basically other pertains to a user other than the user that owns the file and a group other than the group that owns the file it's basically everybody else neither of the two that you see here neither this user or this group it's just public it's writable it's open it's open to the world what's interesting here is that if you were to remove the rw and x for the user the first group of three and change those to all hyphens then the user that owns this file or this folder whatever it is would not be able to access it would not be able to do anything which is kind of odd right because if you own it you should be able to do something and long story made short you probably still could but i'm trying to keep it simple and in this case if you didn't have permission over this particular folder then everyone else would everyone else that's not you because specifically your permissions are nothing if i were to change it but if you are other meaning someone else then you would be able to read and execute this directory it's a little confusing but it's going to make sense i promise now back on the terminal let's see some actual examples on my computer right here that we can use to better understand this so again i will execute ls-l and i am in my home directory right now slash home slash j again i've gone over the linux file system and the directory structure in a previous video but what we can see right here is that we have mostly folders they're colored blue in this case that's not always the case that's actually a shell customization you won't always see the blue color when you go to look at the output of the ls command most distributions actually configure that by default but even if you don't have the colorization you know which one of these is a folder versus a file based on the first character like i mentioned so the permissions of the first bunch of files here basically all of these are well they're the same so we have rw and x for user straight down we have our hyphen x for group straight down and we have r hyphen x for world or other straight down and what that means is that since i own each of these directories then the first group of the permission strings after the d is going to apply to me the rw and x i have full permission i can do anything i want rw and x in a group is the most you can possibly have in that group so i could read it i could write to it and i can execute it now if i was not the user that owns this file and i was somebody else but i did exist in the group that has ownership of that object then i would be applied the r hyphen x permissions so i would be able to read the contents of the directories i wouldn't be able to modify them because the w is missing but i would be able to go into the directories because x is set and same for world so essentially everyone can read the contents of these directories everyone can execute or go inside these directories but only i can actually modify the contents of these directories now let's take a look at the permission string for this file right here notice that x is not set anywhere absolutely no one will be able to execute that text file as a program i'm going to give you an example of that i'm going to edit that file with nano and currently it's empty so what i'm going to do is execute the ls-l command and instead of executing that against my current working directory i want to see the contents of the slash etsy directory instead i'm going to warn you there's actually a proper way to create a script so even though this is technically accurate you wouldn't actually begin a script with a command but this isn't a scripting video we can get into that in another video i'm going to hold ctrl and press o to save the file then i will hold ctrl and press x to exit out if i check the contents again you can see that the size is no longer zero like it was and it didn't even give me any errors when i tried to save the file and let me do it and that's because i am the owner of that file i have the w bit set right here so to execute a file as if it were a program basically a script just type dot forward slash and then you type the name of the file which i've done right here so i'll press enter and i get permission denied well that's kind of weird why did i get permission denied if i am the owner of that file well as you can probably guess execute is not set so i don't have permission to execute that file nobody does so regardless of who you are it's not going to execute now you can get around that by typing something like bash and then the file name and in this case i'm essentially telling the bash interpreter to go ahead and just read the contents of this file and execute it this will still work as you can see it gave me the output of the etsy directory now i didn't execute the script but i did tell bash to execute what's inside the script but i'm still not able to execute the script directly because again permission is denied so how do i actually change that well we have a dedicated command that allows us to change the permissions on an object and the command is the chmod command as you see here and what i want to do is add a permission bit to that file so i'm going to type plus and then the permission bit that i want to add and i want to add x so i can execute that file and then i type the name of the file that i want to change this one right here i'll press enter and let's look at the output again and see how it's different now straight away you can notice two things that are different here for one the color of this file is now green but again that's a shell specific customization you can't always rely on colorization it's nice when you have it green typically means executable but again you're not always going to have colors and we could also see here that the x bit was added to each section of the permission string that makes sense because when i executed this command right here i basically wrote plus x i didn't specify user group or world i just said give it execute and it did exactly what i told it to it gave it execute to everything so unless you tell it what in particular you want to add the x bit to it's just going to add it to everyone so what you could do instead is use minus instead of plus to take it away but you can also clarify user group or other so for example if i type u u minus x means the user subtract the x bit so chmod should remove the x bit from only the user when i execute this command and sure enough that's exactly what it did so if i was to try to execute it myself it's not going to work because again i don't have the execute bit set for my user i don't have permission to do that so what i'm going to do is change that to a plus and that's going to allow me to add the execute bit to the user specifically so i'll press enter on that and then what i'm going to do is change it again i'm going to target the group i'm going to subtract x then for other i'm going to do the same thing i'm going to subtract the executable bit from other but i'm adding it to the user and as you can see my user has full permission to that file i can read it i can write to it i can execute it as a program but no one else has the ability to execute it other than myself so that means i am able to type that forward slash and then the file name it's not going to give me an error this time it's going to actually do what i told it to do it's going to execute it and since the contents of that file contained a command when i execute it it's just going to execute that command it's the same as if i was to type ls-l etsy myself it's going to give me the same output because it is the same thing what i can also do is target the group subtract r for read and i can do the same thing for other as well i'm gonna take that away and it's kind of weird because group has the ability to write to the file they can't read it they can't execute it but they can change it so since that's a little weird let's go ahead and fix that so from the group i'm going to subtract the w bit and we can see that nobody other than myself has access to this particular file nobody can read the contents of it nobody can write changes to it and nobody can execute it other than myself i am the owning user and these are the permissions for my user these are the best possible permissions in this section that you can have and to be honest i actually prefer having full access myself and denying all other access because unless it's something that i really do want to be readable by everybody else i generally just subtract all the other bits and keep it to myself unless i have a very specific reason not to do that so let's have a little bit of fun i'm going to remove my own ability to write to that file and then what i'm going to do is echo the name of this youtube channel and with the double greater than sign i'm going to try to append this to the end of the file if i only had one greater than sign it would actually replace the file with the contents that you see here but two greater than signs will actually append it to the end which is safer usually and i'm going to write that to the test file here except i'm not because permission is denied and that makes sense because i took away the right permission from the user if i was to add it back and try it again you can see here that it did actually write learn linux tv to the end of the file now what i'm going to do is edit that file because that's not actually a command so that's kind of weird to have a command and then something that's not a command so i'll just take that away i'll save the file but you get the idea now you can actually combine the chmod command as well you don't have to do one command for every one bit you want to add or subtract so for group i can add read and write and i can do it all in one command and i'm going to use that same file as the test subject and sure enough you can see that the group has the ability to read and write to the file but not execute and other still has the ability to do basically nothing and as we can see here i was able to add the read and write bit all in one command without having to execute a separate command for r and a separate command for right that just lets you be a little bit more efficient now what i'm going to do in this video at this time is get a little bit more advanced so i want to make sure that you understand everything that we've gone over so far feel free to pause the video try a few experiments on your end or just re-watch a specific section it's not going to be overly complicated but it is going to go to the next level because i'm going to talk to you about the bit scores for each value basically there's a numerical representation of read write and execute and it's very important that you know this and understand it but in order to understand how this works the numerical representation you have to know how everything works up to this point don't rush it just make sure that you follow along and we'll go ahead and continue now each permission bit has a specific number attached to it so r for read has a value of four w for right has a value of two x for execute has a value of one so just take a moment to commit this to memory again r has a value of four w has a value of two and x has a value of 1. so now that you understand what the values are for each of those permission bits what does that even mean when it comes to understanding permissions well if i was to execute the chmod command to change the permissions of a file or a folder i could continue using the plus x minus x plus r minus r style that we've been doing and there's nothing wrong with that but we could get a little bit more efficient when we understand how the numerical values work so what i'm going to do as an experiment is give you a command and then i'll explain it i'm going to execute chmod 770 and then the file that we've been working with i haven't gone over what 770 means as of yet but i'm going to execute this command let's take a look at it so what we have here is rw and x for user and rw and x for group and nothing for other how did that happen though how does 770 correlate to this so when you use the chmod command with numerical values you have three digits here that you can use and then you have the name of the file now obviously the question marks will not work but we need to understand what each digit means when it comes to the chmod command with numerical values so the first digit here is for user the second is for a group and the third is for other now when i executed this command the first digit that i had here was a seven now it might be starting to click for some of you already because four plus two plus one equals seven and what that translates to is r w and x you're adding the totals of each to equal 7 that basically means all the permissions for the second digit that was also a 7 and then the last one was 0. so again we have user group and other seven is the highest it can possibly ever get each position here can never be higher than that we got the seven by adding four plus two plus one same thing here and then for other aka world we have a zero we don't want anyone else other than the user in the group to access this particular file we left it at zero which is equivalent to hyphen hyphen hyphen basically nothing if i was to say take away the seven in the second digit replace it with a five let's see what happens we have full permissions here for user which is the seven and we have read and execute which is 5. again read is 4 and execute is 1. i went over the point values earlier again r is equal to 4 w is equal to 2 and x is equal to 1. so by adding read which is 4 plus execute which is 1 we got a 5. and that translates to our hyphen x and again 0 is nothing i could do something completely weird 725 for example pretty much a horrible permission to have let's see what it looks like and before i press enter see if you can guess what the permission string is going to be on that test file before i show you the output of the ls command are you ready let's do it we have read write and execute for user as we would expect but for the group we have only w again the point value of w is 2 and we have exactly 2 here which is how we got the w so we have a file here that the group is able to write to but not read or execute strange but it is the case and then we have five we got to five by adding r which again is four and x which again is one equals five so that's how you can understand the numerical values of the chmod command and this style right here is very common this permission number here is not very common but this command style where you have the numerical version with the chmod command that is very common now let's take a look at another example i'm going to execute the ls-l command again but instead of showing you the contents of the home directory i'm going to show you the contents of my downloads directory now the file names are wrapping a bit over to another line but there's only three lines here these file names are just very long i was working on some other videos and these are some files that i downloaded as part of other videos i've been working on but the takeaway here is i have three files in my home directory in my downloads directory and they all have the permission string of read and write for user and group and just r for other so what i'm going to do is clear the screen and what i want to do is change the permissions for every file in my downloads directory all in one shot how would i do that so i'm going to execute chmod and the permission string i want to be six and of course that's read and write basically four plus two and i want the group to have nothing and other to have nothing and i'm going to execute that against my downloads directory but the problem here is that this is actually going to break my downloads directory because it's going to remove the execute bit i won't be able to go inside that folder so if i want to make all of the files within my downloads directory to be readable and writeable by only me so what i could do actually is add the recursive option dash capital r and what that's going to do is change the permissions for everything that is inside that directory all in one shot unfortunately though this is still not a good idea because while it will give me the correct permissions that i want on the files it's still going to make the downloads directory a permission of 600 which again means i can't get inside that directory anymore now the reason why i'm bringing this command up is because this is actually something that a lot of newcomers run into and that is how do you recursively change the permissions of everything inside a directory but only affect the files and that's going to be a tutorial in and of itself because that requires me to teach you the find command which i definitely should do a video on that anyway in fact i will but what we could do for now is take away the dash r option because the dash r option is only good if everything underneath is basically the same type of object directories or whatnot we can instead do slash and then star and that gives me the permission string that i want on those files now with the find command you can actually find specific types of objects so for example you could choose to find files or folders or both and then you can manipulate the permissions on them based on what type of file or what type of object they actually are but again that's a tutorial on the find command that's beyond the scope but what i did want you guys to be aware of is that the dash r option exists and it stands for recursive and it will change the permissions for everything underneath the object that you're applying it to it'll allow you to make those changes in one shot now how do you change the ownership of a file to be owned by someone else let's go ahead and explore that now on this laptop i have two users i have my user j which i've been using the entire video so far but if i take a look at the home directory i have another user on my computer i have batman on my computer and yes batman does use my laptop from time to time it's a very powerful laptop and sometimes just need a very powerful computer to find out what the joker is up to actually i just created that user a few minutes ago but anyway we have two users on this system now everything in my home directory is owned by me and the same is true when it comes to my downloads directory and this is an example of where the dash r option actually is more useful so if i was to change ownership of a file to be owned by a different user i would execute the ch own command which is an abbreviation of change ownership so i'm going to change ownership of an object from me to batman and i want to make the entire downloads directory owned by batman so i actually will add the dash r option right there and i will execute that against the downloads directory now it's telling me that the operation is not permitted i don't have permission to do this i knew this would happen but i wanted to basically teach you guys that you need to have sudo or root level access to change the ownership of an object now you could argue i am giving away my downloads directory i am just giving it to batman i don't want to own it anymore i'm just giving it away if you wanted to give something of your own away to a friend you just give it to them you wouldn't ask for permission if you own it but in linux you have to actually ask permission if you own it because you have to have permission to change the ownership to another user to make them own it so what we could do is put sudo in front of the command and that will give us the ability to do that and since i have dash r here then if this works that should change the permissions of the downloads directory to be owned by batman and also everything underneath it all in one shot it let me do it this time now we can see that batman owns the downloads directory so if i wanted to list the storage of that directory i can if i wanted to go inside that directory i can so in order to show you the contents i'm going to have to use sudo and then ls-l against downloads and now i can see the contents everything is owned by batman but here we still have my name for the group so let's go ahead and fix that too now here we have the command that we used to change the ownership to batman so i can put a colon here and then the name of the group that i want to own the file so in one shot i'm not only changing batman to be the owner of the file if i didn't already do that i'm also changing it to be owned by the batman group as well so it's user colon group and as you can see the group batman now owns each of these files and to reverse it i could simply do this and this will change the ownership back to my user and my group but wait a minute what i'm going to do is take away the group and just keep the colon let's see what happens so we could see that my user and my group owns the downloads directory again even though i left the group out i just have a colon i didn't add the group there if you actually use the colon and you don't specify a group it'll actually default to your users group so i didn't have to actually type out j i just typed colon if the user and the group are going to be the same and now i can list the contents of the downloads directory without using sudo since i own it again and you can see the same permissions here i own everything here and my group owns everything here permissions in linux can be a bit tricky to understand but i think with enough practice you guys will get it no problem and i hope this video has helped you understand the concept of permissions in linux and let me know what you thought of this video in the description down below i have some awesome videos coming very soon so make sure you subscribe if you haven't already done so and i'll see you again very soon [Music] so [Music] you
Info
Channel: LearnLinuxTV
Views: 14,958
Rating: 4.9829607 out of 5
Keywords: LearnLinuxTV, LearnLinux.tv, linux permissions, permissions, file permissions, linux user access, understanding permissions, learn linux tv, chmod, chown, chmod command, chown command, ls command, linux commands, linux, linux file permissions, unix file permissions, linux file permissions and ownership, file permission in linux, linux file permissions explained, linux permissions and ownership, linux directory permissions, linux permissions explained, linux file system permissions
Id: 4e669hSjaX8
Channel Id: undefined
Length: 35min 48sec (2148 seconds)
Published: Sat Apr 10 2021
Related Videos
Having trouble getting into IT? You CAN do it! Here's my story.
LearnLinuxTV
21K
Linux Essentials - Managing Users
LearnLinuxTV
11K
Linux File System/Structure Explained!
DorianDotSlash
2.6M
Linux File Types and File Permissions
Joe Collins
55K
Another Look at My Homelab (More Detail)
LearnLinuxTV
36K
Linux Essentials: Navigating the Linux Filesystem
LearnLinuxTV
11K
Why Universal Linux Apps are GREAT!
LearnLinuxTV
16K
OpenSSH Full Guide - Everything you need to get started!
LearnLinuxTV
137K
10 Tips for Hardening your Linux Servers
LearnLinuxTV
13K
Linux Essentials - The find command
LearnLinuxTV
15K
Fedora 34 Reviewed: A Great GNOME distro that's worth checking out!
LearnLinuxTV
63K
Linux Essentials - Public Key Authentication
LearnLinuxTV
10K
Arch Linux: Full Installation Guide - A complete tutorial/walkthrough in one video!
LearnLinuxTV
255K
Build your own NAS! A custom Raspberry Pi build with OpenMediaVault and an Argon One M2 Case
LearnLinuxTV
48K
Choosing a Desktop Environment (Linux for Noobs 3)
LearnLinuxTV
32K
Pop!_OS - FULL Beginners Guide (updated for 21.04)
LearnLinuxTV
64K
Linux Essentials - APT
LearnLinuxTV
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.