Skip to content

Permission Groups#

Let's check out the listing we got earlier and review the ownership model and permissions groups of the files:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
michael@develop:~$ ls -la ~
total 32
drwxr-xr-x 4 michael michael 4096 Mar 18 10:11 .
drwxr-xr-x 4 root    root    4096 Mar 18 08:01 ..
-rw------- 1 michael michael  312 Mar 18 08:46 .bash_history
-rw-r--r-- 1 michael michael  220 Feb 25  2020 .bash_logout
-rw-r--r-- 1 michael michael 3771 Feb 25  2020 .bashrc
drwx------ 2 michael michael 4096 Mar 18 07:24 .cache
drwxrwxr-x 3 michael michael 4096 Mar 18 09:23 .local
-rw-rw-r-- 1 michael michael    0 Mar 18 10:11 .my_secrets
-rw-r--r-- 1 michael michael  807 Feb 25  2020 .profile
-rw-r--r-- 1 michael michael    0 Mar 18 07:52 .sudo_as_admin_successful

So everything here is owned by the michael user and the michael group, except for .., which is owned by root and root. But how do the permissions break down?

If we take the permissions for .my_secrets, a file, we see this: -rw-rw-r--. These are columns, and in each column is a value. That value tells us something. Let's break down those columns and then discuss them.

The columns are bunched into four groups:

  1. File type
  2. User
  3. Group
  4. Other (or world)

The file type is the first column. We've covered this previously.

The user is the next three columns; group is the next three; and other is the last three. Let's review these.

User#

The user "group" is made up of three columns after the file type. Each column has a purpose, starting with the first column:

  1. Read: r
  2. Write: w
  3. Execute x

If the column has a - in it, that group doesn't have that permission.

The read permission lets the owner of the file read the contents. The write permissions lets the owner write to the file, changing the contents inside. And the execute permission let the own execute the file if it's an executable type or is a special file that can be executed.

Group#

The next set of columns is for the Linux group that has access to the file or directory. Everything from "User" section, above, applies here.

All the permissions in this group apply to every user inside of the group itself.

Other/World#

And finally, this set of columns are for everyone else on the system - other users that aren't the owner of the file, nor in the group that owns the file. Everyone outside of those two things.