Linux permissions are a concept that every user becomes intimately familiar with early on in their development. We need to execute scripts, modify files, and run processes in order to administer systems effectively, but what happens when we see Permission denied? Do you know why we see this message? If you know the cause of the problem, do you know how to implement the solution?
I will give a quick explanation of the various ways to calculate permissions, and then we will focus on the special permissions within Linux. If you want an in-depth look at the chmod
command, check out this article from Sudoer Shashank Hegde, Linux permissions: An introduction to chmod.
The TL;DR is that there are two main ways of assigning permissions.
[ Download now: Advanced Linux commands cheat sheet. ]
Symbolic method
The symbolic method uses the following syntax:
[tcarrigan@server ~]$ chmod WhoWhatWhich file | directory
Where:
- Who - represents identities: u,g,o,a (user, group, other, all)
- What - represents actions: +, -, = (add, remove, set exact)
- Which - represents access levels: r, w, x (read, write, execute)
An example of this is if I want to add the read and write permissions to a file named test.txt for user and group, I use the following command:
[tcarrigan@server ~]$ chmod ug+rw test.txt
Full disclosure, this is not my preferred method of assigning permissions, and if you would like more information around this method, I recommend your nearest search engine.
Numeric method
The numeric method is, in my experience, the best way to learn and practice permissions. It is based on the following syntax:
[tcarrigan@server ~]$ chmod ### file | directory
Here, from left to right, the character # represents an access level. There are three access levels—user, group, and others. To determine what each digit is, we use the following:
- Start at 0
- If the read permission should be set, add 4
- If the write permission should be set, add 2
- If the execute permission should be set, add 1
This is calculated on a per access level basis. Let's interpret this permissions example:
-rw-r-x---
The permissions are represented as 650. How did I arrive at those numbers?
- The user's permissions are: rw- or 4+2=6
- The group's permissions are: r-x or 4+1=5
- The others's permissions are: --- or 0
To put this into the command syntax, it looks like this:
[tcarrigan@server ~]$ chmod 650 test.txt
Now that you understand the basics of permission calculation in Linux, let's look at the special permissions included in the OS.
[ You might also like An introduction to Linux Access Control Lists (ACLs). ]
Special permission explained
Special permissions make up a fourth access level in addition to user, group, and other. Special permissions allow for additional privileges over the standard permission sets (as the name suggests). There is a special permission option for each access level discussed previously. Let's take a look at each one individually, beginning with Set UID:
user + s (pecial)
Commonly noted as SUID, the special permission for the user access level has a single function: A file with SUID always executes as the user who owns the file, regardless of the user passing the command. If the file owner doesn't have execute permissions, then use an uppercase S here.
Now, to see this in a practical light, let's look at the /usr/bin/passwd
command. This command, by default, has the SUID permission set:
[tcarrigan@server ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 33544 Dec 13 2019 /usr/bin/passwd
Note the s where x would usually indicate execute permissions for the user.
group + s (pecial)
Commonly noted as SGID, this special permission has a couple of functions:
- If set on a file, it allows the file to be executed as the group that owns the file (similar to SUID)
- If set on a directory, any files created in the directory will have their group ownership set to that of the directory owner
[tcarrigan@server article_submissions]$ ls -l
total 0
drwxrws---. 2 tcarrigan tcarrigan 69 Apr 7 11:31 my_articles
This permission set is noted by a lowercase s where the x would normally indicate execute privileges for the group. It is also especially useful for directories that are often used in collaborative efforts between members of a group. Any member of the group can access any new file. This applies to the execution of files, as well. SGID is very powerful when utilized properly.
As noted previously for SUID, if the owning group does not have execute permissions, then an uppercase S is used.
other + t (sticky)
The last special permission has been dubbed the "sticky bit." This permission does not affect individual files. However, at the directory level, it restricts file deletion. Only the owner (and root) of a file can remove the file within that directory. A common example of this is the /tmp
directory:
[tcarrigan@server article_submissions]$ ls -ld /tmp/
drwxrwxrwt. 15 root root 4096 Sep 22 15:28 /tmp/
The permission set is noted by the lowercase t, where the x would normally indicate the execute privilege.
Setting special permissions
To set special permissions on a file or directory, you can utilize either of the two methods outlined for standard permissions above: Symbolic or numerical.
Let's assume that we want to set SGID on the directory community_content
.
To do this using the symbolic method, we do the following:
[tcarrigan@server article_submissions]$ chmod g+s community_content/
Using the numerical method, we need to pass a fourth, preceding digit in our chmod
command. The digit used is calculated similarly to the standard permission digits:
- Start at 0
- SUID = 4
- SGID = 2
- Sticky = 1
The syntax is:
[tcarrigan@server ~]$ chmod X### file | directory
Where X is the special permissions digit.
Here is the command to set SGID on community_content
using the numerical method:
[tcarrigan@server article_submissions]$ chmod 2770 community_content/
[tcarrigan@server article_submissions]$ ls -ld community_content/
drwxrws---. 2 tcarrigan tcarrigan 113 Apr 7 11:32 community_content/
[ Get the guide to installing applications on Linux. ]
Summary
In closing, permissions are fundamentally important to being an effective Linux administrator. There are two defined ways to set permissions using the chmod
command: Symbolic and numerical. We examined the syntax and calculations required for both methods. We also considered the special permissions and their role in the system. Now that you understand permissions and the underlying concepts, you can solve the ever-annoying Permission denied error when it tries to impede your work.
저자 소개
Tyler is the Sr. Community Manager at Enable Sysadmin, a submarine veteran, and an all-round tech enthusiast! He was first introduced to Red Hat in 2012 by way of a Red Hat Enterprise Linux-based combat system inside the USS Georgia Missile Control Center. Now that he has surfaced, he lives with his wife and son near Raleigh, where he worked as a data storage engineer before finding his way to the Red Hat team. He has written numerous technical documents, from military procedures to knowledgebase articles and even some training curricula. In his free time, he blends a passion for hiking, climbing, and bushcraft with video games and computer building. He is loves to read and enjoy a scotch or bourbon. Find him on Twitter or on LinkedIn.
유사한 검색 결과
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.