Permissions Ownership on Linux

Permissions on Unix-like systems (like Linux) are managed in three distinct classes. These classes are known as user, group, and others. In this article we will examine the Linux permissions by using the ls command for outline our examples.The ls command is probably the one that people find themselves using the most. After all, before you can manipulate and use files in a directory, you first have to know what files are available. That's where ls comes in, as it lists the files and subdirectories found in a directory.

$ ls -l ~/bin
total 2951
-rw-r--r--   1 scott scott 15058 2005-10-03 18:49   adblock_filters.txt
-rwxr-xr--   1 scott root     33 2005-04-19 09:45      addext

-rwxr--r--   1 scott scott   245 2005-10-15 22:38     backup

drwxr-xr-x   9 scott scott  1080 2005-09-22 14:42    bin_on_bacon
-rw-r--r--   1 scott scott 237641 2005-10-14 13:50  calendar.ics

-rwxr-xr--     1 scott root  190 2005-04-19 09:45     convertsize
drwxr-xr-x   2 scott scott  48 2005-04-19 09:45     credentials


The -l option stands for long, and as you can see, it provides a wealth of data about the files found in a directory. Let's move from right to left and discuss what you see.

On the farthest right is the easiest item: The name of the listed item. Want ls to display more about it? Then add the -F option to -l, like this: ls -lF. Color is easily available as well, with ls -lF --color.

Moving left, you next see a date and time. This is the time that the file was last modified, including the date (in year-month-day format) and then the time (in 24-hour military time).

Farther left is a number that indicates the size of the item, in bytes. This is a bit tricky with foldersfor instance, the previous readout says that bin_on_bacon is 1080 bytes, or just a little more than one kilobyte, yet it contains 887KB of content inside it. The credentials directory, according to ls -l, is 48 bytes, but contains nothing inside it whatsoever! What is happening?

Directories are just special files that contain a list of their contents. In this case, the contents of credentials consists of nothing more than the .. that all directories have to refer to their parent, so it's a paltry 48 bytes, while bin_on_bacon contains information about more than 30 items, bringing its size up to 1080 bytes.

The next two columns to the left indicate, respectively, the file's owner and its group. As you can see in the previous listing, almost every file is owned by the user scott and the group scott, except for addext and convertsize, which are owned by the user scott and the group root.

The next to last column as you move left contains a number. If you're examining a file, this number tells you how many hard links exist for that file; if it's a directory, it refers to the number of items it contains.

And now you reach the final item on the left: The actual permissions for each file and directory. This might seem like some arcane code, but it's actually very understandable with just a little knowledge. There are 10 items, divided (although it doesn't look that way) into 4 groups. The first group consists of the first character; the second group contains characters 2 through 4; the third consists of characters 5 through 7; and the fourth and final group is made up of characters 8 through 10. For instance, here's how the permissions for the credentials directory would be split up: d|rwx|r-x|r-x.

That first group tells you what kind of item it is. You've already seen that -F and --color do this in different ways, but so does -l. A d indicates that credentials is a directory, while a - in that first position indicates a file. (Even if the file is executable, ls -l still uses just a -, which means that -F and --color here give you more information.) There are, of course, other options that you might see in that first position, as detailed in following table.


Permission Characters and File Types




Regular file






Symbolic link




Block device


Character device


Named pipe


To view a list of files that shows at least one of almost everything listed in this table, try ls -l /dev.


The next nine charactersmaking up groups two, three, and fourstand for, respectively, the permissions given to the file's owner, the file's group, and all the other users on the system. In the case of addext, shown previously, its permissions are rwxr-xr--, which means that the owner scott has rwx, the group (in this case, also scott) has r-x, and the other users on the box have r--. What's that mean?

In each case, r means "yes, read is allowed"; w means "yes, write is allowed" (with "write" meaning both changing and deleting); and x means "yes, execute is allowed." A - means "no, do not allow this action." If that - is located where an r would otherwise show itself, that means "no, read is not allowed." The same holds true for both w and x.

Looking at addext and its permissions of rwxr-xr--, it's suddenly clear that the owner (scott) can read, write, and execute the file; the members of the group (root) can read and execute the file, but not write to it; and everyone else on the machine (often called the "world") can read the file but cannot write to it or run it as a program.

Now that you understand what permissions mean, you'll start to notice that certain combinations seem to appear constantly. For instance, it's common to see rw-r--r-- for many files, which means that the owner can both read and write to the file, but both the group and world can only read the file. For programs, you'll often see rwxr-xr-x, which allows everyone on the computer to read and run the program, but restricts changing the file to its owner.

Directories, however, are a bit different. The permissions of r, w, and x are pretty clear for a file: You can read the file, write (or change) it, or execute it. But how do you execute a directory?

Let's start with the easy one: r. In the case of a directory, r means that the user can list the contents of the directory with the ls command. A w indicates that users can add more files into the directory, rename files that are already there, or delete files that are no longer needed. That brings us to x, which corresponds to the capability to access a directory in order to run commands that access and use files in that directory, or to access subdirectories inside that directory.

As you can see, -l is incredibly powerful all by itself, but it becomes even more useful when combined with other options. You've already learned about -a, which shows all files in a directory, so now it should be obvious what -la would do (or --format=long --all).

$ la -la ~/
drwxr-xr-x     2 scott scott      200 2005-07-28 01:31     alias

drwx------     2 root root        72 2005-09-16 19:14      .aptitude

-rw-r--r--     1 scott scott     1026 2005-09-25 00:11    .audacity
drwxr-xr-x    10 scott scott      592 2005-10-18 11:22     .Azureus
-rw-------     1 scott scott     8800 2005-10-18 19:55    .bash_history
Posted on: 17/01/2011

If you want to leave a comment please Login or Register