File Permissions and attributes

File permissions are displayed as a string of characters in Linux. Each character stands for specific permission, based on the position:

drwxrwxrwx

drwxrwxrwx
File type, this is technically not part of the permission. Directories have a “d”, files a “-“The permissions for the file ownerThe permissions for the group ownerThe permissions for other users
PermissionExplanation
rThe File can be read
wThe file can be written (that includes changes to permissions)
xThe file can be executed (such as scripts, programs, etc.)
No permission

Changing permissions

You can change file permissions with the chmod command. It supports two different methods, the text and numeric method. Text method is more intuitive and can set the permissions for one type of user. The numeric method is more complex but can set permissions for all types of users in one simple command.

text method

The Syntax of this command is: chmod who=permissions, chmod who+permissions or chmod who-permissions as described below:

=Will set the permissions equal …
+Will add specific permissions
Removes specific permissions
WhoExplanation
uThe File owner
gThe Group owner
oAll other users

Numeric method

Numeric permissions are set by a 3-digit number. Every digit stands for the permissions for a specific user type. Starting with the first digit as the file owner, second as the group owner and third as other users permissions.

r = 4Read permissions will add 4
w = 2Write permissions will add 2
x = 1Execute permissions will add 1

Example:

chmod 761 will set the file permissions to: rwxrw—x which can be calculated:

  • Owner: rwx = 4 + 2 + 1 = 7
  • Group: rw- = 4 + 2 + 0 = 6
  • Other: –x = 0 + 0 + 1 = 1

Change ownership

To change the ownership of a file execute chmod fileowner:groupowner, a -R parameter will do that recursively for all subdirectories and files located in a directory.


File Attributes

Files in modern Linux Filesystems can have different attributes that can change the behavior of them. You can use the lsattr command to look up all attributes and the chattr with a + or – to add or remove them.

AttributeNameExplanation
aappend onlyallows adding stuff to a file, but not remove it. This prevents malicious or accidental changes to log files f.e.
ccompressedmakes the kernel compress data which is written to the file
dno dumpmakes sure the file is not backed up in backups where the dump utility is used
eextent formatit indicates that the file is using extents for mapping the blocks on disk.
iimmutablemakes a file immutable, which goes a step beyond simply disabling write access to the file. The file can’t be deleted, links to it can’t be created, and the file can’t be renamed.
jdata journalingit ensures that on an Ext3 file system the file is first written to the journal and only after that to the data blocks on the hard disk.
ssecure deletionit makes sure that recovery of a file is not possible after it has been deleted.
tNo tail-mergingTail-merging is a process in which small data pieces at a file’s end that don’t fill a complete block are merged with similar pieces of data from other files.
uundeletableWhen a file is deleted, its contents are saved which allows a utility to be developed that works with that information to salvage deleted files.
ano atime updatesLinux won’t update the access time stamp when you access a file.
Dsynchronous directory updatesit makes sure that changes to files are written to disk immediately, and not to cache first.
Ssynchronous updatesthe changes on a file are written synchronously on the disk.
Tand top of directory hierarchyA directory will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.