File permission meanings
Permissions as numbers are 3 octal numbers. 555, for example, when converted to 3 binary numbers is 101 101 101 which would correspond to r-x r-x r-x. The first set is owner, second set is group, third set is everyone else.
r = read
w = write
x = execute
If any of those are missing (-), then that set does not have those permissions.
What does a period in the file permissions mean?
From the info/man pages:
GNU 'ls' uses a '.' character to indicate a file with an SELinux
security context, but no other alternate access method.
The whole section also mentions a '+', which is relevant:
Following the file mode bits is a single character that specifies
whether an alternate access method such as an access control list
applies to the file. When the character following the file mode bits
is a space, there is no alternate access method. When it is a
printing character, then there is such a method.GNU 'ls' uses a '.' character to indicate a file with an SELinux
security context, but no other alternate access method.A file with any other combination of alternate access methods is
marked with a '+' character.
What are the different file permission codes and what do they mean?
Permissions on Unix-like systems are managed in three distinct classes. These classes are known as user, group, and others.
Classes
Files and directories are owned by a user. The owner determines the file's owner class. Distinct permissions apply to the owner.
Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group members. The owner need not be a member of the file's group.
Users who are not the owner, nor a member of the group, comprise a file's others class. Distinct permissions apply to others.
The effective permissions are determined based on the user's class. For example, the user who is the owner of the file will have the permissions given to the owner class regardless of the permissions assigned to the group class or others class.
Permissions
There are three specific permissions on Unix-like systems that apply to each class:
The read permission, which grants the
ability to read a file. When set for
a directory, this permission grants
the ability to read the names of
files in the directory (but not to
find out any further information
about them such as contents, file
type, size, ownership, permissions,
etc.)The write permission, which grants
the ability to modify a file. When
set for a directory, this permission
grants the ability to modify entries
in the directory. This includes
creating files, deleting files, and
renaming files.The execute permission, which grants
the ability to execute a file. This
permission must be set for executable
binaries (for example, a compiled c++
program) or shell scripts (for
example, a Perl program) in order to
allow the operating system to run
them. When set for a directory, this
permission grants the ability to
traverse its tree in order to access
files or subdirectories, but not see
files inside the directory (unless
read is set).
The effect of setting the permissions on a directory (rather than a file) is "one of the most frequently misunderstood file permission issues".
When a permission is not set, the rights it would grant are denied. Files created within a directory will not necessarily have the same permissions as that directory. The permissions to be assigned are determined using umasks.
Octal Notation
Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system). As a result, specific bits add to the sum as it is represented by a numeral:
The read bit adds 4 to its total (in
binary 100),The write bit adds 2 to its total (in
binary 010), andThe execute bit adds 1 to its total
(in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
Here is a summary of the meanings for individual octal digit values:
0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute
Also note that your file might be owned by user foo
, Apache typically runs as a different user (let's call it bar
). This means that if you want Apache to read it, you need to give group
or other
(depending of your setup) permission to read your file.
You can find more information about POSIX Filesystem permissions on Wikipedia.
Difference between read & execute, file permission
Folder Permissions:
- Execute -> Actually enter that folder but not be
able to read it's contents, see what files are located there.- Read -> Be Able To Read Folder Contents
- Write -> Edit folders data. delete or create new files/folders inside it and etc
File Permissions:
- Execute -> if it's script like
index.php
run it to get data from it- Read -> if it's text file like index.html or
index.php
be able to read it- Write -> ability to change its data
As for security, this permissions are only an issue when your server is accessible by other (not from your team) users and this was mainly happening when people where using hosting services where they were not getting dedicated operating system but there was one operating system and all the users where uploading their data there. So if not correctly secured, they could view and edit each others source codes.
Today as usual you get dedicated server, with more security tools and operating system which is accessible only by you and no one else (virtualization).
So you don't need to worry that someone will view or change your data as you are the only one who has access to that server.
What does the dot at the end of the permissions in the output of ls -lah mean?
From info coreutils 'ls invocation'
under Linux
GNU `ls' uses a `.' character to indicate a file with an SELinux
security context, but no other alternate access method.
A file with any other combination of alternate access methods is
marked with a `+' character.
What does the execute permission do?
Basically it means you can tell the operating system to run the code in the file. For example, if the file was a binary executable, read access would allow you to view it, write access would allow you to modify it, but without execute permissions you would not be able to run the program. In the case of a script, its a little more complicted, because you don't necessarily need to 'run' the program, you can just read its contents into an interpreter, which itself has the execute privelige, but you do not need execute permissions on the script itself.
Some scripts in Linux are themselves executable, you will often see a line at the top like
#!/bin/bash
or
#!/bin/python
That line tells the kernel that the file can be executed by calling the relevant program (and isn't just text). Then you can just run your script like
./script
instead of having to do
python ./script
Meaning of 'others' and 'group' in Unix system file
In Unix Users
belong to Groups
. So a permission for a Group means: for all the other users of the group(s) to which the user belong to, while Others means a permission for all the other users (that is users different from the current user and not belonging to one of its groups).
Related Topics
Using Bash Environment Variables from Within a Perl Script
Identifying Which Linux System Library Contains a Function
Embedding the Password in the Bash Script
How to Put the Current Running Linux Process in Background
Selecting Text in Terminal Without Using the Mouse
How to Use Linux 'Perf' Tool to Generate "Off-Cpu" Profile
Ssh Error When Executing a Remote Command: "Stdin: Is Not a Tty"
How to Automate Telnet Session Using Expect
Gcc: Putchar(Char) in Inline Assembly
Command Not Found in Bash's If-Else Condition When Using [! -D "$Dir"]
Monitoring Pthread Context Switching
Deleting String Up to the First Occurrence of Certain Character
(Master) at End of Terminal Prompt