Determining User Access on a Linux Filesystem with „Classic Permissions“

Classic Permissions

The „classic permissions“ of files and directories are stated as:

  • „Read“: The permission to access to contents of a file or to list the entries of a directory.
  • „Write“: The permission to modify the contents of a file or the entries of a directory.
  • „Execute“: The permission to execute a process from the file or change to the directory.

These permissions and any combination of them correspond to octal values as follows:

  • „Read“ has the octal value 4.
  • „Write“ has the octal value 2.
  • „Execute“ has the octal value 1.

For example, to express the combination „Reading and writing allowed, executing forbidden“, 4 and 2 are added, which results in 6.

If a user has write access to the directory that contains a certain file or directory, the user can grant any combination of classic permissions on that file or directory to each of the following entities:

  • „User“: The owner of the file.
  • „Group“: The group owning the file.
  • „Others“: Any user who is not the owner and not member of the group owning the file.

For example, the combination of permissions „user and group can read and write, others have no permissions“ can be expressed by three octal permissions, „660“, where the first digit denotes the user permissions, the second one the permissions of the owning group and the third those of everyone else.

The combination of all these permissions on a specific file or directory is also called the „mode“ of that file or directory. In the example above, the mode of the affected file would be „660“.

For the sake of the following examples, to test how permissions apply to owners, members of owning groups and others, create three users, „user1“, „user2“ and „user3“.  Let „user2“ be a member of the private user-group „user1“. Check that /etc/login.defs has USERGROUPS_ENAB set to „yes“. This will instruct useradd(8) to create a private group for every user it creates; the private group will have the name of the user.

useradd user1
useradd user2
usermod user2 -G user1
useradd user3