Master Linux File Permissions and File Types While Your Coffee Brews
Linux Permissions and File Types Explained by Infographic and Exercises. Perfect for Your Morning Coffee Read.
Master Linux Permissions and File Types While Your Coffee Brews
- Revision: 1.0.
- Date: Jan 2025.
From the Author
My journey with Linux began during high school, and I have been an enthusiast of the operating system and its community ever since. This passion guided my career path into the IT industry, where my Linux expertise has proven valuable throughout my two-decade-long IT journey.
This book started as a compilation of notes I gathered while preparing for the Linux Professional Institute (LPI) examinations. I included exercises within each chapter, which enhanced the learning experience. I have found this approach highly effective, and I trust it will be beneficial for you as well.
Enjoy learning about Linux security!
Best, Nedim.
Contact
If you’d like to get in touch with me, you can use the links below.
Copyright
Copyright © 2025 Nedim Hadzimahmutovic.
All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the author except for the use of brief quotations in a book review.
Introduction
In the IT world today, it’s important to know the basics of Linux. Whether you’re using a simple server, a container-based system like Docker on Kubernetes, or a virtual machine in the cloud, it’s likely running on Linux.
This book teaches you the important skills you need to know to keep a Linux system safe.
Filetypes
A well-known expression says that everything in Linux is considered a file. In the following diagram, you can find a map that shows the most common file types.
Common File Types
The three most common file types are:
- Regular files: A Regular file can contain any data and can be modified, moved, copied, or deleted.
- Directories: A directory is a special file containing other files or directories, helping to organize the file system.
- Links: A link is a pointer to another file or directory elsewhere in the same file system.
Less Common File Types
- Block devices: A block device represents a virtual or physical device, typically a disk or other storage device.
- Character devices: A character device represents a virtual or physical device, such as terminals or serial ports.
- Sockets: A socket serves as a channel for communication between two programs.
Identify File Types
The easiest way to identify a file’s type is to use the ls command,
using the long listing format.
Refer to the following table for more information.
| File Type | Symbol | Permissions |
|---|---|---|
| Regular File | - | -rw——- |
| Directory | d | drwxr-xr-x |
| Symbolic Link | l | lrwxrwxrwx |
| Block Device | b | brw-rw—- |
| Character Device | c | crw-rw—- |
| Socket | s | srw-rw—- |
Example of using the stat command to identify the file type.
1
2
stat -c "%n is a %F" /etc/passwd
/etc/passwd is a regular file
Identify Regular Files
Regular files are marked with the - symbol.
This is an example of using ls to identify a regular file, is where the first letter in the output of ls -l represents the file type.
1
2
ls -l /etc/passwd
-rw-r--r-- 1 root root 3274 Dec 22 16:13 /etc/passwd
Identify Directories
Directories are marked with the d letter.
Example of using ls to identify directories.
1
2
ls -ld /etc/
drwxr-xr-x 168 root root 12288 Jan 1 15:12 /etc/
Identify Block Devices
Block devices are marked with the b letter.
This is an example of using ls to identify a block device.
1
2
ls -l /dev/nvme0n1
brw-rw---- 1 root disk 259, 0 Jan 3 12:52 /dev/nvme0n1
Identify Character Devices
Character devices are marked with the c letter.
An example of using ls to identify a character device.
1
2
ls -l /dev/tty
crw-rw-rw- 1 root tty 5, 0 Jan 7 18:22 /dev/tty
Identify Socket Devices
Sockets are marked with the s letter.
An example of using ls to identify a socket device.
1
2
ls -l /run/systemd/notify
srwxrwxrwx 1 root root 0 Jan 3 12:52 /run/systemd/notify
Links
Links are special types of files and there are two types:
-
Symbolic links: These types of links point to other files or directories.
-
Hard links: These types of links point to the same place on the disk, known as inode, just as the original file.
Symbolic Links
A symbolic link is a special type of file that points to the path of another file. It’s like a shortcut or alias.
Identify Symbolic Links
Symbolic links are marked with the l letter.
Example of using ls to identify a symbolic link.
1
2
ls -l /dev/core
lrwxrwxrwx 1 root root 11 Jan 3 12:52 /dev/core -> /proc/kcore
Creating Symbolic links
The command used to create a symbolic link is ln but with the -s
option.
Example that demonstrates how to create a symbolic file.
1
2
touch target_file.txt
ln -s target_file.txt the_soft_link.txt
To check the results use the command ls -l as follows.
1
2
3
ls -l
-rw-r--r-- 1 root root 0 Nov 6 12:23 target_file.txt
lrwxrwxrwx 1 root root 15 Nov 6 11:54 the_soft_link.txt -> target_file.txt
- Symbolic links can point to a file or directory.
- You can create symbolic links on different partitions.
- You can create a symbolic link to a non-existent file.
- Symbolic links are useful when you need to create a link to a file or directory that is located on a different file system.
- You can identify a symbolic link in the output of
ls, where the first character on the permissions for a symbolic link is'l'.
Access the man page for more info.
1
man ln
Hard Links
Hard links are pointers to the same inode on the disk. This means that
two different hard links can point to the same data.
- The
TARGETfile must exist before creating a hard link.- If you do not specify a the_link_name a hard link with the same name as the target_file will be created in the current directory.
- When the target_file or the_link_name are not in the current directory then use full path also known as absolute paths.
Creating Hard Links
The command used to create hard links is the ln command.
The basic syntax is shown below.
1
ln target_file the_link_name
In this example we create a new file named myfile and a new link named mylink.
1
2
echo "Hi, there." > myfile
ln myfile mylink
Identify Hard Links
Hard links do not have a special symbol that we can use to identify
them. They are regular files. In order to identify hard links we use
ls with the -i option.
In this step, we check the inodes to make sure both files have the same inode.
1
2
3
4
ls -il myfile
2027339 -rw-r--r-- 2 root root 11 Dec 31 08:29 myfile
ls -il mylink
2027339 -rw-r--r-- 2 root root 11 Dec 31 08:29 mylink
Notice the number
2. That means two files point to the same inode.
Another way to check that both files have the same inodes is using the stat command as follows.
1
2
3
4
5
stat -c "%n is a %F with inode %i" mylink
mylink is a regular file with inode 2027339
stat -c "%n is a %F with inode %i" myfile
myfile is a regular file with inode 2027339
Notes on Hard Links
- Hard links can be deleted using the
rmcommand. However, deleting a hard link does not delete the underlying data as long as other hard links are pointing to it. - Hard links can be renamed or moved using the
mvcommand. Since they point to the same inode, they can be relocated freely without affecting the data. - There is no risk of “breaking” a hard link when moving it. As long as the inode remains accessible on the filesystem, the hard link will continue to point to the same data.
- You can
NOTcreate a hard link to a directory.- You can
NOTcreate a hard link to a file that is located on a different filesystem.
Access the man page for more info.
1
man ln
File Permissions
Introduction
Linux allows multiple users to access and use the system at the same time. File permissions are crucial in a multi-user system to protect user privacy. It ensures that only authorized users can access and modify files.
The three sets of permissions are:
- Owner permissions: Apply to the user who owns the file.
- Group permissions: Apply to members of the group that owns the file.
- Other permissions: Apply to all other users who are not the owner or a member of the group.
The ls command
The ls by default is used to list the contents of a directory.
Example to display contents of the current directory.
1
ls
1
ls .
However, it can be used to list file permissions and ownerships or to find hidden files and directories.
Example to check the permissions of files.
You can use the -l option which is known as long listing format. The
complete command would be ls -l.
1
2
3
4
5
ls -l
total 552
-rw-rw-r-- 1 coolin coolin 493743 Oct 23 10:58 book.pdf
drwxrwxr-x 5 coolin coolin 4096 Oct 15 08:27 chapters
Infographics that explain each column in a long listing representation.
For example the following case.
1
drwxrwxr-x 5 coolin coolin 4096 Oct 15 08:27 chapters
Access the man page for more info.
1
man ls
Hidden Files
To view hidden files in a directory use the -a or --all option with
the ls command. This option tells ls to list all files, including
those that are hidden.
An example can be found below.
1
2
ls -a ~
. .. .bash_history .bashrc .profile
Or
1
2
3
4
5
6
ls -a -l ~
total 76
drwx------ 8 root root 4096 Oct 23 14:47 .
drwxr-xr-x 23 root root 4096 Aug 5 17:07 ..
-rw------- 1 root root 24062 Oct 22 21:20 .bash_history
-rw-r--r-- 1 root root 161 Apr 22 2024 .profile
Refer to the
lscommand’s manual pages for more details.
1
man ls
Directory Permissions
Directories are file types that are marked with the letter d. You
set the permissions the same way as with files, but directories behave
differently than files when it comes to permissions.
| Symbol | Permission | Octal | Description |
|---|---|---|---|
| r | Read | 4 | View the contents of a directory (e.g., list files and subdirectories). |
| w | Write | 2 | Modify the contents of a directory (e.g., create, delete, or rename files |
| x | Execute | 1 | Enter a directory. |
The Read Permission
- Allows a user to view the contents of a directory, such as listing files and subdirectories.
- A user with ‘
r’ permission can not read the contents of individual files within a directory. - The ‘
r’ permission only grants access to the directory’s contents, not the individual files.
The Write Permission
- Allows a user to modify the contents of a directory, including creating, deleting, and renaming files.
- A user with ‘
w’ permission can change the permissions of any file within a directory, regardless of their permissions or ownership. - The ‘
w’ permission grants the ability to change file permissions within the directory.
The Execute Permission
- Allows a user to enter or access a directory.
- The ‘
x’ permission does not grant access to listing the contents of a directory. - The ‘
x’ permission only allows entry into the directory. To list the contents, the ‘r’ permission is also required.
To remove all permissions use the command below.
1
chmod 0000 myfile
File Permissions
To understand security, you need to master Linux file permissions. As they control who can access files, and modify them it is crucial to understand how they work and how to correctly set file permissions.
A dash (
-) represents the lack of a particular permission.
The chmod command
Using the chmod command you change file mode bits meaning you can
modify file permissions.
There are two modes to change permissions:
- Symbolic mode,
- Numeric mode.
Symbolic Mode
In this mode, permissions are represented by letters. The symbolic mode offers a detailed approach to modifying permissions, allowing you to add or remove specific permissions.
In this example we will make a file readable and executable by everyone, you would use the following example.
1
chmod a+rx file.txt
This is an example of how you use the symbolic mode to add read and write permissions for the user and group, but revoke all permissions for others.
1
chmod ug+rw-x,o-rwx text.txt
To check if permissions were set correctly use the following command.
1
2
ls -al text.txt
-rw-rw---- 1 kulin kulin 0 Dec 24 20:16 text.txt
Numeric Mode
In this mode, permissions are represented using numbers. In this mode
permissions are represented as follows: read is 4, write is
2, and execute is 1.
Basic Overview of Permissions
A basic permissions demonstration can be found in the next table.
Detailed Overview of Permissions
A demonstration of detailed permissions can be found in the next table.
Commonly Used Permissions
A common practice when setting permissions to files and directories is as follows:
- Directories: 755 or 750,
- Files: 644 or 640,
- Sensitive files containing credentials: 600.
The 777 is a world-readable type of permission meaning everyone gets all permissions. It should be used with extreme caution.
Refer to the
chmodcommand’s manual pages for more details.
1
man chmod
The stat command
This command is used to status files. We will cover the basic use cases that are useful in the context of this chapter.
Display Permissions in Octal Mode
Example to easily get a file’s permissions in octal mode.
1
2
stat -c %a /etc/passwd
644
Display Permissions in Human Readable Form
Example to easily get a file’s permissions in human-readable form.
1
2
stat -c %A /etc/passwd
-rw-r--r--
You can combine
statoptions as shown below.
1
2
stat -c "%n is a %F, permissions are %A, in octal %a" /etc/passwd
/etc/passwd is a regular file, permissions are -rw-r--r--, in octal 644
Refer to the
statcommand’s manual pages for more details.
1
man stat
File Ownership
In the Linux operating system, file ownership is a very important security aspect. The chown command lets you change who owns a file or folder. This is very helpful when administrators need to give or take away access to certain files. This chapter introduces how to use the chown command.
Identify File Ownership
To view the file ownership for /etc/passwd do as
follows.
1
2
ls -l /etc/passwd
-rw-r--r-- 1 root root 3274 Dec 22 16:13 /etc/passwd
The chown command
The chown command is used to modify file ownership. The syntax for the
chown is:
1
chown user_name:group_name file_name
To view current ownership of a file use the ls -l command to list
files with detailed information.
1
2
ls -l target_file.txt
-rw-r--r-- 1 root root 0 Nov 6 12:23 target_file.txt
Change the Owner
Following is an example of how to change the owner of a file.
First, we create the myfile file and list the current ownership
details.
1
2
3
touch myfile
ls -l myfile
-rw-r--r-- 1 root root 0 Jan 1 22:36 myfile
The next step is to change the owner from root to user kulin.
1
2
chown -v kulin myfile
changed ownership of 'myfile' from root to kulin
The last step is to list the new ownership information.
1
2
ls -l myfile
-rw-r--r-- 1 kulin root 0 Jan 1 22:36 myfile
To view only the username of the owner you can use the stat command as follows.
1
2
stat -c "The username %U is the owner for the file %n" myfile
The username kulin is the owner for the file myfile
Change the Owner Group
Following is an example how to change the group ownership of a file.
First we list the current ownership information.
1
2
ls -l myfile
-rw-r--r-- 1 kulin root 0 Jan 1 22:36 myfile
Next, we change the group of the owner.
1
2
chown -v :kulin myfile
changed ownership of 'myfile' from kulin:root to :kulin
The last step is to list the new ownership information.
1
2
ls -l myfile
-rw-r--r-- 1 kulin kulin 0 Jan 1 22:36 myfile
To view the only group of the owner you can use the stat command as follows.
1
2
stat -c "The group name of the owner is %G for the file %n" myfile
The group name of the owner is kulin for the file myfile
To change both user and group at the same time follow the next example.
1
chown -v kulin:kulin myfile
To change the ownership of a directory and all its contents
recursively, use the -R option as demonstrated in the next example.
1
chown -R username:groupname directory
Check out the man pages for more info.
1
man chown
Special Permissions
The three special permissions are:
- The
Stickybit, - the
SUIDbit, and - the
SGIDbit.
These permissions can be specified using:
- symbolic mode: they are represented by letters (t, s, S), or
- numeric mode: they are represented by numbers (1, 2, 4).
The Sticky Bit
The sticky bit is also known as the restricted deletion flag. It does not affect individual files, but when set at the directory level it prevents users from removing or renaming files. Only the owner and the root user can remove files in that directory.
The sticky bit on files is ignored on the modern versions of Linux.
Identifying the Sticky Bit
Example: the /tmp directory.
A well-known system directory with the sticky bit set on it is the
/tmp directory as shown below. Since this directory is word-readable
and world-writable it prevents users from deleting files unless they own
the parent directory.
1
2
ls -ld /tmp
drwxrwxrwt 35 root root 4096 Dec 25 19:09 /tmp
Notice the
tat the last place in the permissions.
Setting the Sticky Bit
Symbolic mode
In symbolic mode, the sticky bit is represented by a "t" within the
other’s permissions.
- To enable it, use ”
+t“. - To disable it, use ”
-t“.
For example to set the sticky bit for mytmp.
1
chmod +t mytmp
To check the directory permissions use the following command.
1
2
ls -ld ./mytmp
drwxrwxrwt 2 root root 4096 Dec 25 19:37 ./mytmp
Numeric Mode
In numeric mode, we will use the four-digit notation and set the first
digit to “1” which sets the sticky bit.
Example where the execute permission is set.
1
2
3
chmod 1771 mytmp
ls -ld ./mytmp
drwxrwx--t 2 root root 4096 Dec 25 19:37 ./mytmp
Example where the execute permission is set.
1
2
3
chmod 1777 mytmp
ls -ld ./mytmp
drwxrwxrwt 2 root root 4096 Dec 25 19:37 ./mytmp
Example where the execute permission is NOT set.
1
2
3
chmod 1774 mytmp
ls -ld ./mytmp
drwxrwxr-T 2 root root 4096 Dec 25 19:37 ./mytmp
Example where the execute permission is NOT set.
1
2
3
chmod 1770 mytmp
ls -ld ./mytmp
drwxrwx--T 2 root root 4096 Dec 25 19:37 ./mytmp
The sticky bit is represented with
twhen the execution permission is enabled, and asTwhen the execute permission is missing.
The
/tmpand/var/tmpdirectories often have the sticky bit set to prevent unauthorized users from deleting or modifying files created by other users.
SUID
SUID (Set User ID) is a special permission that allows a file to be
executed with the privileges of the user who owns the file. When a
SUID is set on a file where the owner is root then the user that is
running the file can execute that file with root privileges. This
means that the user running the program will temporarily inherit the
root permissions.
Identifying SUID
Files with SUID bit show a letter ’s’ replacing the ‘x’ on the
user permissions filed, as shown in the following diagram and examples.
SUID can only be set on files, not directories.
Example: the password command.
1. We will check the file permissions using the ls command.
1
2
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 64152 May 30 2024 /usr/bin/passwd
2. Next, we check the permissions with stat to show the
permissions in octal and human-readable formats.
1
2
stat -c "File %n has %a and %A permissions" /usr/bin/passwd
File /usr/bin/passwd has 4755 and -rwsr-xr-x permissions
Notice the s in the user ownership field in the permissions.
Setting SUID
Symbolic Mode
In symbolic mode, SUID is set by using the letter “s” in the user
permission field.
- To enable it, use “
u+s“. - To disable it, use “
u-s“.
Examples where we add only the SUID without any other user permissions.
1
2
3
chmod u+s myfile
ls -l myfile
---S------ 1 root root 0 Oct 24 13:05 myfile
1
2
3
u+s,u-rwx myfile
ls -l myfile
---S------ 1 root root 0 Dec 30 17:46 myfile
Please notice the capital letter S. That means the execute user permissions are missing.
In this example where we add the SUID bit, read, write, and execute user permissions.
1
2
3
chmod u+rwxs myfile
ls -l myfile
-rws------ 1 root root 0 Oct 24 13:05 myfile
If the user permission section shows “
s“ instead of “x“, then theSUIDbit is set.
Numeric Mode
The octal value of SUID is 4, therefore we add 4 to the
user permissions.
Here is an example where we set the SUID only, without any other user permissions.
1
2
3
chmod 4000 myfile
root@nedim-IdeaPad-box:~/emptydir# ls -l myfile
---S------ 1 root root 0 Oct 24 13:05 myfile
In this example, we set SUID and grant 755 permissions.
1
2
3
chmod 4755 myfile
ls -l myfile
-rwsr-xr-x 1 root root 0 Oct 24 13:05 myfile
SGID
Set GID, also known as SGID or Set Group ID bit, is a permission that
can be applied to both executable files and directories.
This special permission has the following functions:
- When applied to executable files, once a user executes the file it grants the resulting process permissions of the group that owns the file.
- When applied to directories, it makes every file or directory created under it inherit the group from the parent directory.
As we explained previously, when the
SGIDbit is set on a folder, any new files created inside that folder will automatically belong to the same group as the folder itself. It doesn’t matter who created the file. This can be helpful when you want all files in a folder to belong to a specific group, even if different people create those files.
Identifying SGID
Files with SGID bit show a letter “s“ replacing the “x” on the
group permissions. Please see the following diagram and examples.
Setting SGID
You need to be careful when using the SGID bit because it can create
security problems. For example, if a folder with the SGID bit is set
it can be written to by anyone who is a member of that group. Anyone in
that group could create files within that folder. These files would
belong to the group, which could give them access to data they shouldn’t
have.
It’s usually better to use group ownership and permissions correctly instead of relying on the
SGIDbit.
Symbolic Mode
To set the SGID bit on a directory, in symbolic mode, we use the command demonstrated below.
1
2
3
chmod g+s mydirectory
ls -ld mydirectory
drwxr-sr-x 2 root root 4096 Dec 30 19:47 mydirectory
To set the SGID bit on a file in symbolic mode, we use the command demonstrated below.
1
2
3
chmod g+s,g+rwx myfile
ls -l myfile
----rws--- 1 root root 0 Dec 30 17:46 myfile
To set the SGID bit on a file in symbolic mode, with missing execute permissions, we use the command demonstrated below.
1
2
3
chmod g+s,g+rw,g-x myfile
ls -l myfile
----rwS--- 1 root root 0 Dec 30 17:46 myfile
Please notice the capital letter S. That means the execute group permissions are missing.
Numeric Mode
The octal value of SGID is 2, therefore we add 2 to the group
permissions.
To set the SGID bit on a directory, in numeric mode, we use the command demonstrated below.
1
2
3
chmod 2755 mydirectory
ls -ld mydirectory
drwxr-sr-x 2 root root 4096 Dec 30 19:47 mydirectory
To set the SGID bit on a file, in numeric mode, we use the command demonstrated below.
1
2
3
chmod 2755 myfile
ls -l myfile
-rwxr-sr-x 1 root root 0 Dec 30 17:46 myfile
Special Directories
Understanding Temporary Files
Temporary files are files used by programs for short-term data storage. They can be used for various purposes, such as storing process data and logs. The Filesystem Hierarchy Standard (FHS) defines standard locations for temporary files, as shown in the table below.
- Both
/tmpand/var/tmpare used for temporary files but have different behaviors. - Files in
/tmpare typically erased during system boot-up, while files in/var/tmpare usually preserved between reboots. - The
/rundirectory is used for run-time variable data used by running processes, such as process identifier files (PID). It is intended to be cleared during system boot-up.
Securing Temporary Files
The most widely used location for storing temp files is the /tmp
directory. It is a system-wide temporary directory that any user can
write and read from. Managing permissions for this directory is a
challenge as the correct access permissions need to be set to make sure
that users cannot erase or modify files created by others. In short,
choosing /tmp to store and execute your files can be very dangerous.
To implement security to the /tmp directory, the sticky bit is
used. When set for a directory, the sticky bit prevents users from
removing or renaming a file within that directory unless they own the
file.
Identifying the Sticky bit on /tmp
To check the permissions on /tmp use the ls command, as follows.
1
2
3
ls -ldh /tmp/ /var/tmp/
drwxrwxrwt 392 root root 28K Dec 2 08:42 /tmp/
drwxrwxrwt 14 root root 4.0K Dec 2 08:39 /var/tmp/
The sticky bit is indicated by a “
t” replacing the “x” in the permission for others.
The sticky bit helps to protect files created by other users from being accidentally or maliciously deleted or modified.
Summary
In Linux, everything you interact with, such as files, folders, and even
devices like your keyboard or mouse, is considered a file. This might
seem unusual the first time you start working on Linux, but it’s a core
concept that makes Linux incredibly flexible and powerful.
In this book, we learned about the different types of files, from regular files to special files that represent hardware or are used for communication. We also learned about links, which are shortcuts to files, and how to identify them.
One of the most important aspects of Linux is security. File permissions
determine who can access and modify your files. This is crucial in a
multi-user environment, where you usually share a computer with other
people. We learned how to use commands like ls and chmod to view and
change these permissions, giving you control over your data.
Special permissions, like the Sticky bit, SUID, and SGID, provide
extra layers of security. For example, the Sticky bit can prevent
other users from deleting files in shared directories.
Understanding file types and permissions is a must for any Linux user. It allows you to manage your system efficiently and protect your data.
I hope the effort I put into this book, especially the graphics makes this topic as simplified as it can be. Let me know if you’d like any specific parts explained further.
Please do not hesitate to contact me, via the links below.
My goal is and always will be to make knowledge more accessible to everyone.
Best, Nedim.