Linux file permission system is one of the core security mechanisms of Unix-like operating systems. Each file and directory has three sets of permissions: owner, group, and others. Each set includes three basic permissions: read (r=4), write (w=2), and execute (x=1).
Permission representation methods include symbolic notation (e.g., rwxr-xr-x) and numeric notation (e.g., 755). In symbolic notation, r represents read permission, w represents write permission, and x represents execute permission. In numeric notation, read permission is 4, write permission is 2, and execute permission is 1, with combined permission values obtained by addition.
Common permission commands include:
- chmod: modify file permissions, e.g., chmod 755 filename or chmod u+x filename
- chown: modify file owner, e.g., chown user:group filename
- chgrp: modify file group, e.g., chgrp group filename
Special permissions include:
- SUID (Set User ID): When executing a program with SUID set, the program runs with the file owner's permissions instead of the executor's permissions
- SGID (Set Group ID): For files, executes with the file's group permissions; for directories, newly created files inherit the directory's group
- Sticky Bit: For directories, only the file owner and root can delete files in the directory, even if other users have write permissions
Understanding file permissions is crucial for system security and requires reasonable settings based on the principle of least privilege.