The Debian-based Raspberry Pi OS is a multi-user operating system. This makes it easier for developers to collaborate with a project. However, it comes with the risk of having unwanted users or malicious software that may corrupt essential data. To combat this, Linux implements file access permissions to control who can read, write, and execute a particular file or directory.
In order to understand how a Linux-based operating system gives file access permissions, we need to discuss some relevant concepts first.
THE ROOT USER (SUPERUSER)
First of all, is the root user. The root user, sometimes called superuser, is the user that has all the administrative powers on the computer. This means the superuser can read, write, execute, modify, or delete any files or settings on the computer.
The default user of the Raspberry Pi is ‘pi’. It is a normal user whose access and permissions revolve around the files and directories that he owns. That is why if you need to change something computer-wide, you need to use the su and sudo commands.
SU AND SUDO
Both su and sudo are Linux commands that let you gain superuser access. Every Linux distro has them so knowing them is necessary if you want to get comfortable with the Linux environment.
First, let’s tackle su. The su command stands for substitute user. The command syntax is:
su username. When you execute it with a specified username, it creates a temporary shell with the access and permissions of that particular user. Otherwise, if you just type su, it assumes root user. Additionally, you can add a
- switch before you enter the username to take the user settings along with the privileges.
Next, sudo. Sudo means “super user do”. It lets you perform actions with superuser privileges. The command syntax is:
Another difference between the two is that su requires you to enter the root user password before summoning the root shell. You also need to type
exit to leave the shell and return to the original user. Sudo just needs the current user’s password, and once entered, it won’t ask for a password again until fifteen minutes are up.
Now that we’re acquainted with su and sudo let’s proceed on file permissions.
User permissions identify which tasks users can perform and which files and directories users can access.
To view file permissions, simply enter the command
ls -l. It’s the list command with a
-l switch. With this, you should see the list of all the files and directories on your current location. The file permissions can be seen in front of each item.
Furthermore, the file permissions syntax is composed of 10 characters. The first character stands for the file type while the following nine is the access type for different user groups.
Usually, the first character is a ‘-‘ or a ‘d’. A – means that the item is a file while a d means that it is a directory. The remaining nine are actually three groups of three characters. These groups refer to the user types the permissions are applied to.
- user – the second to fourth characters represent the permissions for the owner of the file
- group – the fifth to seventh characters are for a group of users
- others – the last three characters are for anyone else with access to the computer
Furthermore, the three characters in each group represent the level of access. These levels are:
- read – view content of the specified file or directory
- write – change or delete a specified file or directory
- execute – run or copy a specified file or directory
If there’s a ‘–’ symbol among the three characters, it means it does not apply, meaning the user group it belongs doesn’t have the permission to perform that kind of action.
Viewing file permissions is useful if you’re tracking user access on your computer. But if you need to change them, you need to use the chmod command.
Changing File Permissions
Changing file permissions requires you to have ownership of the file, or at least, root privileges. This is done by a command called chmod, also known as “change the mode”. The command syntax is:
chmod mode filename.
The mode can be specified in two ways: symbolic or octal. A symbolic syntax is easier to use. Below are tables that can help you identify which is which.
In any case you’re working with files outside your account, you need root user privileges with the chmod command. You can use both su or sudo commands (See Figure 2).
Furthermore, the following tables show you what the characters in the mode section of the chmod command are. Let’s start with the first character. It tells the command who you’re setting the permissions for.
|Letter||What It Means|
|u||The owner of the file|
|g||The group the owner belongs to|
|o||Everyone who isn’t the owner or the group|
|a||Everyone at all — no exceptions|
After that first character, you specify the action you want to take with the permissions.
|Letter||What It Means|
|+||Adds/turns on a permission|
|–||Removes/turns off a permission|
|=||Ignores the current permissions and sets some|
Lastly, you indicate the permission you want to change.
|X||Special execute for folders|
Take note of the following when performing the actions using chmod:
- You can view inside a directory only when you can execute it. The read action only takes effect on the file level.
- Similarly, you can rename a file only if you can execute it.
- If you have read permissions on a code file, you can run the program using third-party software. You don’t need to have execute permissions.
The execute permission is only necessary if the target file is a self-contained application.
These special cases make integration in Linux a little more challenging. Often, when your software fails to work with another software or file, there’s a high chance the problem is with file permissions. Moreover, sometimes the terminal doesn’t even show anything. Nothing appears on the screen and you’re left guessing what went wrong. So always check file permissions before doing integrations.
Another way to represent permissions is by using octal numbers. Octal numbers are terser and more compact. They will definitely save you time if you master them on Linux.
The syntax is similar to symbolic representation. The first number sets the current user’s permission, the second is for the group, and the third is for everyone else.
The following table shows you the octal number counterparts of the symbols r, w, and x.
|Number||Read r||Write w||Execute x|
725 = rwx-w-r-x 506 = r-x---rw- 157 = --xr-xrwx
Using them with chmod looks like this:
chmod 375 filename.txt. This is similar to
chmod -wxrwxr-x filename.txt