Linux Access Control

Native Linux filesystem access control is implemented using a set of properties, maintained separately for each file. These properties are collectively called the access mode, or simply the mode, of the file. The mode is a part of the file’s inode, the information retained in the filesystem that describes the file. A file’s mode controls access by these three classes of users:


The user who owns the file


The group that owns the file


All other users on the system

Like the mode, user and group ownership properties are a part of the inode, and both are assigned when a file is created. Usually, the owner is the user who created the file. The file’s group is usually set to its creator’s default group. Group ownership adds flexibility in situations in which a team shares files. The “other” users are those who aren’t members of the file’s group and are not the file’s owner. For each of these three user classes, the access mode defines three types of permissions, which apply differently for files and directories. The permissions are listed in Table 7-2.

Table 7-2. File permissions



File permission

Directory permission



Examine the contents of the file.

List directory contents.



Write to or change the file.

Create and remove files in the directory.



Run the file as a program.

Access (cd into) the directory.

These three permissions apply to the three different classes of users: user, group, and other. Each has read, write, and execute

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.