Now that we have identified the players, we can now discuss the concept of permissions and ownership.
Every file in a Linux file system has an ownership. The ownership is further divided into two parts. The first part specifies which user owns the file, the second part specifies which group owns the file. In other words, each and every file is owned by a user and a group. For a normal file, the user and group correspond to the same person. However, it is also possible to set up a file so that its user ownership and group ownership do not map to the same person.
Next, we can specify the permissions to access a file from three perspectives: the user (u) owner’s, the group (g) owner’s and the others’ (o). From each perspective, a file has three permissions.
A read permission (r) specifies whether a file is readable from a perspective. A write permission (w) specifies whether a file is writable from a perspective. An execute (x) permission specifies whether a file can be run as a program.
These permissions also apply to directories. However, for directories, the permissions have slightly different meanings. The read (r) permission specifies whether the folder is readable. If a folder is readable, the included files and subdirectories are visible. The write (w) permission specifies whether the members in a directory can be changed (creating new files and removing old files). Note that a file in a folder can be updated without the folder having the w permission. This is because the updating of a file does not change the membership of the containing directory.
The so-called execute (x) permission specifies something more subtle. This permission specifies whether contents in a folder is accessible. Do not confuse the x permission with the r permission. With only the r permission (without the x permission), membership of a folder is visible. However, though visible, the member files and subdirectories cannot be accessed (read from or written to).
On the other hand, with only the x permission, but without the r permission, member files of a directory are accessible, but they cannot be listed. If a user knows the names of files in such a folder (without using ls or a similar command), those files can still be read from or written to (depending on the permissions on the files themselves).