Loading...Please purchase the course to watch this video.
Full Course
File permissions play a critical role in ensuring security and managing access to files in Unix-like operating systems, including Linux and macOS. Understanding file permissions involves recognizing three key categories: the owner of the file, the group associated with the file, and all other users. Each category can have specific permissions defined as read, write, or execute, denoted using indicators or numerical values in octal format. The lesson explains practical commands such as chmod for changing permissions and chown for altering file ownership, illustrating how to set permissions effectively for sensitive files. Additionally, it highlights the concept of umask, which serves as a safety mechanism to limit default permissions on newly created files, emphasizing the importance of proper file permissions to safeguard sensitive data from unauthorized access. Overall, mastering file permissions is essential for any developer working within these systems, as it directly impacts application security and data integrity.
No links available for this lesson.
Now that we understand the different flags we can use when opening a file in Go, let's examine the other side of the equation: the file's mode, also known as file permissions. In this lesson, we'll focus on Unix file permissions (Linux, macOS, FreeBSD), as Windows has a very different concept known as Access Control Lists (ACLs).
Note: If you're interested in Windows-specific permissions, check out the Go ACL package, which provides functionality for manipulating ACLs on Windows.
File Ownership in Unix Systems
In Unix systems, every file has an owner and belongs to a group. When we run ls -lah, we can see:
-rw-r--r-- 1 eliot users 0 Apr 28 15:30 myfile.txt
The columns represent:
- File permissions
- Number of links
- File owner (user)
- File group
- File size
- Last modification date
- Filename
A file can only have one owner, but it has three permission sets:
- User permissions (the file's owner)
- Group permissions (users in the file's group)
- Other permissions (everyone else)
Understanding Permission Notation
The first column in ls -lah output shows file permissions:
- First character: File type (
-for regular file,dfor directory) - Next three characters: Owner permissions
- Next three characters: Group permissions
- Last three characters: Other permissions
Each set of three characters represents:
r: Read permissionw: Write permissionx: Execute permission-: No permission
Changing Permissions with chmod
The chmod command (Change Mode) is used to change file permissions in Unix:
# Add write permission to group
chmod g+w myfile.txt
# Remove write permission from group
chmod g-w myfile.txt
Numeric Permission Notation (Octal)
A more common way to express permissions, especially in programming, is using octal numbers:
0644
↑↑↑↑
││││
│││└── Others: read (4)
││└─── Group: read (4)
│└──── Owner: read (4) + write (2) = 6
└───── File type (0 for regular file)
Each permission is assigned a value:
- Read: 4
- Write: 2
- Execute: 1
You add these values to define the permission for each category:
7= read (4) + write (2) + execute (1)6= read (4) + write (2)5= read (4) + execute (1)4= read (4)0= no permissions
Setting Permissions in Go
In Go, we can set permissions when creating a file using the third parameter of os.OpenFile:
file, err := os.OpenFile("myfile.txt", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
if err != nil {
log.Fatal("Failed to open file:", err)
}
For existing files, we can use the os.Chmod function:
err := os.Chmod("myfile.txt", 0644)
if err != nil {
log.Fatal("Failed to change permissions:", err)
}
Understanding umask
When creating files, the system applies a bitmask called umask to the permissions you specify:
$ umask
0022
This means:
- User permissions: unchanged (0)
- Group permissions: write permission removed (2)
- Other permissions: write permission removed (2)
So if you specify 0666 when creating a file, the actual permissions will be 0644 (with a umask of 0022).
You can temporarily change the umask:
# Set umask to 0 (no restrictions)
umask 0000
Changing File Ownership with chown
The chown command (Change Owner) changes the owner or group of a file:
# Change owner to root and group to root
sudo chown root:root myfile.txt
# Change just the owner
sudo chown root myfile.txt
# Change just the group
sudo chown :users myfile.txt
In Go, this can be done with os.Chown:
err := os.Chown("myfile.txt", 0, 0) // Change to root:root (UID 0, GID 0)
if err != nil {
log.Fatal("Failed to change owner:", err)
}
Common Permission Patterns
Typical default permissions:
- Regular files:
0644(rw-r--r--) - Directories:
0755(rwxr-xr-x) - Private files (like SSH keys):
0600(rw-------) - Executables:
0755(rwxr-xr-x)
Why Permissions Matter
File permissions are crucial for security:
- Preventing unauthorized users from reading sensitive files
- Controlling who can modify important files
- Restricting execution of potentially dangerous files
- Implementing the principle of least privilege
For example, if you're running a web application, you might:
- Store configuration with sensitive data as
0600(only readable by the owner) - Make web content readable by everyone but writable only by specific users
- Ensure executable files have the right permissions
Summary
Understanding file permissions is essential when working with files in Go on Unix-like systems:
- Files have three permission sets (owner, group, others)
- Each set can have read, write, and execute permissions
- Permissions can be specified numerically (octal) or symbolically
- The system's umask affects the actual permissions of newly created files
- Proper permissions are crucial for security
When in doubt, use:
0644for regular files0755for directories and executables0600for sensitive files