How Do File Permissions Work for the Root User

1. Overview

File permissions on a Linux system regulate who can read, write, and run files. They maintain system security and ensure only authorized users can access or modify files.

The root user, however, has special privileges that allow it to bypass most permission restrictions compared to regular users.

In this tutorial, we’ll discuss how file permissions work for the root user, how root can override these permissions, and scenarios where even the root is restricted.

2. Understanding Linux File Permissions

Every file and directory in Linux has a set of permissions that determine who can access and modify it. They are divided into three categories:

Owner – user who owns the file
Group – a collection of people who share access to the file
Others – every other system user

Furthermore, each file and directory has three types of permissions:

Read – enables us to see a file’s contents
Write – enables us to change a file’s contents
Execute – enables a file to run as a script or program

To check file permissions, we use the ls -l command:

$ ls -l /etc/passwd
-rw-r--r-- 1 root root 3575 Sep  4  2024 /etc/passwd

Let’s understand the file permissions in the above example:

rw – indicates the owner root has read and write permissions
r – indicates the group root has read-only permission
r – indicates all others have read-only permission

These permissions determine how users interact with the /etc/passwd file.

3. Root User

In Linux, every user has a distinct User ID. The root user has a User ID of 0, a special identifier recognized by the Linux kernel that grants unrestricted access to all files, directories, and system operations.

While file permissions restrict regular users, the root user can override these restrictions and perform any action on the system.

To perform administrative tasks, users can run single commands with root privileges using sudo or switch to a root shell and run multiple commands as the root user.

In this section, we’ll explore how the root user interacts with file permissions.

3.1. Access Any File

Access permissions protect every file and directory in a Linux system. Regular users can only access files if they have the appropriate permissions. However, the root user can access any file, even if the owner or the system has denied access to others.

To demonstrate, let’s consider a file with strict permissions:

$ ls -l private.txt 
---------- 1 samuel samuel 2316 Mar 20 13:39 private.txt

The output shows that the private.txt file has no read, write, or execute permissions for anyone, even the file owner. When a regular user tries to access the file, they get a permission error:

$ cat private.txt 
cat: private.txt: Permission denied

But the root user can bypass these restrictions:

$ sudo cat private.txt
...

Here, sudo grants us temporary root privileges, allowing us to bypass the permission restrictions and read the file.

3.2. Change File Ownership and Permissions

Each file in Linux has an owner and an associated group. Regular users can only change the permissions of files they own. However, the root user can change ownership and permissions for any file on the system using the chown command.

To begin, let’s consider a file owned by a specific user:

$ ls -l contacts.txt 
-rw-rw-r-- 1 kevin developers 180 Apr  3 07:07 contacts.txt

The above file is owned by a user named kevin. If a regular user attempts to change ownership of the file, they get an error:

$ chown paul contacts.txt
chown: changing ownership of 'contacts.txt': Operation not permitted

Whereas, the root user can change ownership of the file:

$ sudo chown paul contacts.txt

Now, let’s check the ownership of the file:

$ ls -l contacts.txt 
-rw-rw-r-- 1 paul developers 180 Oct  10 07:07 contacts.txt

The output shows that we changed the ownership of the file from kevin to paul.

Similarly, the root user can also change the permissions of a file. For instance, let’s consider a file that has restrictive permissions preventing any modifications:

$ ls -l logs.txt 
-r--r--r-- 1 samuel samuel 1250 Jan  3 07:21 logs.txt

The logs.txt file has read-only permissions for all users, including the owner. If we try to modify the file, we get an error:

$ echo "New log entry" >> logs.txt
bash: logs.txt: Permission denied

As the root user, we can change the permissions of the file:

$ sudo chmod 755 logs.txt

In this example, we use chmod to change the permissions of the logs.txt file. Here, 755 is a numeric representation of the new permissions setting we apply to the file. They allow the owner to read, write, and execute the file, and the group and others to read and execute the file, but not write to it.

Now, we can modify the file without getting any errors.

3.3. Delete Any File

The permissions of the directory where the file is located determine whether or not a file can be deleted. A regular user can only remove a file if they are the owner of the file or have write permission to the directory where the file is located. On the other hand, the root user can delete any file regardless of the file or directory permission settings.

To demonstrate, let’s delete a file in a directory with read-only permission for the owner and no permissions for anyone else:

$ ls -ld Private/
dr-x------ 2 samuel samuel 4096 Jan 09 22:06 Private/

Now, when a regular user tries to delete a file in this directory, they get an error:

$ rm access_logs.txt 
rm: remove write-protected regular file 'access_logs.txt'? y
rm: cannot remove 'access_logs.txt': Permission denied

To explain, since the directory containing the file doesn’t have write permission, we can not delete it.

However, the root user can override these restrictions and delete the file:

$ sudo rm access_logs.txt

Using sudo, we run the command with superuser privileges, allowing us to override the directory permission restrictions and delete the file.

4. When Root Is Restricted

While the root user is powerful, there are special cases where the root user can be restricted.

4.1. Immutable Files

Linux supports extended file attributes, such as marking a file as immutable. An immutable file cannot be modified, deleted, or renamed even by the root user.

To illustrate, let’s set a file as immutable:

$ sudo chattr +i passwords.txt

The above command applies the immutable attribute to the passwords.txt file. Now, when we try to modify or delete the file as a root user, we get an error:

$ sudo echo "Test" >> passwords.txt 
bash: passwords.txt: Operation not permitted
                                            
$ sudo rm passwords.txt 
rm: cannot remove 'passwords.txt': Operation not permitted

If we want to modify the file, we need to remove the immutable restriction:

$ sudo chattr -i passwords.txt

Now root can modify or delete the file.

4.2. Read-Only File Systems

When a filesystem is mounted as read-only, no modifications can be made to its files and directories even by the root user. This restriction ensures data integrity and protects the system from unwanted changes.

To demonstrate, let’s imagine we mounted a USB drive as read-only. In that case, we get an error if we try to write to it:

$ sudo touch types.txt
touch: cannot touch 'types.txt': Read-only file system

In this example, we get an error when we try to create a file as a root user in a read-only file system. Furthermore, if we try to delete, move, or edit files on this filesystem, we’ll get the same error.

To write on the read-only filesystem, we need to remount the filesystem with write permissions:

$ sudo mount -o remount,rw /dev/sdb1

Now, regular users and the root user can modify files in the filesystem.

5. Conclusion

In this article, we discussed how file permissions work for the root user in Linux. We explored how the root user can override file and directory permissions, and also cases where root is restricted.

Administration

Scripting

Networking

Files

Processes

Full Archive

About Baeldung