What Constitutes an Executable File in Linux
...and what it has to do with permissions
This is written by a Windows/DOS user who migrated
to Linux, who was accustomed to how file extensions
in Windows identify to the operating system the nature
of an executable file. A file such as dosomething.exe
or somethinghelp.dll in Windows is supposed to be
(maybe not: it could have been renamed) executable,
and there is a limited list of filename extensions
that identify a file that contains executable code.
Linux cares nothing about such file extensions; an
executable file in Linux may have any legal filename.
In the header of a file in a Linux volume there are
bits (called file mode bits) that grant nine permissions
settings, of which three have to do with being executable.
The other six have to do with being readable or writable.
Permission means permission (1) to be read, (2) to be
written to or deleted, or (3) for code in the file (if
there is any) to be executed by the Linux kernel as a
command or an application program.
There are three entities who may be granted the above
permissions: (1) the user who owns the file, (2) other
users in the file owner's login group when the file was
created (note: the group can be changed), or (3) other
users not in the group. Each of these three, times any
of the three types of permissions (read, write and
execute), result in nine permissions settings. (There
is an additional bit, the "sticky bit," used rarely
for special situations.)
The resulting configuration of permissions is called
the file mode, and it can be viewed or changed in the
GUI by clicking on a file's Properties --> Permissions.
It can also be viewed in a terminal session with the
file listing command ls, or changed with chmod. The
owner of a file or its group owner may be changed with
chown, or its group with chgrp.
In a terminal window the command ls with parameter -l
shows the bit settings.
ls -l do_something.bin
The above command gives a reading such as this:
-rwxr--r-- 1 george george 28446 Dec 19 10:03 do_something.bin
where "do_something.bin" is the name of an executable
file. George is the file's owner (george is also a group
name). The file extension .bin indicates that it is most
probably a binary file (though, any file could be named
with a .bin extension). Suppose, on the other hand, the
file is a python script, file.py, then:
-rwxr--r-- 1 george george 7420 Dec 19 10:50 do_something_else.py
The file containing Python code would not need to be
named with a .py extension; that's only a naming
convention commonly adhered to. Suppose the file is
a bash script with no extension:
-rwxr--r-- 1 george george 492 Dec 19 11:13 do_something_simple
All three above hypothetical listings begin with ten
columns "-rwxr--r--". The first column tells whether the
file (the entity) is an actual file or a directory or a
symbolic link or a device (Linux lumps all those entities
in the same file listing boat). If it is a hyphen then
the thing is a file; if it is a d then it is a directory
(in Windows that would be called a folder). The next nine
columns show the file permissions settings for user, group,
and other.
columns 2-4 represent the owner's permission settings
columns 5-7 represent the group members' permissions
columns 8-10 represent everyone else's permissions
In all these above examples:
Columns 2-4 are "rwx" which means the file owner george may
read the file (r), may write to or delete it (w), and may
execute it (x). Thus the file owner may call it for the
Linux kernel to execute the program code it contains,
assuming it contains program code.
Columns 5-7 are "r--" which means the members of the group
george may read this file only only -- may not write to it
or delete it, and may not run it even though it contains
executable code.
columns 8-10 are "r--" which means everyone else may read
only -- may not write and may not run. If a user attempts
to do something for which there is no permission, Linux
will not send an electric shock through the keyboard as
punishment -- instead either an error message will appear
or there will be no response.
If on the other hand a file may be run (executed) by any
Linux user with access to it, then columns 4, 7 and 10
will be shown in the ls -l listing as x, like this:
-rwxr-xr-x 1 george george 28446 Dec 19 11:12 do_something.bin
In this case columns 5-7 and 8-10 both show "r-x" which
means anyone in the group or any other user may read the
file or may run it as a program -- but may not write to
that file and thus change its contents, nor delete it.
The above file listing shows that only the user who owns
the file may write to it.
Suppose anyone in the owner's group were allowed to run
the file and write to it, but nobody else -- then (let's
use as an example the python script here instead of the
binary):
-rwxrwxr-x 1 george george 7420 Dec 19 11:19 do_something_else.py
In this case either the file owner or anyone may read it
or execute it as a program, but only a user in the owner's
group may write to it or delete it.
If the first column of a listing is d rather than a hyphen
-- which means it's a directory -- then the next nine
columns show the permission settings (just like for a file)
for owner (columns 2-4), group (columns 5-7) and other
(columns 8-10) -- but an x for "executable" in column 4,
7 or 10 takes on a new meaning: permission to cd (change
directory) into a directory. Such "executable" permission
for a directory is meaningful because, like Windows/DOS
which will not execute a filename as a command from
outside a directory unless the whole path is expressed
(or unless that directory has been included in a specific
list of paths called "the DOS path"), Linux also requires
a full path name to execute a program from outside the
directory.
Windows also has a permissions system but Linux is more
sophisticated, much more open, and much more configurable.
This allows for tighter security measures, but at the same
time opens the door for security breaks too, if a user with
administrative permissions misuses them. (Note that Windows
too could suffer from this, but a Linux network
administrator needs to be careful with the higher degree
of power and configurability.)
Octal Mode
There is a numerical way to express these permissions
settings: as digits where each of three digits represents
one of the three classes of users. The value of each digit
can be between 0 and 7 so they can be seen as three octal
digits with three binary digits each. The first octal digit
indicates the file owner's permissions. If that digit is 7
then the binary number would be 111, which represents three
bits set to 1. That 7 for owner would mean read permission,
write permission and execute permission -- in essence yes,
yes, yes. A bit setting of 1 allows permission and a 0 denies.
What if the second digit, representing group permissions,
were 4 -- that would correspond to the binary number 100,
which would mean yes, no, no. The group members could read
but not write and not execute.
Continuing, suppose the three-digit octal number were 740.
Three bits times three octal digits, that's the nine
permission settings: owner may read, write or execute;
group may read only, not write nor execute; other users
may neither read, write nor execute -- because 0 octal is
000 binary which means no, no, no.
7 octal = 111 binary or yes, yes, yes (may read, may write,
may execute)
6 octal = 110 binary or yes, yes, no (may read, may write,
may not execute)
5 octal = 101 binary or yes, no, yes (may read, may not
write, may execute)
4 octal = 100 binary or yes, no, no (may read, may not
write, may not execute)
3 octal = 011 binary or no, yes, yes (may not read, may
write, may execute)
2 octal = 010 binary or no, yes, no (may not read, may
write, may not execute)
1 octal = 001 binary or no, no, yes (may not read, may not
write, may execute)
0 octal = 000 binary or no, no, no (may not do anything)
Note that octal 2 or 3, which give permission to write
but not read, wouldn't make much sense under ordinary
conditions -- how would a user write to a file without
being able to read it? But, the possibility is there and
for all I know such weird permissions setting may be used.
The way of expressing file mode using octal digits is
called "octal mode," and it can be used with the chmod
command in a terminal session.