A file may have three types of permission: read ('r'),
write ('w'), and execute ('x'). Each permission may be 'on' or 'off' for each of three categories of users: the file's owner; other people in the same group as the owner; and all others. To find out a file's mode, or permission settings, use the command 'ls -l filename'. The output will be of the form: The string of 10 characters at the left shows the mode. The initial '-' indicates that the file is a plain file; a 'd' would indicate a directory. Characters 2-4 are, respectively,
'r', 'w', or 'x' if the corresponding permission is turned on for the owner or '-' if the permission is turned off. Characters 5-7 similarly show the permissions for the group; characters 8-10 for all others. To change the mode of a file, use the chmod command. The general form is: where X is any combination of the letters 'u' (for owner), 'g' (for group), 'o' (for others), 'a' (for all; that is, for 'ugo'); @ is either '+' to add permissions, '-' to remove permissions, or '='
to assign permissions absolutely; and Y is any combination of 'r', 'w', 'x'. Examples: GroupsRegular accounts on SCF are generally assigned to the groups 'statfac' or 'statgrad' or 'statempl'. Each class on SCF forms its own group, eg, 's200a'. To find out what groups you are in, type the command 'groups'. DirectoriesThe same permission scheme applies to directories. For a directory, read permission gives the ability to list files in it via the ls command (and thus to discover what file names are); write permission gives the ability to create and delete files in it; execute permission gives the ability to access a file or subdirectory of known name (even without read permission). To find out the mode of a directory:
If no directories are specified, the listing is for all files in the current directory. The output will look something like:
The initial 'd' in the 10-character mode string indicates that the file is a directory. The file name '.' always refers to the current directory; the file name '..' always refers to the parent of the current directory. Thus, this output shows the permissions for the current directory and its parent. For more information, including octal specification of permissions, see 'man chmod', 'man ls', 'man umask'. Linux is a multi user OS which means that it supports multiple users at a time. As many people can
access the system simultaneously and some resources are shared, Linux controls access through ownership and permissions. In Linux, there are three types of owners: A user is the default owner and creator of the file. So this user is called owner as well. A user-group is a collection of users. Users that belonging to a group will have the
same Linux group permissions to access a file/ folder. You can use groups to assign permissions in a bulk instead of assigning them individually. A user can belong to more than one group as well. Any users that are not part of the user or group classes belong to this class. File permissions fall in three categories: For regular files, read permissions allow users to open and read the file only. Users can't modify the file. Similarly for directories, read permissions allow the listing of directory content without any modification in the directory. When files have write permissions, the user can modify (edit, delete) the file and save it. For folders, write permissions
enable a user to modify its contents (create, delete, and rename the files inside it), and modify the contents of files that the user has write permissions to. For files, execute permissions allows the user to run an executable script. For directories, the user can access them, and access details about files in the directory. Below is the symbolic representation of permissions to user, group, and others. Note that we can find permissions of files and folders using long listing ( In the output
above, Now that we know the basics of ownerships and permissions, let's see how we can modify permissions using the
Syntax of
Where,
We can change permissions using two modes:
Now, let's see them in detail. How to Change Permissions using Symbolic ModeThe table below summarize the user representation:
We can use mathematical operators to add, remove, and assign permissions. The table below shows the summary:
Example:Suppose, I have a script and I want to make it executable for owner of the file Current file permissions are as follows: Let's split the permissions like this: To add execution rights (
Output: Now, we can see that the execution permissions have been added for owner Additional examples for changing permissions via symbolic method:
How to Change Permissions using Absolute ModeAbsolute mode uses numbers to represent permissions and mathematical operators to modify them. The below table shows how we can assign relevant permissions:
Permissions can be revoked using subtraction. The below table shows how you can remove relevant permissions.
Example:
This is how we performed the calculation: Note that this is the same as
To remove execution from
This
would be the same as How to Change Ownership using the chown CommandNext, we will learn how
to change the ownership of a file. You can change the ownership of a file or folder using the Syntax of
How to change user ownership with chownLet's transfer the ownership from user
Command to change ownership: Output: How to change user and group ownership simultaneouslyWe can also use
How to change directory ownershipYou can change ownership recursively for contents in a directory. The example below changes the ownership of the
How to change group ownershipIn case we only need to change the group owner, we can use
Linux Permissions Guided ExerciseUp until now we have explored permissions, ownerships, and the methods to change them. Now we will reinforce our learning with a guided exercise. Goal: To create groups and assign relevant permissions to its members. Verify access by accessing it from unauthorized users. Task: Create a group called Create another group Visualization of the problemWe can visualize the problem like this: Step 1: Switch to root user. Use the If you have the root password, you can login using that as well. Show solutionEnter Enter If
you do not have Step 2: Create a group Use the Syntax: Enter Verify: Step 3: Create two new users John and Bob and add them to the Use command
Syntax: Where
Verify: Step 4: Provide passwords for users John and Bob Show hintUse command
Syntax:
Step 5: Create a directory in /home and name it Use command
Syntax:
Verify: Step 6: Change the group ownership of the folder Use command Syntax:
Step 7: Make sure the permissions of folder Use command Write permissions allow users and groups to create and delete files. Syntax:
Step 8: Ensure that 'others' don't have any access to the files of Use command Remove read, write, execute permissions from 'others' if they exist. Syntax:
Step 9: Exit the Use command Use Syntax: To confirm current user, use command
Verify with command Step 10: Navigate to folder: Use command Syntax: Confirm current path with
Step 11: Create an empty file in the folder: Use command Syntax:
Verify: Step 12: Change the group ownership of the created file to Use command Syntax:
Once group ownership is modified, all members of the group can access this file. Verify Step 13: Exit the shell and switch to user Use command Use
Syntax: To confirm current user, use command
Verify the current user with command Step 14: Navigate to the path Use command Syntax: Confirm current path with
Step 15: Find out Use command Syntax: Does group have
Step 16: Modify the file Use command Syntax: This would redirect the quoted text to end of the file. Show solution
If all the permissions are correctly set, Verify
Step 17: Create another group Use command Syntax: Create a new user with command Use flag
Step 18: Navigate to folder Use
We get this error: This is because, If we recall, below are the rights of the Wrapping upPermissions and ownerships are useful concepts for enforcing security across multi-user operating systems. I hope you were able to learn about changing permissions and ownerships in depth. What’s your favorite thing you learned from this tutorial? Let me know on Twitter! You can also read my other posts here. Thanks to Tom Mondloch for his help with the guided exercise. Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started What does chmod 644 mean?Permissions of 644 mean that the owner of the file has read and write access, while the group members and other users on the system only have read access.
How do you remove file permissions in Linux?Linux File Permissions. chmod +rwx filename to add permissions.. chmod -rwx directoryname to remove permissions.. chmod +x filename to allow executable permissions.. chmod -wx filename to take out write and executable permissions.. What is the chmod 777 means?The command chmod -R 777 / makes every single file on the system under / (root) have rwxrwxrwx permissions. This is equivalent to allowing ALL users read/write/execute permissions.
What does the command * chmod 755 File_name * do?755 means read and execute access for everyone and also write access for the owner of the file. When you perform chmod 755 filename command you allow everyone to read and execute the file, the owner is allowed to write to the file as well.
|