Access to every file/directory in Linux is beautifully controlled by permissions. Many times we are not able to wrap our heads around file permissions (in the beginning stages anyway), but it’s not all that complicated. So let’s see what the fuss is about.
The ls -l
command provides a line like the following for each file or directory.
drwxr-xr-x 4 nits nits 4096 2011-11-27 20:48 Documents/
The first column lists the permissions of the file/directory. Here we see that there are 10 characters in whole. The first character shows the file type, the next three characters show what permissions the user owning the file has, the three characters after that show what permissions the group owning the file has and the last three characters what permissions everyone else has.
There are three types of permissions – read, write and execute. If read, write or execute permissions are enabled we see a r
, w
, x
respectively present. A
- indicates that the permission ain’t enabled. Another way to put it is,
r – - means only read
- w – means only write
- – x means only execute
r w - means read and write
r – x means read and execute
- w x means write and execute
r w x means read, write and execute
Now, let’s look at the permissions of the file we viewed earlier
drwxr-xr-x 4 nits nits 4096 2011-11-27 20:48 Documents/
So, what are the permissions for this directory called documents?
The permissions can also be described by their octal values. Take a look at the image below to understand better, after all a picture IS worth a thousand words.
Let’s take a brief look at the character describing the file type before proceeding onwards. In our example, the first character, the character describing the file type, it reads d
. That means that it is a directory. These are the other file types and their corresponding characters:
- for files
l for links
n for network devices
c for character devices
b for block devices
So now we have deciphered the file permissions but what next? Modifying them ofcourse. Let’s get the cannons out – chmod
, chown
and the water pistol – chgrp
:P Just kidding.
chmod
is used to change the permissions of a file or a directory. You can combine it with octal as well as alphabets to change the permissions. Let’s see something with octal.
nits@nits-excalibur:~$ ls -la an_example.txt
-rw-rw-r-- 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod 760 an_example.txt
[sudo] password for nits:
nits@nits-excalibur:~$ ls -la an_example.txt
-rwxrw---- 2 nits nits 0 2011-12-26 02:42 an_example.txt
Here, the file called an_example.txt which earlier allowed the user and the group to read and write whereas others could only read the file has been modified to allow the user to be able to read, write, execute and the group to read and write and not allowing others to do anything.
We can also use the chmod with some alphabets,
u for user
g for group
o for others
a for all
The alphabets representing the permissions are
r for read
w for write
x for execute
Now the permissions can be applied to each category of users (user, group and others) by some symbols
+ to enable/add the permissions
- to disable/remove the permissions
= to set the permissions.
For example, if we want to change the permissions of the file, an_example.txt
so that others have the permission to read and execute the file, we could do chmod o=rx an_example.txt
. Here are a few examples to help you understand better on how you can use the chmod command and what affects it has.
nits@nits-excalibur:~$ ls -l an_example.txt
-rwxrw-rwx 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod u-x an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-rwx 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod g-w an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-r--rwx 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod o-xrw an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-r----- 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod a+x an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rwxr-x--x 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ chmod o=rwx,ug-x an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-r--rwx 2 nits nits 0 2011-12-26 02:42 an_example.txt
In the last example, we have also combined parameters to change the permissions of the file to enable others to have read, write and execute permissions and disabling the execution permissions for the user and group, all at the same time! How awesome was that! Go ahead, try some combos and go nuts, just make sure that you test and practice with permissions before changing permissions of some important files like system files and such.
Note: You will have to prepend the command with sudo
if you are not the owner of the file. Example: sudo chmod a+x an_example.txt
chown
is the command we use to alter the ownership of the file. It’s used to change the user ownership and group ownership of the file. The format to use it is sudo chown username.groupname filename
In the following example, I change the group ownership of the file an_example.txt
to the group called padma
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ sudo chown nits.padma an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 nits padma 0 2011-12-26 02:42 an_example.txt
This same action can also be achieved by sudo chown .padma an_example.txt
The .
(dot) before the group name means that the user ownership remains the same whereas only the group ownership is being changed.
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ sudo chown .padma an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 nits padma 0 2011-12-26 02:42 an_example.txt
The user ownership can also be changed while retaining the group ownership by placing the .
(dot) after the username.
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 nits nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ sudo chown padma. an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 padma padma 0 2011-12-26 02:42 an_example.txt
Note: Both chmod
and chown
commands can be used on directories recursively, modifying every file/directory under the directory. This is achieved in both commands using the -R
parameter.
Here, we change the permissions of all the files/directories present in the directory called Testing to allow everyone to be able to read, write and execute.
nits@nits-excalibur:~$ ls -lRF Testing
Testing:
total 16
-rw-rw-r-- 1 nits nits 47 2011-12-19 08:49 numericalfile
drwxrwxr-x 3 nits nits 4096 2011-12-26 02:28 test/
-rwxrwxr-x 1 nits nits 281 2011-12-25 23:21 test.sh*
-rw-rw-r-- 1 nits nits 84 2011-12-19 08:47 textfile
Testing/test:
total 4
-rw-rw-r-- 1 nits nits 0 2011-12-26 02:28 file1
-rw-rw-r-- 1 nits nits 0 2011-12-26 02:28 file2
drwxrwxr-x 2 nits nits 4096 2011-12-28 01:22 test2/
Testing/test/test2:
total 0
-rw-rw-r-- 1 nits nits 0 2011-12-26 02:28 file2_1
-rw-rw-r-- 1 nits nits 0 2011-12-26 02:28 file2_2
nits@nits-excalibur:~$ chmod -R 777 Testing
nits@nits-excalibur:~$ ls -lRF Testing
Testing:
total 16
-rwxrwxrwx 1 nits nits 47 2011-12-19 08:49 numericalfile*
drwxrwxrwx 3 nits nits 4096 2011-12-26 02:28 test/
-rwxrwxrwx 1 nits nits 281 2011-12-25 23:21 test.sh*
-rwxrwxrwx 1 nits nits 84 2011-12-19 08:47 textfile*
Testing/test:
total 4
-rwxrwxrwx 1 nits nits 0 2011-12-26 02:28 file1*
-rwxrwxrwx 1 nits nits 0 2011-12-26 02:28 file2*
drwxrwxrwx 2 nits nits 4096 2011-12-28 01:22 test2/
Testing/test/test2:
total 0
-rwxrwxrwx 1 nits nits 0 2011-12-26 02:28 file2_1*
-rwxrwxrwx 1 nits nits 0 2011-12-26 02:28 file2_2*
In the following example, we transfer the ownership of all files/directories present in the same Testing folder to the user padma and the group padma
.
nits@nits-excalibur:~$ sudo chown -R padma.padma Testing
nits@nits-excalibur:~$ ls -lRF Testing
Testing:
total 16
-rwxrwxrwx 1 padma padma 47 2011-12-19 08:49 numericalfile*
drwxrwxrwx 3 padma padma 4096 2011-12-26 02:28 test/
-rwxrwxrwx 1 padma padma 281 2011-12-25 23:21 test.sh*
-rwxrwxrwx 1 padma padma 84 2011-12-19 08:47 textfile*
Testing/test:
total 4
-rwxrwxrwx 1 padma padma 0 2011-12-26 02:28 file1*
-rwxrwxrwx 1 padma padma 0 2011-12-26 02:28 file2*
drwxrwxrwx 2 padma padma 4096 2011-12-28 01:22 test2/
Testing/test/test2:
total 0
-rwxrwxrwx 1 padma padma 0 2011-12-26 02:28 file2_1*
-rwxrwxrwx 1 padma padma 0 2011-12-26 02:28 file2_2*
Pretty cool huh?
And now, for the water pistol – chgrp
:P (just kidding, AGAIN.) chgrp
changes the group ownership of a file/directory. Although the same can be achieved with the chown command, this is slightly easier. You can skip from having to remember this command if you wish as long as you have chown in your head :P The format of this command is sudo chgrp groupname filename
The -R
parameter may also be used in this command to perform the operation recursively among directories, just like in the chmod and chown commands.
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 padma nits 0 2011-12-26 02:42 an_example.txt
nits@nits-excalibur:~$ sudo chgrp padma an_example.txt
nits@nits-excalibur:~$ ls -l an_example.txt
-rw-rw-r-- 2 padma padma 0 2011-12-26 02:42 an_example.txt
So, now how are the default file permissions set when you create a new file/directory on your system? The answer is umask
. The default permissions for new directories is 777
(read, write and execute) whereas for new files it is 666
(read and write). But when you create new files and directories you notice that the permissions are not the default. The permissions are different beccause the umask comes into play.
nits@nits-excalibur:~$ umask
0002
nits@nits-excalibur:~$ mkdir umask_testing
nits@nits-excalibur:~$ touch umask_test.txt
nits@nits-excalibur:~$ ls -lF | grep umask
drwxrwxr-x 2 nits nits 4096 2011-12-31 08:10 umask_testing/
-rw-rw-r-- 1 nits nits 0 2011-12-31 08:10 umask_test.txt
This shows us that the umask is set to 0002
(write). When a new directory is created, we notice that the directory has the default 777
permissions except that write is disabled for Others. The same happens even when a new file is created. The default permissions of 666 becomes 664
(read and write for User and Group, read only for Others). I am guessing you have understood that the umask
does infact mask its value from the default permissions. In other words, the umask value is deleted from the default permissions value when creating a new file/directory.
In the example below, I have set the umask value to 0000
(none). This as you can see, effectively retains the default permissions when creating a new file or directory without applying a mask to it.
nits@nits-excalibur:~$ umask 0000
nits@nits-excalibur:~$ umask
0000
nits@nits-excalibur:~$ mkdir new_testing
nits@nits-excalibur:~$ touch new_testing
nits@nits-excalibur:~$ ls -lF | grep new_testing
drwxrwxrwx 2 nits nits 4096 2011-12-31 08:21 new_testing/
-rw-rw-rw- 1 nits nits 0 2011-12-31 08:21 new_testing.txt
There are also set user id (SUID) and set group id (SGID) commands. SUID
allows files to be run under the file permissions of the owner of the file even when executed by other users. SGID
on the other hand, allows files to be run under the owning group’s permissions when executed by other users, whereas SGID
on a directory allows for creation of new files in that directory with directory group as its default group. SGID
is useful when directories have to be shared. Look at the extra reading at the bottom of this post to read more about it.
And that’s pretty much it, we’ve covered basic file permissions in Linux! Woo-hoo!! Wasn’t as bad as you thought was it? Well, with that I am going to stop and wish you a very happy Linux-ful new year (a full day in advance :P ) !
Download the official 2buntu app for both Android and Ubuntu Touch.