03-A.2: Modify Permissions: File and Directory (continued)

Changing File and Directory Permissions

The chmod Command

The chmod command is used to change the access mode of a file. The name is an abbreviation of change mode.

Syntax :

chmod [reference][operator][mode] file...


The references are used to distinguish the users to whom the permissions apply, i.e. they are a list of letters that specifies whom to give permissions. The references are represented by one or more of the following letters:

Reference Class Description
u owner file's owner
g group users who are members of the file's group
o others users who are neither the file's owner nor members of the file's group
a all All three of the above, same as ugo

The operator is used to specify how the modes of a file should be adjusted. The following operators are accepted:

Operator Description
+ Adds the specified modes to the specified classes
- Removes the specified modes from the specified classes
= The modes specified are to be made the exact modes for the specified classes

An example will make this clearer.

If we want to give “execute” permission to the rest of the world (“other”) for file “xyz.txt”

pbmac@pbmac-server $ls -l xyz.txt ---------- 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt  You do NOT see many files with NO permissions, but it works well for our demonstration. So, the add execute permission for "others" we would start by typing: chmod o  Now you would type a ‘+’ to say that you are “adding” a permission. chmod o+  Then you would type an ‘x’ to say that you are adding “execute” permission. chmod o+x  Finally, specify which file you are changing: chmod o+x xyz.txt  The change can be seen in the below - the xyz.txtfile now has execute permission - 'x' - on the "others" permission level. pbmac@pbmac-server$ chmod o+x xyz.txt
pbmac@pbmac-server $ls -l xyz.txt ---------x 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt  It is possible to change multiple permissions at once. For example, to give ALL permissions for everyone, the command would be chmod ugo+rwx xyz.txt  This command affects the user (u), the group (g) and others (o) and adds ( -+) the read (r), the write (w) and the execute (x) permission to the file xyz.txt. pbmac@pbmac-server$ chmod ugo+rwx xyz.txt
pbmac@pbmac-server $ls -l xyz.txt -rwxrwxrwx 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt  NOTICE - it did NOT add any value to the first position; it is still a dash. Another example - we will start with the file abc.mp4: pbmac@pbmac-server$ ls -l abc.mp4
-rw-r--r-x 1 pbmac pbmac 0 Dec 11 18:57 abc.mp4


Using a more complex chmod command we change several permissions at different levels:

pbmac@pbmac-server $chmod o+x abc.mp4 pbmac@pbmac-server$ ls -l abc.mp4
-rw-rw-r-x 1 pbmac pbmac 0 Dec 11 18:57 abc.mp4

This command adds (+) the read (r) and write (w) permission to both user (u) and group (g) and removes (-) the execute (x) permission from others (o) for the file abc.mp4 (this file does NOT exist in our images).

The command

chmod ug=rx,o+r abc.c


assigns read (r) and execute (x) permission to both user (u) and group (g) and adds read permission to others for the file abc.c.

pbmac@pbmac-server $ls -l abc.c -rw-r----- 1 pbmac pbmac 0 Dec 11 19:07 abc.c pbmac@pbmac-server$ chmod ug=rx,o+r abc.c
pbmac@pbmac-server \$ ls -l abc.c
-r-xr-xr-- 1 pbmac pbmac 0 Dec 11 19:07 abc.c


There can be numerous combinations of file permissions that can add, remove and assign.

The Octal Notations

Each of these digits is the sum of its component bits in the binary numeral system. As a result, specific bits add to the sum as it is represented by a numeral:

• The read bit adds 4 to its total (in binary 100),
• The write bit adds 2 to its total (in binary 010), and
• The execute bit adds 1 to its total (in binary 001).

These values never produce ambiguous combinations; each sum represents a specific set of permissions. More technically, this is an octal representation of a bit field – each bit references a separate permission, and grouping 3 bits at a time in octal corresponds to grouping these permissions by user, group, and others.

These are the examples from the symbolic notation section given in octal notation:

Symbolic
notation
Numeric
notation
English
---------- 0000 no permissions
-rwx------ 0700 read, write, & execute only for owner
-rwxrwx--- 0770 read, write, & execute for owner and group
-rwxrwxrwx 0777 read, write, & execute for owner, group and others
---x--x--x 0111 execute
--w--w--w- 0222 write
--wx-wx-wx 0333 write & execute
-r--r--r-- 0444 read
-r-xr-xr-x 0555 read & execute
-rw-rw-rw- 0666 read & write
-rwxr----- 0740 owner can read, write, & execute; group can only read; others have no permissions

Using the table above we can figure this out. The following two commands are the same.

chmod ugo+rwx [file_name]
chmod 777 [file_name]

So - this is:
421  421  421
rwx  rwx  rwx
7    7    7


Both provide read, write and execute permission (the octal value of 7) to all three levels. The first number, on the left, represents the user, the middle number represents the group, and the last number, on the right, represents the others.

Another example:

chmod u=r,g=wx,o=rx [file_name]
chmod 435 [file_name]

Looking at this one:
421   421   421
r--   -wx   r-x
4     3     5


Both commands give read (an octal value of 4) permission to user, write and execute (an octal value of 3) for group and read and execute (an octal value of 5) for others.

And even this…

chmod 775 [file_name]
chmod ug+rwx,o=rx [file_name]

421  421  421
rwx  rwx  r-x
7    7    5


Both the commands give all permissions (an octal value of 7) to user and group, read and execute (an octal value of 5) for others.