03-A.2: Modify Permissions: File and Directory (continued)
- Page ID
- 26824
Changing File and Directory Permissions
The chmod Command
The chmod command is used to change the access mode of a file. The name is an abbreviation of change mode.
Syntax :
chmod [reference][operator][mode] file...
This video discusses file permissions, how to set them, change them and understand them. The author inadvertently says "Unix", instead of "Linux" at the beginning of this video...we are talking about Linux
The references are used to distinguish the users to whom the permissions apply, i.e. they are a list of letters that specifies whom to give permissions. The references are represented by one or more of the following letters:
Reference | Class | Description |
---|---|---|
u | owner | file's owner |
g | group | users who are members of the file's group |
o | others | users who are neither the file's owner nor members of the file's group |
a | all | All three of the above, same as ugo |
The operator is used to specify how the modes of a file should be adjusted. The following operators are accepted:
Operator | Description |
---|---|
+ | Adds the specified modes to the specified classes |
- | Removes the specified modes from the specified classes |
= | The modes specified are to be made the exact modes for the specified classes |
An example will make this clearer.
If we want to give “execute” permission to the rest of the world (“other”) for file “xyz.txt”
pbmac@pbmac-server $ ls -l xyz.txt
---------- 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt
You do NOT see many files with NO permissions, but it works well for our demonstration. So, the add execute permission for "others" we would start by typing:
chmod o
Now you would type a ‘+’ to say that you are “adding” a permission.
chmod o+
Then you would type an ‘x’ to say that you are adding “execute” permission.
chmod o+x
Finally, specify which file you are changing:
chmod o+x xyz.txt
The change can be seen in the below - the xyz.txtfile now has execute permission - 'x' - on the "others" permission level.
pbmac@pbmac-server $ chmod o+x xyz.txt
pbmac@pbmac-server $ ls -l xyz.txt
---------x 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt
It is possible to change multiple permissions at once. For example, to give ALL permissions for everyone, the command would be
chmod ugo+rwx xyz.txt
This command affects the user (u), the group (g) and others (o) and adds ( -+) the read (r), the write (w) and the execute (x) permission to the file xyz.txt.
pbmac@pbmac-server $ chmod ugo+rwx xyz.txt
pbmac@pbmac-server $ ls -l xyz.txt
-rwxrwxrwx 1 pbmac pbmac 0 Dec 11 18:49 xyz.txt
NOTICE - it did NOT add any value to the first position; it is still a dash.
Another example - we will start with the file abc.mp4:
pbmac@pbmac-server $ ls -l abc.mp4
-rw-r--r-x 1 pbmac pbmac 0 Dec 11 18:57 abc.mp4
Using a more complex chmod command we change several permissions at different levels:
pbmac@pbmac-server $ chmod o+x abc.mp4
pbmac@pbmac-server $ ls -l abc.mp4
-rw-rw-r-x 1 pbmac pbmac 0 Dec 11 18:57 abc.mp4
This command adds (+) the read (r) and write (w) permission to both user (u) and group (g) and removes (-) the execute (x) permission from others (o) for the file abc.mp4 (this file does NOT exist in our images).
The command
chmod ug=rx,o+r abc.c
assigns read (r) and execute (x) permission to both user (u) and group (g) and adds read permission to others for the file abc.c.
pbmac@pbmac-server $ ls -l abc.c
-rw-r----- 1 pbmac pbmac 0 Dec 11 19:07 abc.c
pbmac@pbmac-server $ chmod ug=rx,o+r abc.c
pbmac@pbmac-server $ ls -l abc.c
-r-xr-xr-- 1 pbmac pbmac 0 Dec 11 19:07 abc.c
There can be numerous combinations of file permissions that can add, remove and assign.
The Octal Notations
Each of these digits is the sum of its component bits in the binary numeral system. As a result, specific bits add to the sum as it is represented by a numeral:
- The read bit adds 4 to its total (in binary 100),
- The write bit adds 2 to its total (in binary 010), and
- The execute bit adds 1 to its total (in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions. More technically, this is an octal representation of a bit field – each bit references a separate permission, and grouping 3 bits at a time in octal corresponds to grouping these permissions by user, group, and others.
These are the examples from the symbolic notation section given in octal notation:
Symbolic notation |
Numeric notation |
English |
---|---|---|
---------- |
0000 | no permissions |
-rwx------ |
0700 | read, write, & execute only for owner |
-rwxrwx--- |
0770 | read, write, & execute for owner and group |
-rwxrwxrwx |
0777 | read, write, & execute for owner, group and others |
---x--x--x |
0111 | execute |
--w--w--w- |
0222 | write |
--wx-wx-wx |
0333 | write & execute |
-r--r--r-- |
0444 | read |
-r-xr-xr-x |
0555 | read & execute |
-rw-rw-rw- |
0666 | read & write |
-rwxr----- |
0740 | owner can read, write, & execute; group can only read; others have no permissions |
Using the table above we can figure this out. The following two commands are the same.
chmod ugo+rwx [file_name] chmod 777 [file_name] So - this is: 421 421 421 rwx rwx rwx 7 7 7
Both provide read, write and execute permission (the octal value of 7) to all three levels. The first number, on the left, represents the user, the middle number represents the group, and the last number, on the right, represents the others.
Another example:
chmod u=r,g=wx,o=rx [file_name]
chmod 435 [file_name]
Looking at this one:
421 421 421
r-- -wx r-x
4 3 5
Both commands give read (an octal value of 4) permission to user, write and execute (an octal value of 3) for group and read and execute (an octal value of 5) for others.
And even this…
chmod 775 [file_name]
chmod ug+rwx,o=rx [file_name]
421 421 421
rwx rwx r-x
7 7 5
Both the commands give all permissions (an octal value of 7) to user and group, read and execute (an octal value of 5) for others.
A brief video about the concept of umask, and what it means to Linux.
Adapted from:
"File-system permissions" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0