Each file and directory has three user based permission groups:
- Owner/User (u)- The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.
- Group (g)- The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.
- Others (o)- The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.
01. Types of Permissions:
Each file or directory has three basic permission types:
- read – The Read permission refers to a user’s capability to read the contents of the file, represented as (r) OR binary as (4) to set permissions.
- write – The Write permissions refer to a user’s capability to write or modify a file or directory, represented as (w) OR binary as (2) to set permissions.
- execute – The Execute permission affects a user’s capability to execute a file or view the contents of a directory, represented as (x) OR binary as (1) to set permissions.
The permissions written in order of read/write/execute , if (-) sign found in replace of any of them , it means this file doesn’t have that permission , Example : (rwx) = have full permissions , (r-x) = have read and execute but no write permissions.
02. View current permissions :
Every file and directory in Linux have three groups of permissions for User/Group/Others and each group of permissions consist of combination from r/w/x , and every file or directory have Owner User and Owner Group.
To view permissions of files or directories use command “ls -l” , for example:
IT-Systems ~ # ls -l test/ total 0 -rw-r--r-- 1 root root 0 Apr 25 01:17 IT.txt drwxr-xr-x 1 root akm 0 Apr 25 01:16 linux drwxr-xr-x 1 akm root 0 Apr 25 01:16 music IT-Systems ~ #
as we see the file IT.txt has this permissions (-rw-r–r–) and owned by user root and group root , Directory linux has permissions (drwxr-xr-x) and owned by user root and group akm, let’s analyze that output:
Exclude the first bit and divide the remaining into three groups:
IT.txt : (rw-) , (r–) , (r–) for User , Group , Others in order which means the the owner root has read/write and group root have read only and all others have read only permissions on that file.
linux directory: (rwx) , (r-x) , (r-x) means user root have read/write/execute and group akm have read/execute only and Others have read/execute only.
03. change user and group ownership :
By default who create a file or directory will be the owner user and his primary group will be owner group and it will have default permissions or inherit the parent directory’s permissions, to change that we user chown , chgrp command.
# To change the owner user use this syntax :
chown USER FILE-OR-Directory
# To change the owner group use this syntax :
chgrp GROUP FILE-OR-Directory
# To change the owner user and group at once :
chown USER:GROUP FILE-OR-Directory
# For more options use help or man pages
chown –help / chgrp –help
man chown / man chgrp
use ( ls -ld ) to list a directory permissions.
Th3-Gam3 ~ # ls -ld test/linux drwxr-xr-x 1 root akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # chown sales test/linux/ Th3-Gam3 ~ # ls -ld test/linux drwxr-xr-x 1 sales akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # chgrp sales test/linux Th3-Gam3 ~ # ls -ld test/linux drwxr-xr-x 1 sales sales 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # chown akm:akm test/linux Th3-Gam3 ~ # ls -ld test/linux drwxr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux
Notice that changing User or group doesn’t change the permissions.
and no more than one user or group by default, to add many users and group with different permissions in Linux it is called File Access List ( facl ) , it is another topic.
04. Changing Permissions using chmod command :
To set and override current permissions you have to provide permissions for the three groups (User/Group/Others) in represented characters (rwx) or corresponding binary format sum (rwx = 4+2+1 = 7) , (r-x = 4+1 = 5) , …
So to set full permissions to all three group:
chmod rwxrwxrwx test/linux SAME AS chmod 777 test/linux
To edit permissions for only one group you have to specify the corresponding character that represent that group (u/g/o) followed by (+) sign to add permission or (-) sign to remove a permission , followed by permission characters (r/w/x) , you can’t use binary representation here.
Th3-Gam3 ~ # ls -ld test/linux drwxr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # # To remove write permission from user , use ( u-w ) Th3-Gam3 ~ # chmod u-w test/linux Th3-Gam3 ~ # ls -ld test/linux dr-xr-xr-x 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # # To add write permission to the group , use ( g+w ) OR ( g+rwx ) , that will add the missing permission Th3-Gam3 ~ # chmod g+rwx test/linux Th3-Gam3 ~ # ls -ld test/linux dr-xrwxr-x 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # # To remove every thing from others , use ( o-rwx ) Th3-Gam3 ~ # chmod o-rwx test/linux Th3-Gam3 ~ # ls -ld test/linux dr-xrwx--- 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # # To change more than one permission group, you may use that (ugo+w , uo-w , ug+rwx) , OR use comma separated group and permissions # Remove all from Others and group owner , and give User full permissions Th3-Gam3 ~ # chmod og-rwx,u+rwx test/linux Th3-Gam3 ~ # ls -ld test/linux drwx------ 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ # # To use binary representation , sum the permission you plan to set for every group and provide three digits representing the three groups of User/Group/Others # rwxr-x--- equals 750 Th3-Gam3 ~ # chmod 750 test/linux Th3-Gam3 ~ # ls -ld test/linux drwxr-x--- 1 akm akm 0 Apr 25 01:16 test/linux Th3-Gam3 ~ #
The (d) character before permissions is to present a Directory.
Directory Read/Execute is a must to allow entering to the path, but for files that will allow execute scripts so we use read only by default.
That is it , I hope it was simple.