What are Basic Linux File permissions?
Linux, like UNIX, is a multi-user system, and file permissions are one way the system protects against malicious tampering. One way to gain entry when you are denied permission is to su to root. Keep in mind, whoever knows the root password has complete access. But switching to the superuser is not always convenient or recommended since it is easy to make mistakes and alter important configuration files as the superuser. All files and directories are “owned” by the person who created them. For example, in the listing:
-rw-rw-r-- 1 john sap 150 Mar 19 08:08 file1.txt
The file file1.txt belongs to, or is owned by john. That means you can specify who is allowed to read the file, write to the file, or (if it is an application instead of a text file) who can execute the file. You can also control access to directories in a similar manner.
Reading, writing, and executing are the three main settings in permissions. Since users are placed into a group when their accounts are created, you can also specify whether certain groups can read, write to, or execute a file. Using the above file1.txt example above, you can see that there is a lot of detail provided. You can see who can read (r) and write to (w) the file, as well as who created the file (john), and to which group the owner belongs (sap). Remember however that, by default, the name of your group is the same as your login name.
Other information to the right of the group includes file size, date and time of file creation, and file name. The first column shows current permissions; it has ten slots. The first slot represents the type of file. The remaining nine slots are actually three sets of permissions for three different categories of users. For example:
-rw-rw-r--
Those three sets are the owner of the file, the group in which the file belongs, and “others,” meaning all other users.
- (rw-) (rw-) (r--) 1 john sap | | | | type owner group others
The first item, which specifies the file type, typically shows one of the following:
- d — a directory
- – (dash) — a regular file (rather than directory or link)
- l — a symbolic link to another program or file elsewhere on the system
Beyond the first item, in each of the following three sets, you will see one of the following:
- r — file can be read
- w — file can be written to
- x — file can be executed (if it is a program)
When you see a dash in owner, group, or others, it means that particular permission has not been granted. Look again at the first column of file1.txt and identify its permissions.
# ls -l file1.txt -rw-rw-r-- 1 john sap 150 Mar 19 08:08 file1.txt
The file’s owner (in this case, john) has permission to read and write to the file. The group, sap, has permission to read and write to file1.txt, as well. It is not a program, so neither the owner or the group has permission to execute it. All other users can only read the file.
How do file permissions bits correspond to the values provided to chmod?
The permissions bits applied to a file system object correspond directly to the values which can be specified in the 4 digit tuple supplied to the chmod utility in the following command:
chmod abcd [file system object]
Each value in the digit set abcd is made up of a sum of the values 1 2 and 4. By adding these values together for each digit, a value can be generate to set all file object attributes:
- a – This digit controls special attribute settings. the value 1 sets the setuid bit, the value 2 sets the setgid bit, and the value 4 sets the sticky bit on the object
- b, c and d – These digits control read write and execute permissions for the file owner, the file owners primary group, and all other users. The value 4 enables read permission, the value 2 enables write permission, and the value 1 enables execute permission.
Examples
To set a file file to be sticky, readable and writeable by the owner, readable by their primary group and inaccessible by everyone else:
# chmod 4610 filename
To give all permission to everyone on the system:
# chmod 0777 filename
For more information on chmod, see the chmod man page.
How to set file and directory permissions using chown and chmod?
Use the chown command to change the owner and/or group for the file. The syntax is simple. Just type chown, followed by the user that is to own the file, then optionally, a colon (“:”) and the group name. Please note that the user and/or group names must exist on the system. For example:
# chown john:sap file1.txt
# ls -l file1.txt -rw-rw-r-- 1 john sap 150 Mar 19 08:08 file1.txt
results in the user john owning the file. The group owner of the file is also set to john’s group which is sap.
Use the chmod command to change permissions. This example shows how to change the permissions on file1.txt with the chmod command. If you are the owner of the file or are logged into the root account you can change any permissions for the owner, group, and others. Right now, the owner and group can read and write to the file. Anyone outside of the group can only read the file (r–).
How to change file/directory permissions using shorthand notations?
In the following example, you want to allow everyone to write to the file, so they can read it, write notes in it, and save it. That means you will have to change the “others” section of the file permissions. Take a look at the file first. At the shell prompt, you would type:
# ls -l file1.txt -rw-rw-r-- 1 john sap 150 Mar 19 08:08 file1.txt
Now, you would type the following:
# chmod o+w file1.txt
The above command tells the system you want to give others write permission to the file file1.txt. To check the results, list the file’s details again. Now, the file looks like this:
-rw-rw-rw- 1 john sap 150 Mar 19 08:08 file1.txt
Now, everyone can read and write to the file. To remove read and write permissions from file1.txt use the chmod command to take away both the read and write permissions.
# chmod go-rw file1.txt
By typing go-rw, you are telling the system to remove read and write permissions for the group and for others from the file file1.txt.
The result will look like this:
-rw------- 1 john sap 150 Mar 19 08:08 file1.txt
Think of these settings as a kind of shorthand when you want to change permissions with chmod, because all you really have to do is remember a few symbols and letters with the chmod command. Here is a list of what the shorthand represents:
Identities
u - the user who owns the file (that is, the owner) g - the group to which the user belongs o - others (not the owner or the owner's group) a - everyone or all (u, g, and o)
Permissions
r - read access w — write access x — execute access
Actions
+ — adds the permission - — removes the permission = — makes it the only permission
Here are some common examples of settings that can be used with chmod:
g+w - adds write access for the group o-rwx - removes all permissions for others u+x - allows the file owner to execute the file a+rw - allows everyone to read and write to the file ug+r - allows the owner and group to read the file g=rx - allows only the group to read and execute (not write)
How to remove all the permissions for all the users using shorthand notations?
Want to test your permissions skills? Remove all permissions from file1.txt — for everyone.
# chmod a-rwx file1.txt
Now, see if you can read the file with the command cat file1.txt, which should return the following:
cat: file1.txt: Permission denied
Removing all permissions, including your own, successfully locked the file. But since the file belongs to you, you can always change its permissions back with the following command:
# chmod u+rw file1.txt
How to list file permissions in octal format?
To list file permissions in octal format, use stat command provided by the coreutils package. To get octal permissions of all the files and directories in the current working directory, run below command:
$ stat -c "%a %n" *
To get octal permissions of contents in a particular directory, say /usr/share, execute below command:
$ stat -c "%a %n" /usr/share/* 755 /usr/share/aclocal 755 /usr/share/alsa 755 /usr/share/anaconda 755 /usr/share/appdata ...
To get octal permissions only for the directory, say /usr/share, and not the content inside it, execute below command:
$ stat -c "%a %n" /usr/share/ 755 /usr/share/
How to reset all the system file permissions to default in case all file permissions changed to 777?
You accidentally executed the following command.
# chmod -R 777 /
Is there any way to revert back to the original permissions?
Execute the following command to revert back to original permissions.
# rpm -a --setperms
This will show some errors but one can neglect them out.
How to copy the files with specific permission over the network?
In order to achieve copying files with specific permissions,rsync utility can be used:
# rsync --chmod=u+rwx,g+rx,o+rx testfile user@192.168.0.1:/tmp/
This will copy the testfile in user’s home directory and the permissions to the copied file would be 755.