Library Technology – Reviews, Tips, Giveaways, Freeware

Linux tips: Understanding file permissions and modifying them using chmod

Posted In Linux - By Techtiplib on Sunday, July 1st, 2012 With No Comments »

Linux is basically a multi-user system. But nowadays there has been an increase in the usage of Linux as an OS for single user home computers as well. But since it was originally meant to be a multi-user OS, a lot of things that would be necessary in a multi-user system are built into the Linux core. One such thing is file / directory permissions.

In Linux every file present on the disk has associated permissions with it. These permissions decide on who and in what manner these files should be used. The rest of this article explains these file / directory permissions in details.

In order to view the permissions associated with a file, you could use the ‘ ls ‘ command. On executing ‘ ls ‘ you would be presented with a directory listing with one filename per line. I shall explain file permissions with the help of a sample output as shown below

drwxr-xr-x
frwxr-xr-x
frwx——
4
4
4
david
david
david
david
david
david
512
1240
4109
Jan 15 11:31
Jan 15 08:12
Jan 15 08:12
tutorials
viewresume
privatedata.txt

Yours would obviously be different from this one. But this output should be enough to explain file permissions. The above output shows that within the current directory there are 3 entries. Lets start with the 2nd line.

frwxr-xr-x 4 david david 1240
Jan 15 08:12
viewresume

The first character ‘f‘ indicates that ‘ viewresume ‘ is a file. In case it was the name of a directory there would have been a ‘d‘ instead of a ‘f

The next part rwxr-xr-x (a total of 9 characters) should be spilt into 3 parts each consisting of 3 consecutive letters

Part 1 (User) : rwx Part 2 (Group) : r-x Part 3 (World) : r-x

The meaning of these 3 characters which form this 9 character sequence is shown in the table below.

Description of r,w,x for Files
r
Read permissions for the file (whether the contents of the file can be read or not)
w
Write permissions for the file (whether a file can be modified or not)
x
Execute permissions (whether a file is an executable/script or not)

In Part 1 r,w and x, all the 3 permissions exist. This means that the the concerned file, ‘ viewresume ‘ can be read, written to as well as executed. Thus in case you want to just read the contents of that file you could do so. In case you want to modify the file that too would be allowed. Assuming that ‘ viewresume ‘ is some kind of a script it also has execute permissions assigned to it. So you could execute this program from the shell prompt as well.

Some of you’ll who are really smart must have already started thinking about how you could protect your data from others (in a multi-user system) when you have provided r,w and x permissions to the file. That is exactly why there is a 9 character sequence present instead of just 3 characters.

Part 1 decides the permissions for the User (the owner of the file)
Part 2 decides the permissions for other users who belong to the same Group as the file
Part 3 decides the permissions for Others (rest of the world) who might access your folder

As the owner any file you create would be having the r and w permissions present. In case its a script you should also add the execute permission. This is explained in a later section of this article.

In case you are a part of a project involving other users, you should ask the administrator to create a separate group and include all the project members in that group. Then you could create all your programs as a part of that group and use the group permissions so that only those members belonging to your project group can read, modify your files that concern to that project.

For others (rest of the world) it is always best to leave the default permissions which would be generally r and x. Never ever give w permissions to all, else anyone would be able to modify your files.

The rest of the fields don’t have anything to with file permissions as such. So they shall not be dealt with in this article. Now lets consider the 3rd line in the ‘ ls ‘ output.

frwx—— 4 david david 4109 Jan 15 08:12 privatedata.txt

This shows the permissions for a file aptly named ‘ privatedata.txt ‘. The name itself suggests that this is some important file that only the owner of the file should be allowed to read, write or execute. Thus no one else (group or others) should be allowed to even view the contents of this file. Thus you can see that the permissions for the file are rwx——

Dividing it into 3 parts you would get ‘ rwx ‘ and ‘  ‘ and ‘  ‘

The – (hyphen) indicates that the particular property is not existing for that file or directory.

Thus in this case the 2nd and 3rd Part only consist of hyphens thus indicating that neither the Group members nor Others would be allowed to either read, write or execute this file. You on the other hand have all these 3 properties set so that you are free to do anything with the file.

Now consider the 1st line in the ‘ ls ‘ output

drwxr-xr-x 4 david david 512 Jan 15 11:31 tutorials

Note that the first character on the line is a ‘ d ‘ which indicates that ‘ tutorials ‘ is the name of a directory and not a file.

Important : The permissions for directories take on a slightly different meaning than those for files. This is explained in some detail.

Description of r,w,x for Directories
r
This means that a directory has read permission, so you are allowed to see what files are present within that directory.
w
This means that you could either add , delete or rename the files that exist within that particular directory.
x
Execute would allow you to use the directory name when accessing files inside that directory. For example (not really the simplest example), In Article No. 29 I have explained how users could set a directory for their homepage so that other users can come and see their homepage. For this to be possible, suppose the other user types the name of the particular file with the directory name, unless you have the x permissions set for all the directories present in the request , that user would not be able to view the contents of the file he requests. In case you are confused try experimenting with this. If you are single home user, create another user account and try accessing the first users files. Whenever you get an access denied error, remember to check if you have the x permission set for the directory within which the file you are accessing exists.
Sometimes people call the x permission for directories as Enter permission. Indicating whether or not you are allowed to Enter the directory. This is correct to a certain extent.


In our example the ‘ tutorials ‘ directory has r and x permissions set for group and world. So basically all the users could view the files that are present within that directory. Since the w permission is missing for group and world, they cannot modify add or delete any of the files within the tutorials directory (unless there is a situation as described in the Note below). You on the other hand as usual are allowed to do as you wish. Doesn’t Linux make you feel powerful !!

Now for some technical language. Though I have been calling these r,w and x as permissions, you would generally call them as bits. So don’t look surprised when a Group members asks you to set the read bit for a directory. It basically means, set the read permissions for that directory.

Important : As beginners until you are completely familiar with file permissions, remember one important rule. Never give a directory lesser privileges and the files within that directory more privileges. I mean in case you do not set the x bit for a directory and set the w bit for the files within that directory. Though you may expect that since the directory doesn’t have the x bit set, users cannot enter the directory and so they wont be able to modify your files. Actually the meaning of the x bit for directories is not so simple to understand. Setting permissions as above would allow anyone to delete all your files in that directory. So always give the equal or lesser privileges to the files within a directory as that to the directory itself.If you don’t want the users to have write permissions to your files, remember not to set the w permissions for the files rather than trying to restrict write access using the directory permissions.

Now that you have learnt what file permissions are, the next obvious part is to learn how to modify them. You have to use the chmod command to change the permissions of a file or directory. To run chmod on a file you should either own the file or you should be the superuser .

The way to use chmod is

$ chmod [newpermissions] [filenames]

Now comes a bit tricky part for beginners (more so for those who don’t have a mathematical background), but I shall try to explain the problem. For chmod the newpermissions have to set using an octal number rather than a decimal number. In case you understood the previous sentence, then you have no problems. If you didn’t then read the next paragraph.

Note : In case you don’t want to understand the octal system method there is a simpler method stated at the end of this article. But the octal number method is almost used by all (atleast by those who consider themselves to be powerusers)

I will not explain the concepts behind octal numbers. I shall only talk about the octal numbers that could be used with chmod. Below are the octal numbers representing different permissions

r, w, x Permissions
Binary
Octal

000
0
–x
001
1
-w-
010
2
-wx
011
3
r–
100
4
r-x
101
5
rw-
110
6
rwx
111
7

You have learnt that there are 9 bits associated with every file / directory (split into 3 parts) to decide the permissions. So in case you have the r,w,x permissions set for a file translate that to a 111 which you should further translate to the number 7 using the above table.

Suppose there is a file with the following permissions as shown in this sample ‘ ls ‘ output

frwxr-xr-x 4 david david 1240 Jan 15 08:12 viewresume

The existing permissions for the above file in octal numbers could be represented as follows

rwxr-xr-x 
==> 111101101 ==> 755

That’s it!! I guess it wasn’t so tough after all. Use the above table and figure out the permissions for other files as well. Once you get used to these conversions, you would be able to do it in no time.

Now in case you want to change the permissions so that group members and others can neither read nor execute this file, you would require the new permissions to look something like the following

rwx—— ==> 111000000 ==> 700

So the exact command that you would be typing at the prompt would be

$ chmod 700 viewresume

Now check the permissions of the file once again with an ‘ ls ‘ command and you would see the changes that you just made.

For your quick reference here are a few standard numeric codes (that’s what it is called) that are often used..

Frequently used numeric parameters for chmod
755
The general preferred permissions for almost all the files on your disk
700
Extremely private data
500
Extremely private data that you would not like to accidentally modify. So write protect it
775
General files used when working as a Group (Others can only view/execute your files)
770
Important files used when working as a Group (Others cannot do anything with your files)
750
Allowing group to view your files but no write access (Others cannot do anything with your files)
777
Something you should never want to do 😉


There’s another method to change the permissions of files rather than using these octal numbers (in case you just didn’t get the hang of it). I prefer the octal number method. Others may prefer the following method

$ chmod g-r,g-x,o-r,o-x viewresume

The above command does exactly the same thing that ‘ chmod 700 ‘ command did. Yeah this one is lengthier but its simpler to understand. Its explained below in case you couldn’t figure it..

g-r g = group – (hyphen) = remove r = read permission
o-x o = other(world) – (hyphen) = remove x = execute permission

I guess you got the point.. the other 2 parameters (g-x,o-r) can also be expanded in the same way. Thus the above command asks Linux to remove the r and x permission for both the group members and others (rest of world).

Here is a quick reference if you prefer to use this method (its called the symbolic method)

Symbolic parameters for chmod
u
User (yourself)
g
Group (members of the same group)
o
Others (rest of world)
a
All of the above 3 (u,g and o)
Remove this permission
+
Add this permission
=
Set to this permission
r
Read access
w
Write access
x
Execute access.

Here is another example to make things more clear.

$ chmod g=rwx myprogram.c

The above command would give the group that the file belongs to, read-write-execute permissions irrespective of what the previous permissions were (for the file named myprogram.c)

I have discussed how to use chmod with parameters in numeric mode(755,700, etc.) in more detail than using it with parameters in the symbolic mode (u,g,o, etc.). This is because I have never used the symbolic mode of chmod. I had to refer to my books to get the technical details for this article. I have been using the octal numeric mode since the first time I used chmod.

Via codecoffee.com

More contents in: , ,

About -

Hey, this blog belongs to me! I am the founder of TechTipLib and managing editor right now. And I love to hear what do you think about this article, leave comment below! Thank you so much…