File Permissions - chmod

Discussion in 'Beginner Tutorials' started by Rob, Jul 9, 2013.

  1. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    214
    Trophy Points:
    43
    Linux has inherited from UNIX the concept of ownerships and permissions for files. This is basically because it was conceived as a networked system where different people would be using a variety of programs, files, etc. Obviously, there's a need to keep things organized and secure. We don't want an ordinary user using a program that could potentially trash the whole system. There are security and privacy issues here as well. Let's face it, we don't want Bill to read Bob's love letters to the Janet who works in R & D. (because Janet is Bill's fiance) In the end, it's important to know what belongs to me, to you and to everybody.

    As we mentioned at the beginning of this course, the big advantage that Linux has is its multi-user concept- the fact that many different people can use the same computer or that one person can use the same computer to do different jobs. That's where the system of file permissions comes in to help out in what could be a very confusing situation. We're going to explain some basic concepts about who owns the file and who can do what with a file. We won't get into an enormous amount of detail here. We'll save that for the Linux system administration course. We will show you how to understand file permission symbols and how to modify certain files so that they're more secure.

    File permission symbols

    If you run the command
    Code:
    ls -l
    in your home directory, you will get a list of files that may include something like this

    Code:
    -rw-r--r--  1  bob  users  1892  Jul 10  18:30 linux_course_notes.txt
    This basically says, interpreting this from RIGHT to LEFT that the file, linux_course_notes.txt was created at 6:30 PM on July 10 and is 1892 bytes large. It belongs to the group users (i.e, the people who use this computer). It belongs to bob in particular and it is one (1) file. Then come the file permission symbols.

    Let's look at what these symbols mean:

    The dashes - separate the permissions into three types

    The first part refers to the owner's (bob's) permissions.

    The dash - before the rw means that this is a normal file that contains any type of data. A directory, for example, would have a d instead of a dash.

    The rw that follows means that bob can read and write to (modify) his own file. That's pretty logical. If you own it, you can do what you want with it.

    The second part of the these symbols after the second dash, are the permissions for the group. Linux can establish different types of groups for file access. In a one home computer environment anyone who uses the computer can read this file but cannot write to (modify) it. This is a completely normal situation. You, as a user, may want to take away the rights of others to read your file. We'll cover how to do that later.

    After the two dashes (two here because there is no write permissions for the group) come the overall user permissions. Anyone who might have access to the computer from inside or outside (in the case of a network) can read this file. Once again, we can take away the possibility of people reading this file if we so choose.

    Let's take a look at some other examples. An interesting place to look at different kinds of file permissions is the /bin directory. Here we have the commands that anybody can use on the Linux system. Let's look at the command for gzip, a file compression utility for Linux.

    Code:
    -rwxr-xr-x  1 root    root        53468 May  1  1999 gzip
    As we see here, there are some differences.

    The program name, date, bytes are all standard. Even though this is obviously different information, the idea is the same as before.

    The changes are in the owner and group. Root owns the file and it is in the group "root". Root is actually the only member of that group.

    The file is an executable (program) so that's why the letter x is among the symbols.

    This file can be executed by everybody: the owner (root), the group (root) and all others that have access to the computer

    As we mentioned, the file is a program, so there is no need for anybody other than root to "write" to the file, so there is no w permissions for it for anybody but root.

    If we look at a file in /sbin which are files that only root can use or execute, the permissions would look like this:

    Code:
    -rwxr--r--  1 root    root        1065 Jan 14  1999 cron
    'cron' is a program on Linux systems that allows programs to be run automatically at certain times and under certain conditions. As we can see here, only root, the owner of the file, is allowed to use this program. There are no xpermissions for the rest of the users.

    We hope you enjoyed this little walk-through of file permissions in Linux. Now that we know what we're looking for, we can talk about changing certain permissions.

    chmod

    chmod is a Linux command that will let you \"set permissions\" (aka, assign who can read/write/execute) on a file.

    Code:
    chmod permissions file
    Code:
    chmod permission1_permission2_permission3 file
    When using chmod, you need to be aware that there are three types of Linux users that you are setting permissions for. Therefore, when setting permissions, you are assigning them for yourself, "your group" and "everyone else" in the world. These users are technically know as:

    Owner
    Group
    World

    Therefore, when setting permissions on a file, you will want to assign all three levels of permissions, and not just one user.

    Think of the chmod command actually having the following syntax...

    chmod owner group world FileName

    Now that you understand that you are setting permissions for THREE user levels, you just have to wrap your head around what permissions you are able to set!

    There are three types of permissions that Linux allows for each file.

    read
    write
    execute

    Putting it all together:

    So, in laymen terms, if you wanted a file to be readable by everyone, and writable by only you, you would write the chmod command with the following structure.


    COMMAND : OWNER : GROUP : WORLD : PATH

    chmod read & write read read FileName
    Code:
    chmod 644 myDoc.txt
    Wait! What are those numbers?!?

    Computers like numbers, not words. Sorry. You will have to deal with it. Take a look at the following output of `ls -l`

    Code:
    -rw-r--r-- 1 gcawood iqnection 382 Dec 19 6:49 myDoc.txt
    You will need to convert the word read or write or execute into the numeric equivalent (octal) based on the table below.

    4 read (r)
    2 write (w)
    1 execute (x)

    Practical Examples

    chmod 400 mydoc.txt read by owner
    chmod 040 mydoc.txt read by group
    chmod 004 mydoc.txt read by anybody (other)
    chmod 200 mydoc.txt write by owner
    chmod 020 mydoc.txt write by group
    chmod 002 mydoc.txt write by anybody
    chmod 100 mydoc.txt execute by owner
    chmod 010 mydoc.txt execute by group
    chmod 001 mydoc.txt execute by anybody

    Wait! I don't get it... there aren't enough permissions to do what I want!

    Good call. You need to add up the numbers to get other types of permissions...

    So, try wrapping your head around this!!

    7 = 4+2+1 (read/write/execute)
    6 = 4+2 (read/write)
    5 = 4+1 (read/execute)
    4 = 4 (read)
    3 = 2+1 (write/execute)
    2 = 2 (write)
    1 = 1 (execute)

    chmod 666 mydoc.txt read/write by anybody! (the devil loves this one!)
    chmod 755 mydoc.txt rwx for owner, rx for group and rx for the world
    chmod 777 mydoc.txt read, write, execute for all! (may not be the best plan in the world...)

    Good luck! Hope this helps.
    Last edited: Jul 24, 2014
  2. JMCF125

    JMCF125 New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I remember a nice series of articles, and this post was one of them. Does that series still exist? Did you turn it all into a threads like this one? Thanks in advance.
  3. linuxbeginner

    linuxbeginner New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    Very nice article. I complete understood how file permissions work in linux. Thanks a lot.
  4. nkunda janvier roentegen

    nkunda janvier roentegen New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    great,
    i 've learnt about file permissions but i still have a problem of practice cuz i am using windows pc. can anyone help me in how i can use both Linux and windows at the same time without any harm on my pc?
  5. Hazim

    Hazim New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Its sound so easy to learn that " Initially " but I think trying these commands practically is much better than just readin' them . . from this point I will download and install linux Ubuntu 13.04 and try to follow the next lessons , diving in linux world is
    charming !
  6. Morenci

    Morenci New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    nkunda, There are several ways to run Linux and Windows together. My favorite way is to download and use the free VMWare Player. Download your favorite Linux as an ISO file. If you don't have a favorite, for beginners I would recommend either Ubuntu, Linux Mint, Fedora, or OpenSUSE. Just create a new machine in VMWare Player, select your downloaded ISO when prompted, and let VMWare Player do the rest. Then you can run Linux within a window in Windows.

    Morenci
    Linux Mint 15
  7. Skylander

    Skylander New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
  8. m1911star

    m1911star New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Very good article.As a newcomer, I love it.
    Thank you.
  9. Mohanvamshi Kodali

    Mohanvamshi Kodali New Member

    Messages:
    27
    Likes Received:
    8
    Trophy Points:
    3
    to understand mod permissions use binary form of representing numbers.We all know that linux uses 10 bit format format for giving file permissions in which the first bit represents the file type, next 3 bits represents owner of the file, the next three bits represents the corresponding group to which the file belongs to, and the last three bits represents permissions to others.

    for example if we want to give all 3 permissions(read,write,execute)for a file called my txt to owner and read,execute permissions to the group and others we use the following

    chmod 755 mytxt

    let's now interpret this more closely.As we know that linux uses 10 bit format for giving access permissions,in order to give the permissions specified above,we have to change the bits corresponding to those users.we have given the permissions 755 to the file mytxt.
    The binary representation of 7 is 111 which all read write execute permissions are given
    The binary representation of 5 is 101 which only read execute permissions bits corresponding to group are enabled.
    The binary representation of 5 is 101 which only read execute permissions bits corresponding to others are enabled.
  10. Maverick1

    Maverick1 New Member

    Messages:
    24
    Likes Received:
    5
    Trophy Points:
    3
  11. Merlin3189

    Merlin3189 New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Yes. A useful explanation.
    What is puzzling me is when I try to do it,
    > sudo chmod -R -v 775 2013-14
    I get lots of nice messages like,
    mode of `2013-14/SRai/ParentsNov/SANY0215.JPG' changed to 0775 (rwxrwxr-x)
    and nothing that looks like an error message
    But then, when I do,
    > ls -l
    I get messages like,
    -rw-r--r-- 1 root users 1943081 2013-11-05 10:02 SANY0215.JPG
    which seems to say that the permissions have not been changed?
    Now I'm guessing that this has something to do with the fact that the files are (for no reason I understand) owned by this phantom "root"!
    I have tried
    > sudo chown -R -v don:users 2013-14
    and got messages like
    changed ownership of `2013-14/SRai/ParentsNov/SANY0215.JPG' to don:users

    So what is wrong?
  12. audiolover

    audiolover New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I want to give full read/write/execute permission to a directory called "storage", including all the directories in that directory and files.
    I did: "chmod 777 /media/storage" but it does not give me all permissions?
    I can make a directory in storage, put a file in it and execute it. Existing files I cannot execute, furthermore I cannot delete files or directories?
    What am I doing wrong?
  13. audiolover

    audiolover New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Forgot to include, my smb.conf looks like this:

    [global]
    workgroup = smb
    security = share
    share modes = yes

    [homes]
    comment = Home Directories
    browsable = no
    read only = no
    create mode = 0750

    [public]
    path = /media/storage/
    public = yes
    writable = yes
    comment = smb share
    printable = no
    guest ok = yes
  14. MarkII

    MarkII New Member

    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    1
    Hello, I have just installed Ubuntu 12.04.3. I am so new that I'm afraid I don't even know enough to ask the right questions to find this answer for myself. My apologies if this is a stupid question.

    When I open up my Terminal and type "ls -1" in my home directory, I get a vertical list of the directories and files, as opposed to the horizontal list I get without adding "-1"

    I thought perhaps I am supposed to specify a file, so I opened LibreOffice Writer and made a file called PDocs.odt

    Then, I type "ls -1 PDocs.odt [enter]" The result is a line that says "PDocs.odt". Thats it. Why am I not getting permissions?
  15. lobo

    lobo Active Member

    Messages:
    130
    Likes Received:
    74
    Trophy Points:
    28
    Code:
    $ ls -1
    Will print basic output with 1 column
    Code:
    $ ls
    With no options, will print basic output with (usually) 2 columns
    Code:
    $ ls -l
    Will print long form output with one column, but also with columns showing owner, group, permissions, etc.

    Your confusion here is between 1 (number one) and l (lower case L).

    For more info
    Code:
    $ man ls
    Last edited: Dec 23, 2013
    MarkII likes this.
  16. MarkII

    MarkII New Member

    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    1
    -.- Thank You. I knew it would be something simple. I guess my brain was caught in a loop.
  17. Saptarshi Nag

    Saptarshi Nag Member

    Messages:
    40
    Likes Received:
    25
    Trophy Points:
    18
    good stuff :)
    what does the last dash(-) or 'x' mean in the permission format?
  18. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,315
    Likes Received:
    1,052
    Trophy Points:
    113
    x = executable

    Directories are also considered executable, not just binary files like /bin/cp and scripts.

    While I am already here typing,

    l = link (shortcut)
    Haider92 likes this.
  19. Saptarshi Nag

    Saptarshi Nag Member

    Messages:
    40
    Likes Received:
    25
    Trophy Points:
    18
    How can a directory be executable?
  20. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,315
    Likes Received:
    1,052
    Trophy Points:
    113
    Haider92 likes this.

Share This Page