In the first part of this series on file permissions, I didn’t exactly get to the part about permissions.
Instead, I presented some details about users, groups, and file details that laid the groundwork for part two, which is today’s lesson.
This is when we actually get to explore the various aspects of file permissions that, when combined, allow the owner of a file (or root!) to be able to control access to it.
When you list file details from the command line, you get to see each file’s permissions, which may look similar to the following:
rwxrwxr-x or rw-rw-r–
To begin, let’s split permissions into two distinct parts — modes and levels — and explore each of those parts.
Modes of Permission
There are three distinct modes of permission, handled in the following order:
1. Owner
2. Group
3. Everyone (All Users)
Each mode’s permissions are independent of one another. In other words, the owner’s permissions are separate from the group’s permissions, which are separate from everyone else’s permissions.
In general you will want the owner to have full access to a file, the group to have limited access to a file, and everyone else to have limited to no access to a file. Modes are what allow this to work.
In some instances, each mode may be referred to by a single letter, in which case “everyone else” gets broken into two segments:
User (Owner) | u |
Group | g |
Others (Not in Group) | o |
All Users (Everyone) | a |
Levels of Permission
There are three distinct levels — or types — of permission, handled in the following order:
1. Read
2. Write
3. Execute
Read permission refers to whether or not access is granted for a file to be read/opened/accessed.
Write permission refers to whether or not access is granted for a file to be edited/updated/changed.
Execute permission refers to whether or not access is granted for a file to be executed or for the contents of a directory to be viewed.
Each of these three levels of permission can be expressed by either a single letter, or by a single number:
Read | r | 4 |
Write | w | 2 |
Execute | x | 1 |
If you can memorize the above chart, it will help quite a bit in being able to understand and set file permissions in the future.
The letters are most useful when reading file permissions, and the numbers (either alone or added together in some combination) are most often used to set file permissions.
Putting Modes & Levels Together
After learning about modes and levels of permission separately, it’s time to put them back together.
Remember that you learned about modes in the order that they appear: owner, group and everyone else.
You also learned about levels in the order that they appear: read, write and execute.
So when you see the permissions of a file in your command line, you can expect to see three letters indicating the permission level of the owner, then three for the group, then three for everyone else, all back-to-back, in that order.
Dashes are used as placeholders indicating that a level of permission (read, write or execute) is not allowed for that mode.
rwxrwxr-x The owner has read/write/execute permission, the group has read/write/execute permission and everyone else has read/execute permission.
rw-rw-r– The owner has read/write permission, the group has read/write permission and everyone else has read permission.
You should be able to see now, how the letters make sense in their native environment. Let’s move on and learn how to use numbers and mode letters to set these, and other permissions.
Using chmod to Change File Permissions
Note: File permissions can be changed by the owner of the file, and/or root.
The chmod command is used to change file permissions, or “mode bits”.
The required arguments are the mode and the file name, otherwise known as “what to change to” and “what to change”.
Although there are several different ways to use chmod to change or set permissions, I like using the numeric method, myself. You can do this by adding together the numeric levels of permission (Read = 4, Write = 2, Execute = 1, None = 0) for each mode. The lowest numeric value (no permissions) is 0, and the highest (full read/write/execute permissions) is 7.
chmod 775 TestFile.txt
will set your file permissions to rwxrwxr-x. The user and group have read/write/execute permission and everyone else has read/execute permission.
chmod 664 TestDirectory
will set your file permissions to rw-rw-r–. The user and group have read/write permission and everyone else has read permission.
Using the numeric method involves some of the most simple math that you’ll ever run across, and that in itself makes it fun!
Another way to use chmod is to utilize the letter modes together with the letter levels, separated by either the + operator to add permissions, or the – operator to take away permissions.
This method is primarily used to add to or take away from existing permissions, without completely re-writing them all. Some examples are:
chmod ug+rwx TestFile.txt
will give read/write/execute permission to a file’s user and group. The “everyone else” permissions will not be touched.
chmod a-r TestDirectory
will take read permission away from all users, including the owner and group. Replace the – with a + to restore read access to all users.
Type man chmod
into your command line for additional details.
Summary
With great knowledge comes great responsibility. Now that you know how to go around changing file permissions, make sure and carefully consider whether or not you should make changes.