linux file permission

Linux File Permission Change by chmod Command in Linux Guide for Beginners

Linux File Permission : chmod Command in Linux

Linux File Permission

Introduction to Linux File Permission

Linux file permission is a very important aspects in terms of security issues for the system administrator of Linux Operating System. Actually, chmod Command in Linux plays a greater role to keep all the files and directories of the system safe and secure so that no unauthorized person can change, modify or delete content of any files or directories. Following color coding is used to describe the content better in applying chmod command in Linux.

  • Bold Font with blue color  – Commands and options
  • Italic Font with red color – Files and directories
  • Bold Italic Font with green color – Users or Groups

Owner

The user, who created a file or directory, is called the owner of that file or directory. So, the user can access permission of various level to other users. However, root user can handle Linux File permission process broadly for any file or directories of any owner of the system.

Permission

Basically, there are only three types of permissions available in Linux and can be given access to various users and groups depending of their tasks, job roles and responsibilities :-

  • Read (r) – Reading permission restricts user only to read the file or directory. No amendment, modification, editing or deletion can be made by the user, to whom the reading permission is given.
  • Write (w) – Writing permission is being granted to some trust able or responsible users, who is empowered to change content of the file or directory in terms of editing or up gradation.
  • Execute (x) – Execute permission is granted to those nominated users who are authorized to execute the file/program or directories etc.

Again, Linux file permission can be divided into three parts in terms of users :-

  • Owner – Owner is the user, who actually created the file or directory.
  • Group – The group to whome the file or directory has been accessed for use. It means the permissions is applicable for all the members of the group.
  • Other Users – Other users are actually those users who are not owner or member of the relevant group.

How to View Linux File Permission

ls -l /home/zivi

Linux File Permission - How to View Long Listing Format
Linux File Permission – How to View Long Listing Format

Description : Use of option “-l” with command “ls” will show the complete details (long listing format) of each files/directories.

How to Create a Group and Change Ownership of a File

groupadd sales

chgrp sales /home/zivi/resume

Linux File Permission - Create a Group and Change Ownership
Linux File Permission – Create a Group and Change Ownership

Description : Using command “groupadd“, a group “sales” created by root user. After that, ownership of the file “resume” under the “zivi” user has been changed to group “sales“.

How to View Linux File Permission for a Specific File or Directory

ls -l /home/zivi | grep resume

Linux File Permission - View File Permission for Specific File
Linux File Permission – View File Permission for Specific File

Description: Full details of the file (long listing format) “resume” kept in the home directory of user “zivi” is displaying here. Let us understand column-wise meaning of long listing format with help of the following diagram.

Linux File Permission - Understanding Long Listing Format of Permission
Linux File Permission – Understanding Long Listing Format of Permission
  • 1st Column – Indicates whether it is a directory or a file. “d” will be shown for a directory whereas, “-” will be shown for a file.
  • 2nd Column – Indicates permission level for three types of users i.e., “Owner“, “Group” or “Others” with format of “rwxrwxrwx“. The permission level is being discussed below separately.
  • 3rd column – Indicates number of hard links.
    • For files, number of hard links will be shown as “1” by default, since each and every files are being kept in a single directory only.
    • For directories, number of hard links will be shown as “2” by default, if the directory has no child directory. In case of a directory has any child directory then the number of hard links will be shown as “3” and this number will be incremented upon each child directory.
  • 4th Column – User name will be shown.
  • 5th Column – Group name will be shown.
  • 6th Column – Size of the file will be shown here.
  • 7th Column – Date on which created the file or directory.
  • 8th Column – Time of creation of the file or directory in 24 hr format.
  • 9th Column – Name of the file or directory with extension, if applicable.

Understanding Linux File Permission

Format

The format of file or directory permission is being coded as “rwxrwxrwx” (three times “rwx“). However, format “rwxrw-r-x” is taken into consideration for better understand the Linux File Permission, shown in the following diagram.

Linux File Permission - Understanding Permissions
Linux File Permission – Understanding Permissions

Permission Applicable for Different Type of Users.

  • First “rwx” is permission for the Owner of the file or directory.
  • Second “rwx” is permission for the Group of the file or directory.
  • Third “rwx” is permission for Other Users of the file or directory.

Meaning and Value of Code “rwx”

Code Meaning Numeric Value
r Read permission 4
w Writing permission 2
x Execute permission 1
No permission 0

Numeric Value of Different Types of Permission

Numeric Code Code Break Meaning Permission
0 0 No permission – – –
1 1 Execute only – – x
2 2 Write only -w-
3 2 + 1 Write and Execute -wx
4 4 Read only r – –
5 4 + 1 Read and Execute r-x
6 4 + 2 Read and Write rw-
7 4 + 2 + 1 Read, Write and Execute rwx

Default Permissions for Newly Created File

Linux File Permission - Default Permission for Newly Created File
Linux File Permission – Default Permission for Newly Created File

By default, on creation of new file, the permission code will be as “rw-rw-r – –“. The code may be defined as under :-

  • First three code, “rw-” is for owner of the file. It means reading and writing in the file is permitted to the owner of the file.
  • Second three code, “rw-” for the group of the file. It means all the member users of the group can read or write in the file.
  • Third three code, “r – –” for the other users of the file. It means all the other users, who are not owner or member of the group, can only read the file. They can not write or amend the file anyway.

Default Permissions for Newly Created Directory

Linux File Permission - Default Permission for Newly Created Directory
Linux File Permission – Default Permission for Newly Created Directory

By default, on creation of new directory, the permission code will be as “rwxrwxr-x“. The code may be defined as under :-

  • First three code, “rwx” is for owner of the directory, i.e., who created it. It means reading, writing and execution in the directory is permitted to the owner.
  • Second three code, “rwx” for the group of the directory. It means all the member users of the group can read, write or execute the directory.
  • Third three code, “r-x” for the other users of the directory. It means all the other users, who are not owner or member of the group, can read or execute the directory. They can not create any new file, or modify the directory anyway.

Decoding Permission Code into Numeric Value

Linux File Permission - Decoding Permission Code into Numeric Value
Linux File Permission – Decoding Permission Code into Numeric Value
Permission 1st 3 Code 2nd 3 Code 3rd 3 Code Numeric Value of 1st 3 Code Numeric Value of 2nd 3 Code Numeric Value of 3rd 3 Code Numeric Code
rwxrwxrwx rwx rwx rwx 7 7 7 777
r-x-wx- -x r-x -wx – -x 5 3 1 531
rwxrw-r – – rwx rw- r – – 7 6 4 764

Decoding Numeric Code into Permission Code

Linux File Permission - Decoding Numeric Code into Permission Code
Linux File Permission – Decoding Numeric Code into Permission Code
Numeric Code 1st Digit 2nd Digit 3rd Digit 1st 3 Code 2nd 3 Code 3rd 3 Code Permission
630 6 3 0 rw- -wx – – – rw- -wx- – –
751 7 5 1 rwx r-x – -x rwxr-x- -x
444 4 4 4 r- – r- – r- – r- -r- -r- –

How to Apply Custom Permission when a Directory being Created

In this process, the command “mkdir” will be used. This process has been well described in the blog “Make Directory using mkdir Command in Linux Complete Tutorial

How to Apply Linux File Permission Change

Syntax

chmod [options]

Various Types of Changes

Symbols to be Used

To add any permission +
To remove any permission
To set permission forcefully by erasing earlier =

Options to be Used

Users or Owners u
Groups g
Other Users o
All Users a

Change of Permission for Owner of Files

Chmod +rwx

Linux File Permission - Change of Permission for Owner of Files
Linux File Permission – Change of Permission for Owner of Files

Description : This command is used for change of permission for the user of the file. The permission for owner of the file has changed from “rw-” to “rwx”.

chmod u+x /home/zivi/cat

Linux File Permission - Add Permission for Owner of Files
Linux File Permission – Add Permission for Owner of Files

Description : use of “u” with “+x” is optional. Permission of owner may be changed with use of “u” or without “u“. Use of “u” is not mandatory for owners permission.

Removing Permission for Owner of Directory

chmod -rwx documents

Linux File Permission - Removing Permission for Owner of Directory
Linux File Permission – Removing Permission for Owner of Directory

Description : Earlier the permission for owner of the directory was “rwx“. After use of this command the permission changed to “– – –“, means the permission of “rwx” withdrawn.

Setting Permission by Force

chmod =rwx documents

Linux File Permission - Setting Permission by Force
Linux File Permission – Setting Permission by Force

Description : Again the permission of “rwx” granted to the owner of directory “documents“.

Change of Group Permission

chmod g-wx /home/zivi/images

Linux File Permission - Change of Group Permission
Linux File Permission – Change of Group Permission

Description : Earlier, the group permission for the directory “images” set to “rwx“. After applying the command, the permission changed to “r – –” for group.

Remove all permissions from Other Users

chmod o-rwx /home/zivi/documents

Linux File Permission - Remove all Permissions from Other Users
Linux File Permission – Remove all Permissions from Other Users

Description : Earlier, permission for other users of directory “documents” set to “r-x“. After applying the command, the permission set to “– – –“.

Add Permissions to All Users at once

chmod ugo+rwx /home/zivi/cat

Linux File Permission - Add Permissions to all Users at Once
Linux File Permission – Add Permissions to all Users at Once

Description : All the permissions i.e., read (r), write (w) and execute (x) to be granted to all the users i.e., owner, group and other users.

chmod a+rw /home/zivi/images

Linux File Permission - Add Limited Permissions to all Users at Once
Linux File Permission – Add Limited Permissions to all Users at Once

Description : The symbol “a” may be used in place of “ugo” for accessing permissions to all users i.e., owner, group and other users. In this example, “rw” permission granted to all users, however, the users who were already granted permission of “x” earlier, the same still exists.

Change Complete Permission for All Users at Once

chmod a=rw /home/zivi/images

Linux File Permission - Change Complete Permission of All Users
Linux File Permission – Change Complete Permission of All Users

Description : Earlier the permission was “rwxrw-rwx“. After applying the command permission of “rw” applied for all users by force and the permission is now set to “rw-rw-rw-“.

Change Permission with Numeric Value

chmod 001 /home/zivi/cat

Linux File Permission - Change Permission with Numeric Value
Linux File Permission – Change Permission with Numeric Value

Description : Earlier the group permission of file “cat” set to “rwx“. After applying this command the permission “– – – – – – – – x“, will be given as under :-

  • No permission for owner of the file “cat
  • No permission for all users of group of the file “cat
  • Execution permission for all other users of the system.

Various Examples of Change of Permission of file “Data” for Different Users.

Permission Status Command Applied New Permission Status Explanation
r-xrw-r- – chmod 736 data rwx-wxrw- 7 for rwx, 3 for -wx & 6 for rw-
rwxr-x- -x chmod 017 data – – – – – xrwx 0 for – – -, 1 for – – x & 7 for rwx
rwx-w-r- – chmod 347 data -wxr- -rwx 3 for -wx, 4 for r – – & 7 for rwx
rwxrw-r- – chmod a=rwx data rwxrwxrwx permission rwx set for all
rwxrwxr – – chmod ugo=rx data r-xr-xr-x Permission r-x set for all
– – xr-xrwx chmod u+r data r-xr-xrwx Permission r added with user
r-xr-xr- – chmod o-r data r-xr-x- – – Permission r removed from Other User
rw-rw- – -x chmod g=x rw- – -x- -x Permission x set for group
rw- – -xr-x chmod ug=wx -wx-wxr-x Permission wx set for owner and group
-wxrwx- -x chmod u+r, g=w rwx-w- – -x Permission r added with owner & w set for Group

Use of Options for Linux File Permission Change

Copy File permission of a File to Another File

chmod –reference /home/zivi/biodata /home/zivi/cat

Linux File Permission - Copy File Permission of a File to Another File
Linux File Permission – Copy File Permission of a File to Another File

Description : file permission status of file “biodata” is given to file “cat“.

Change Permission of all Files and Folders in a Directory

chmod -R 751 documents

Linux File Permission - Change Permission of all Files and Folders in a Directory
Linux File Permission – Change Permission of all Files and Folders in a Directory

Description : 7 stands for “rwx“, 5 stands for “r-x” and 1 stands for “– -x“. Hence, the permission “rwxr-x- -x” have been set to all the folders and files of the directory “documents“, when option “-R” used with “chmod” command.

Change File Permission with Getting a Report from the System

chmod -c 641 biodata

Linux File Permission - Change File Permission with Getting a Report
Linux File Permission – Change File Permission with Getting a Report

Description : 6 stands for “rw-“, 4 stands for “r- –” and 1 stands for “– -x“. Hence, the permission changed to “rw-r- – – -x” for file “biodata” and also a report generated on the changes.

Getting Help on Use of chmod Command in Linux

chmod –help

Linux File Permission - Getting Help on Use of chmod Command in Linux
Linux File Permission – Getting Help on Use of chmod Command in Linux

Description : A list of all options of the command “chmod” will be displayed.

Special Tips !!!

Remove Execute Permission of “chmod” command File

The location of “chmod” command file in the system is /usr/bin/chmod
To remove execute permission following command will be run :-

chmod -x /usr/bin/chmod

Now the command “chmod” will not work since its execution permission withdrawn.

How to Resolve the Issue?

Use of setfacl Command

setfacl -m u:root:rwx /usr/bin/chmod

Description : The command “setfacl” will give permission to the command file “chmod” for read, write or execution by user or root user.

Use of cp and cat command

In this process, we have to work as under :-

  • Make a copy of any normal command file in the directory /usr/bin/ as a different name
    cp /usr/bin/ls /usr/bin/bwc
  • Copy the content of “chmod” file into the newly created file “bwc
    cat /usr/bin/chmod > /usr/bin/bwc
  • This will replace the content of file “chmod” in the file “bwc“, which was copied from file “ls“.
  • Now a command “bwc” has been prepared, which will function like command “chmod” with execution permission.
  • Run command “bwc” and give execution permission to file “chmod“.
    bwc +x /usr/bin/chmod
  • Now permission of execution has been granted to the file “chmod“. Hence, command “chmod” will function properly. You can delete the newly created command file “bwc“.

You can also visit at the following links to read more on Linux :-

If Appreciate My Work, You should consider:

Leave a Comment