Linux File Permission : chmod Command in Linux
Linux File Permission
Introduction to Linux File Permission
Linux file permission is a very important aspects in terms of security issues for the system administrator of Linux Operating System. Actually, chmod Command in Linux plays a greater role to keep all the files and directories of the system safe and secure so that no unauthorized person can change, modify or delete content of any files or directories. Following color coding is used to describe the content better in applying chmod command in Linux.
- Bold Font with blue color – Commands and options
- Italic Font with red color – Files and directories
- Bold Italic Font with green color – Users or Groups
The user, who created a file or directory, is called the owner of that file or directory. So, the user can access permission of various level to other users. However, root user can handle Linux File permission process broadly for any file or directories of any owner of the system.
Basically, there are only three types of permissions available in Linux and can be given access to various users and groups depending of their tasks, job roles and responsibilities :-
- Read (r) – Reading permission restricts user only to read the file or directory. No amendment, modification, editing or deletion can be made by the user, to whom the reading permission is given.
- Write (w) – Writing permission is being granted to some trust able or responsible users, who is empowered to change content of the file or directory in terms of editing or up gradation.
- Execute (x) – Execute permission is granted to those nominated users who are authorized to execute the file/program or directories etc.
- Owner – Owner is the user, who actually created the file or directory.
- Group – The group to whome the file or directory has been accessed for use. It means the permissions is applicable for all the members of the group.
- Other Users – Other users are actually those users who are not owner or member of the relevant group.
How to View Linux File Permission
ls -l /home/zivi
Description : Use of option “-l” with command “ls” will show the complete details (long listing format) of each files/directories.
How to Create a Group and Change Ownership of a File
chgrp sales /home/zivi/resume
Description : Using command “groupadd“, a group “sales” created by root user. After that, ownership of the file “resume” under the “zivi” user has been changed to group “sales“.
How to View Linux File Permission for a Specific File or Directory
ls -l /home/zivi | grep resume
Description: Full details of the file (long listing format) “resume” kept in the home directory of user “zivi” is displaying here. Let us understand column-wise meaning of long listing format with help of the following diagram.
- 1st Column – Indicates whether it is a directory or a file. “d” will be shown for a directory whereas, “-” will be shown for a file.
- 2nd Column – Indicates permission level for three types of users i.e., “Owner“, “Group” or “Others” with format of “rwxrwxrwx“. The permission level is being discussed below separately.
- 3rd column – Indicates number of hard links.
- For files, number of hard links will be shown as “1” by default, since each and every files are being kept in a single directory only.
- For directories, number of hard links will be shown as “2” by default, if the directory has no child directory. In case of a directory has any child directory then the number of hard links will be shown as “3” and this number will be incremented upon each child directory.
- 4th Column – User name will be shown.
- 5th Column – Group name will be shown.
- 6th Column – Size of the file will be shown here.
- 7th Column – Date on which created the file or directory.
- 8th Column – Time of creation of the file or directory in 24 hr format.
- 9th Column – Name of the file or directory with extension, if applicable.
Understanding Linux File Permission
The format of file or directory permission is being coded as “rwxrwxrwx” (three times “rwx“). However, format “rwxrw-r-x” is taken into consideration for better understand the Linux File Permission, shown in the following diagram.
Permission Applicable for Different Type of Users.
- First “rwx” is permission for the Owner of the file or directory.
- Second “rwx” is permission for the Group of the file or directory.
- Third “rwx” is permission for Other Users of the file or directory.
Meaning and Value of Code “rwx”
Numeric Value of Different Types of Permission
|Numeric Code||Code Break||Meaning||Permission|
|0||0||No permission||– – –|
|1||1||Execute only||– – x|
|3||2 + 1||Write and Execute||-wx|
|4||4||Read only||r – –|
|5||4 + 1||Read and Execute||r-x|
|6||4 + 2||Read and Write||rw-|
|7||4 + 2 + 1||Read, Write and Execute||rwx|
Default Permissions for Newly Created File
By default, on creation of new file, the permission code will be as “rw-rw-r – –“. The code may be defined as under :-
- First three code, “rw-” is for owner of the file. It means reading and writing in the file is permitted to the owner of the file.
- Second three code, “rw-” for the group of the file. It means all the member users of the group can read or write in the file.
- Third three code, “r – –” for the other users of the file. It means all the other users, who are not owner or member of the group, can only read the file. They can not write or amend the file anyway.
Default Permissions for Newly Created Directory
By default, on creation of new directory, the permission code will be as “rwxrwxr-x“. The code may be defined as under :-
- First three code, “rwx” is for owner of the directory, i.e., who created it. It means reading, writing and execution in the directory is permitted to the owner.
- Second three code, “rwx” for the group of the directory. It means all the member users of the group can read, write or execute the directory.
- Third three code, “r-x” for the other users of the directory. It means all the other users, who are not owner or member of the group, can read or execute the directory. They can not create any new file, or modify the directory anyway.
Decoding Permission Code into Numeric Value
|Permission||1st 3 Code||2nd 3 Code||3rd 3 Code||Numeric Value of 1st 3 Code||Numeric Value of 2nd 3 Code||Numeric Value of 3rd 3 Code||Numeric Code|
|r-x-wx- -x||r-x||-wx||– -x||5||3||1||531|
|rwxrw-r – –||rwx||rw-||r – –||7||6||4||764|
Decoding Numeric Code into Permission Code
|Numeric Code||1st Digit||2nd Digit||3rd Digit||1st 3 Code||2nd 3 Code||3rd 3 Code||Permission|
|630||6||3||0||rw-||-wx||– – –||rw- -wx- – –|
|751||7||5||1||rwx||r-x||– -x||rwxr-x- -x|
|444||4||4||4||r- –||r- –||r- –||r- -r- -r- –|
How to Apply Custom Permission when a Directory being Created
In this process, the command “mkdir” will be used. This process has been well described in the blog “Make Directory using mkdir Command in Linux Complete Tutorial“
How to Apply Linux File Permission Change
Various Types of Changes
Symbols to be Used
|To add any permission||+|
|To remove any permission||–|
|To set permission forcefully by erasing earlier||=|
Options to be Used
|Users or Owners||u|
Change of Permission for Owner of Files
Description : This command is used for change of permission for the user of the file. The permission for owner of the file has changed from “rw-” to “rwx”.
chmod u+x /home/zivi/cat
Description : use of “u” with “+x” is optional. Permission of owner may be changed with use of “u” or without “u“. Use of “u” is not mandatory for owners permission.
Removing Permission for Owner of Directory
chmod -rwx documents
Description : Earlier the permission for owner of the directory was “rwx“. After use of this command the permission changed to “– – –“, means the permission of “rwx” withdrawn.
Setting Permission by Force
chmod =rwx documents
Description : Again the permission of “rwx” granted to the owner of directory “documents“.
Change of Group Permission
chmod g-wx /home/zivi/images
Description : Earlier, the group permission for the directory “images” set to “rwx“. After applying the command, the permission changed to “r – –” for group.
Remove all permissions from Other Users
chmod o-rwx /home/zivi/documents
Description : Earlier, permission for other users of directory “documents” set to “r-x“. After applying the command, the permission set to “– – –“.
Add Permissions to All Users at once
chmod ugo+rwx /home/zivi/cat
Description : All the permissions i.e., read (r), write (w) and execute (x) to be granted to all the users i.e., owner, group and other users.
chmod a+rw /home/zivi/images
Description : The symbol “a” may be used in place of “ugo” for accessing permissions to all users i.e., owner, group and other users. In this example, “rw” permission granted to all users, however, the users who were already granted permission of “x” earlier, the same still exists.
Change Complete Permission for All Users at Once
chmod a=rw /home/zivi/images
Description : Earlier the permission was “rwxrw-rwx“. After applying the command permission of “rw” applied for all users by force and the permission is now set to “rw-rw-rw-“.
Change Permission with Numeric Value
chmod 001 /home/zivi/cat
Description : Earlier the group permission of file “cat” set to “rwx“. After applying this command the permission “– – – – – – – – x“, will be given as under :-
- No permission for owner of the file “cat“
- No permission for all users of group of the file “cat“
- Execution permission for all other users of the system.
Various Examples of Change of Permission of file “Data” for Different Users.
|Permission Status||Command Applied||New Permission Status||Explanation|
|r-xrw-r- –||chmod 736 data||rwx-wxrw-||7 for rwx, 3 for -wx & 6 for rw-|
|rwxr-x- -x||chmod 017 data||– – – – – xrwx||0 for – – -, 1 for – – x & 7 for rwx|
|rwx-w-r- –||chmod 347 data||-wxr- -rwx||3 for -wx, 4 for r – – & 7 for rwx|
|rwxrw-r- –||chmod a=rwx data||rwxrwxrwx||permission rwx set for all|
|rwxrwxr – –||chmod ugo=rx data||r-xr-xr-x||Permission r-x set for all|
|– – xr-xrwx||chmod u+r data||r-xr-xrwx||Permission r added with user|
|r-xr-xr- –||chmod o-r data||r-xr-x- – –||Permission r removed from Other User|
|rw-rw- – -x||chmod g=x||rw- – -x- -x||Permission x set for group|
|rw- – -xr-x||chmod ug=wx||-wx-wxr-x||Permission wx set for owner and group|
|-wxrwx- -x||chmod u+r, g=w||rwx-w- – -x||Permission r added with owner & w set for Group|
Use of Options for Linux File Permission Change
Copy File permission of a File to Another File
chmod –reference /home/zivi/biodata /home/zivi/cat
Description : file permission status of file “biodata” is given to file “cat“.
Change Permission of all Files and Folders in a Directory
chmod -R 751 documents
Description : 7 stands for “rwx“, 5 stands for “r-x” and 1 stands for “– -x“. Hence, the permission “rwxr-x- -x” have been set to all the folders and files of the directory “documents“, when option “-R” used with “chmod” command.
Change File Permission with Getting a Report from the System
chmod -c 641 biodata
Description : 6 stands for “rw-“, 4 stands for “r- –” and 1 stands for “– -x“. Hence, the permission changed to “rw-r- – – -x” for file “biodata” and also a report generated on the changes.
Getting Help on Use of chmod Command in Linux
Description : A list of all options of the command “chmod” will be displayed.
Special Tips !!!
Remove Execute Permission of “chmod” command File
The location of “chmod” command file in the system is /usr/bin/chmod
To remove execute permission following command will be run :-
chmod -x /usr/bin/chmod
Now the command “chmod” will not work since its execution permission withdrawn.
How to Resolve the Issue?
Use of setfacl Command
setfacl -m u:root:rwx /usr/bin/chmod
Description : The command “setfacl” will give permission to the command file “chmod” for read, write or execution by user or root user.
Use of cp and cat command
In this process, we have to work as under :-
- Make a copy of any normal command file in the directory /usr/bin/ as a different name
cp /usr/bin/ls /usr/bin/bwc
- Copy the content of “chmod” file into the newly created file “bwc“
cat /usr/bin/chmod > /usr/bin/bwc
- This will replace the content of file “chmod” in the file “bwc“, which was copied from file “ls“.
- Now a command “bwc” has been prepared, which will function like command “chmod” with execution permission.
- Run command “bwc” and give execution permission to file “chmod“.
bwc +x /usr/bin/chmod
- Now permission of execution has been granted to the file “chmod“. Hence, command “chmod” will function properly. You can delete the newly created command file “bwc“.
You can also visit at the following links to read more on Linux :-