Permissions in Linux File System:
Permission | Applied to a Directory | Applied to Any Other Type of File |
---|---|---|
read (r) | Grants the capability to read the contents of the directory or subdirectories. | Grants the capability to view the file. |
write (w) | Grants the capability to create, modify, or remove files or subdirectories. | Grants write permissions, allowing an authorized entity to modify the file, such as by adding text to a text file, or deleting the file. |
execute (x) | Grants the capability to enter the directory. | Allows the user to “run” the program. |
- | No permission. | No permission. |
Now if we give ls –l we can see the following output:
$ ls -l /home/ravi
-rwxr-xr-- 1 ravi users 1024 Nov 2 00:10 myfile
drwxr-xr--- 1 ravi users 1024 Nov 2 00:10 mydir
The permissions for each are the second through the tenth characters from the left (remember the first character identifies the file type). The permissions are broken into groups of threes, and each position in the group denotes a specific permission, in this order: read, write, execute. The first three characters (2–4) represent the permissions for the file’s owner (ravi in this example). The second group of three characters
(5–7) consists of the permissions for the group to which the file belongs (users in the example output). The last group of three characters (8–10) represents the permissions for everyone else (“others” in Unix parlance).
The following table elaborates on the permissions shown for myfile in the example ls -l output:
Characters | Apply to | Definition |
---|---|---|
rwx (characters2–4) | The owner (known as user in Unix) of the file. | The owner of the file (ravi) has read (or view), write, and execute permission to the file. |
r-x (characters 5-7) | The group to which the file belongs, | The users in the owning group (users) can read the file and execute the file if it has executable components commands, and so forth). The group does not have write permission—notice that the - character fills the space of a denied permission. |
r-- (characters 8–10) | Everyone else (others) | Anyone else with a valid login to the system can only read the file—write and execute permissions are denied (--). |
Using chmod in Symbolic Mode:
The first set of file permissions (characters 2–4 from the ls -l command) is represented with the u, for user; the second set (characters 5–7) is by g, for group; and the last set (characters 8–10) is represented by an o, for everyone else (other). You can also use the -a option to grant or remove permissions from all three groups at once.
The example file, testfile, has original permissions of rwxrwxr- -.
operator | Meaning | Example | Result |
---|---|---|---|
+ | Adds the designated permission(s) to a file. | chmod o+wx testfile | Adds write and execute permissions for others or directory. (permission character set 9–10) on testfile. |
- | Removes the designated permission(s) from a file or directory. | chmod u-x testfile | Removes the file owner’s capability to execute testfile (u = user or owner). |
= | Sets the designated permission(s) | chmod g=r-x | Sets permissions for the testfile group to read and execute on testfile (no write). |
Here’s how you could combine these commands on a single line:
$ chmod o+wx,u-x,g=r-x testfile
Using chmod with Absolute Permissions
The second way to modify permissions with the chmod command is to use a number to specify each set of permissions for the file. Each permission is assigned a value, as the following table shows, and the total of each set of permissions provides a number for that set.Number | Octal Permission Representation | Permission Reference |
---|---|---|
0 | No permission | --- |
1 | Execute permission | ---x |
2 | Write permission | -w- |
3 | Execute and write permission: 1 (execute) + 2 (write) = 3 | -wx |
4 | Read permission | r-- |
5 | Read and execute permission: 4 (read) + 1 (execute) = 5 | r-x |
6 | Read and write permission: 4 (read) + 2 (write) = 6 | rw- |
7 | All permissions: 4 (read) + 2 (write) + 1 (execute) = 7 | rwx |