File Permissions and chmod Command in Linux

In this article, we explain file permissions in Linux and one of the basic Linux commands for beginners, i.e. the chmod command used for this purpose, with its most frequently used command options.

What is Linux?

Linux is a family of open-source operating systems based on the Linux kernel. The first Linux system kernel was released on September 17, 1991, by Linus Torvalds.

The quiter you become, the more you are able to hear…

Rumi

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

File Permissions in Linux

In Linux, the behavior of a file is set or controlled by two mechanisms: file ownership and file permissions. The ownership of files or directories is normally based on the default uid (User ID) gid (Group ID) of the the user who created them.

Regarding the permissions, Linux provides granular controls to manage file and directory permissions. Essentially, there are three types of rights that can be assigned to the users:

• read (denoted by r)
• write (denoted by w)
• execute (denoted by x)

Meaning of read, write and execute permissions for files are self-explanatory. However, they have slightly different semantics when applied to directories:

• read: Names of the entires in the directory can be read.
• write: Entries in the directory can be modified.
• execute: Metadata for the entries in the directory can be read and the contents of the entries can be accessed.

In addition to these three essential rights, executables can be assigned setuid and setgid flags (denoted by s instead of x) and directories can be assigned sticky bit flags (denoted by t instead of x). To keep our post on file and directory permissions short and simple for the beginners, these higher level permissions are discussed in a separate article: Special Permissions (SetUID, SetGID and Sticky Bit) in Linux.

Each file or directory can be assigned these read, write, and execute permissions for three categories of users:

• The user (denoted by u): Permissions for the file owner of the file or directory.
• The group (denoted by g): Permissions for the members of the group owning the file or directory.
• The others (denoted by o): Permissions for all the other users.

When a file or directory is created, a default set of permissions (755 for directories, 644 for the files) are assigned for its users. If preferred, these default permissions can be changed by the umask command. Default file and directory permissions for the default umask value of 022 are listed below:

Default Directory Permissions (777 - 022 = 755)

• User: read, write, execute (7)
• Group: read, execute (5)
• Others: read, execute (5)

Default File Permissions (666 - 022 = 644)

• User: read, write (6)
• Group: read (4)
• Others: read (4)

Viewing File Permissions

To list file and directory permissions, ls command in the long listing format (ls -l) command should be used. Figure 1 shows the output of the ls -la command for the files inside a directory.

$ ls -la

On each line, the first character identifies the type of the entry that is being listed. Dash (-) indicates a file, the letter d denotes a directory and the letter l represents a link. Each of the following three characters show permissions for the owner (user), group and others, respectively. File permissions for the my-script.sh file is described below in more detail in Figure 2.

Modifying File Permissions with the chmod Command – Change Mode Bits

Change file permissions by defining mode bits. Basic usage: chmod [MODE][,MODE] ... FILE ... 

In Linux, file and directory permissions can be modified in two different ways using the chmod command: with symbolic format or with numeric format.

Symbolic Format

The format of a symbolic mode is [ugoa][[-+=][PERMS ...]] A combination of letters [ugoa] defines which users’ permissions will be changed and the letters rwx select file mode bits for the affected users.

Numeric Format

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. The first digit is used to set the setuid, setgid, and sticky bit flags and it is optional and can be omitted. The second digit selects permissions for the user who owns it, the third digit selects permissions for the users in the file’s group, and the fourth digits selects permissions for the other users not in the file’s group. The digits that can be used and their permissions are described in Figure 3.

Note that, the numeric format allows only setting at once all the rights (privileges) for all the user categories, as compared to the flexibility provided by the symbolic notation that allows adding or removing specific rights for only the chosen user categories.

Examples

To give read, write and execute permissions to all the users:

$ chmod u=rwx,g=rwx,o=rwx filename

or

$ chmod a=rwx filename

$ chmod 777 filename

To give read, write and execute permissions to the user (owner of the file), read permission to the group owning the file and no permissions to all other users:

$ chmod u=rwx,g=r,o= filename

$ chmod 740 filename

To add execute permission the group owning the file:

$ chmod g+x filename

$ chmod 654 filename

To remove execute permission from the group owning the file:

$ chmod g-x filename

$ chmod 644 filename

To explore more chmod command options, please visit the man pages by typing $ man chmod on the terminal.

To learn more on Linux, you could also visit our Linux Resources Page.