On the Linux operating system, accessing a file is subject to the permissions you have on it. To control these permissions, we use the chmod
command.
This shot aims at teaching you about files permissions on GNU/Linux and how to effectively use chmod
to set these permissions, both using symbolic or octal modes.
To query information about files permissions, we use the ls
command with the -l
parameter:
ls -l
Your output would be similar to this:
total 4945
drwxr-xr-x 2 abelmbula abelmbula 197121 Nov 10 15:57 CS_1102-AY2022-T1-JAVA/
-rw-r--r-- 1 abelmbula abelmbula 539663 Dec 10 10:43 AS-curriculum.pdf
-rw-r--r-- 1 abelmbula abelmbula 197121 Dec 10 15:57 Think_Python_2e.pdf
Each column in the output above has a meaning. But, for this shot, we’ll only consider the first column, which represents file types and permissions.
Let’s break it down.
The first character indicates the file type. This can be:
-
) for a regular file.d
for a directory.l
for a symbolic link (a shortcut to another file or directory).Next, we find permission classes composed of nine characters representing three triplets of three characters each. Let’s see these permissions in detail:
u
.g
.o
.Let’s now understand the permissions.
As seen in the output above, permissions are represented by these three characters: rwx
.
r
is short for read, which means that we can open a file and read its contents.w
is short for write, which means that we can edit or delete a file.x
is short for execute, which means a file can be run as an executable or script.Note: a dash,
-
, in the file permission classes, means the lack of permission. E.g., a file with the permissionrw-
means that it can be read and written to but cannot be executed.
This mode is suitable if you want to add or revoke a single permission without modifying others in the set.
The symbolic mode syntax looks like this:
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...
As you’ll already know, ugo
represents the users. a
stands for all and is used when we want to set the same permissions for the three users at once.
The next set of flags are:
-
to revoke the specified permissions.+
to add the specified permissions.=
to change the current permissions to the specified ones.The perms...
flag is used to explicitly set the permissions using either zero or one or more of the following letters: r
, w
, x
.
Note:
- If no permissions are specified after the
=
sign, all permissions from the specified user class are revoked.- To set the permissions for more than one user class (
[,…]
), we use commas between each permission.
example.md
.chmod g=w example.md # or chmod g+w example.md
Copy/paste the command above into the terminal below and type the ls -l
command to see the result.
2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf
file.
chmod go-rwx resume.pdf # or chmod go= resume.pdf
3. Grant the read, write and execute permissions to the resume.pdf
file’s owner, read permission to the file’s group, and no permissions to all other users.
chmod u=rwx,g=r,o- resume.pdf # or chmod u+rwx,g+r,o- resume.pdf
Note: Make sure you don't use spaces after commas(,).
Feel free to choose any file you want for this exercise. Write the commands in the Terminal below.
In numeric mode, also called octal mode, the permissions are specified as a three-digit value in octal notation (a base-8 numeric system). This mode is easier to remember and quick to use if you wish to set all permission values at once.
The syntax looks like this
chmod [OPTIONS] NUMBER FILE...
The NUMBER
flag represents the three-digit value, each digit (0 - 7) representing permission for one category of users.
Let’s see the corresponding value for each permission.
4
means read permission.2
is for write permission.1
represents execute permission.0
for no permission.Symbolic mode | Octal mode |
rwx | 7 (4+2+1) |
r-x | 5 (4+0+1) |
rw- | 6 (4+2+0) |
example.md
and only read permission to group members and all other users.chmod 644 example.md
2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf
file.
chmod 700 resume.pdf
chmod 740 resume.pdf
chmod
is the command we use to control the file permission on GNU/Linux. We can use the symbolic mode or the octal mode to set the permission. The file permissions we learned so far are:
r
(4
) to read.w
(2
) to write.x
(1
) to execute.The permission is set for different categories of users:
u
for the user or the owner of the file.g
for a group.o
other users.