IT-Connect » Courses - How-to » System administration » Linux » Linux : how to manage permissions with the chmod command?

Linux - Master File Permissions with the chmod Command
Linux

Linux : how to manage permissions with the chmod command?

Florian Burnel 0 Comments

I. Introduction

In this tutorial, we'll learn how to manage permissions under Linux, using the chmod command. This is an indispensable command that you absolutely must know and master if you want to administer a server or workstation under Linux (Ubuntu, Debian, AlmaLinux, etc.).

Permissions are used to manage access to files and directories. The chmod command is used to modify these permissions. We'll talk about the Linux permissions model, before looking at how to use the chmod command through various examples. The chmod command can be used to change permissions, either symbolically or numerically, so we'll look at both possibilities.

This tutorial is based on a Debian machine, but you can use any other Linux distribution.

II. Understanding Linux permissions

Before discussing the use of the chmod command itself, I feel it's important to remind you of how permissions work in Linux. Here, we'll just cover the basics via read, write and execute permissions.

Each file or directory has three types of permissions:

  1. Read (r): view the contents of a file or list a directory.
  2. Write (w): modify a file or its contents, or add/delete files in a directory.
  3. Execute (x): execute a file or enter a directory (permission required to execute a Bash script, for example).

These permissions apply to three categories of users:

  • Owner (user): the user who owns the file.
  • Group: members of the group associated with the file.
  • Others: all other users.

From here, it is possible to define access to data, in particular who can read and/or modify a specific file.

III. Displaying and interpreting permissions

A. Read permissions on Linux

To display the permissions of a file or directory, we need to use the ls command. In a Terminal, run the command "ls -l" to display the permissions of a file or directory. For example, to get this information on the "/etc/shadow" file present on all Linux machines, we'll run this :

ls -l /etc/shadow

Here is a typical output for this file:

-rw-r----- 1 root shadow 1191  3 janv. 11:14 /etc/shadow

This line shows the current permissions set on this file (rw-r-----), as well as the name of the owner (root) and the name of the group (shadow). Here's how to interpret the result of this command:

Linux - Interpreting file permissions

B. Permissions: r,w, x

What you need to remember is that permissions are defined in a 9-character string divided into 3 blocks to correspond to owner, group and other permissions.

  • r: read permission
  • w: write permission (modification)
  • x: permission to execute
  • - no permissions

Permissions are always constructed in this way: read, write, execute, i.e. "rwx". If the permission is "r--" on a file, this means that the file can be read, but not modified (or executed). The same permission on a folder means that the contents of the directory can be displayed, but the user cannot create, modify or delete a file or folder in that directory.

In our case, we can therefore state that the "root" account has read and write permissions on the "/etc/shadow" file, while members of the "shadow" group can read its contents. All other users have no access to this file.

C. Special permissions: setuid, setgid, and sticky bit

Finally, and briefly, as this is not the main subject of this article, we'll look at special permissions. These can be found in the third value of a permission group (in place of the "x").

These special bits add extra functionality:

  • Setuid : executes a file with owner privileges.
  • Setgid : files created in a directory inherit the directory group.
  • Sticky bit : prevents users from deleting files in a directory unless they own them.

Here is an example where the "Setuid" is set to a binary :

ls -l /usr/bin/passwd 
-rwsr-xr-x 1 root root 68248 23 mars   2023 /usr/bin/passwd

As a result, the "x" value is replaced by "s". It is likely to encounter other values: s, S, t, T.

IV. Modifying permissions with chmod: symbolic mode

A. Chmod: symbolic mode syntax

In symbolic mode, we use the chmod command by specifying permissions with text, i.e. to add read permissions, we can specify "+r". Conversely, to remove write permissions, we can write "-w".

The general syntax is :

chmod [OPTIONS] [PERMISSIONS] file
chmod [OPTIONS] [ugoa][-+=][rwx...] file

The first set of flags ([ugoa]) corresponds to the users:

Flag nameCorrespondence
uThe owner-user
gThe group (and therefore the users who are members of the group)
oAll other users
aAll users (equivalent to "ugo")

Note : if this flag is not specified in the chmod command, the default flag is"a". Only permissions defined by umask are not affected.

The second set of flags ([-+=]) corresponds to the operation to be performed on permissions:

Flag nameCorrespondence
-Withdraw specified permission
+Adds the specified permission
=Modifies current permission with specified permission (overwrite)
aAll users (equivalent to "ugo")

The third set of flags ([rwx]) corresponds to the :

Flag nameCorrespondence
rReading permission
wWrite permission
xPermission to execute
s, S, etc...Special permits

B. Examples of chmod usage

Here are a few examples of how to use the chmod command.

You can create a blank file on your machine for practice.

cd /tmp
touch fichier.txt
  • Give the group read permissions on the "fichier.txt" file:
chmod g+r fichier.txt
  • Remove execution permission for all users on the"script.sh" script:
chmod a-x script.sh
  • Add read, write and execute permissions to the owner : 
chmod u+rwx script.sh
  • Remove all permissions for other users : 
chmod o= fichier.txt
  • Add read, write and execute rights to the owner, read-only rights to the group and no rights to the others:
chmod u=rwx,g=r,o= fichier.txt

V. Modifying permissions with chmod: numeric mode

A. Chmod: the syntax of numeric mode

There's another way of using the chmod command: numeric mode. Here, we use only numerical values to set permissions.

The general syntax is :

chmod [OPTIONS] [NUMBER] file

The number is in fact a value made up of 3 or 4 digits. Each value is used to specify permissions for the user, then the group and others (in the usual order).

Here is a summary table with the three basic permissions:

Permission nameCorrespondence
reading4
writing2
execution1
no0

Each permission is assigned a specific number. Depending on the permissions to be defined, it may be necessary to perform a "calculation" to add up the corresponding value for each permission.

Here's an example to help you understand this logic:

Linux - Digital permissions

This is an example of a 3-digitnumber. If you pass on 4 digits, the first one can be used to determine a special permission.

Name of special permissionCorrespondence
SetUid4
SetGid2
StickyBit1
No change0

This means that the values "0750" and "750" are identical when the chmod command is used in numeric mode. Conversely, the value "1777" is used to determine the sticky bit on a directory.

Note : the sticky bit is an attribute applied to a directory which allows you to restrict the deletion or renaming of files to their owner, the directory owner, or an administrator. This is true even if other users have write permissions on the directory.

Finally, as a general rule, you should avoid using the value "777", as it gives read, write and execute permissions to all users: it' s a very dangerous permission.

B. Examples of chmod usage

We'll now look at a few examples of how to use the chmod command in digital mode.

  • Assign the permissions "rwx" to the owner, "rx" to the group and "r" to the others:
chmod 754 file.txt
  • Set "rwx" permissions to the owner of a directory, recursively (modify tree permissions en masse):
chmod -R 700 folder/
  • Assign read and write rights to the owner of a folder, and read access only to group members and all other users:
chmod 644 folder/

VI. Modifying mass permissions under Linux

As a bonus, let's finish with an example of how to change permissions en masse on a Linux machine. In addition to using the chmod command, we're also going to use the find command to identify the files we want to work on. This can be applied to files or folders.

Here, we define read/write permissions for the owner and read permissions for the group and others, on all files in the "/var/www/application" directory.

# Symbolic method
find /var/www/application -type f -exec chmod 644 {} ;

# Numerical method
find /var/www/application -type f -exec chmod u=rw,go=r {} ;

To target directories instead of files, replace "-type f" with "-type d" in the find command.

VII. Conclusion

Thanks to this tutorial, you should be able not only to better understand how permissions work in Linux, but also to set permissions on a directory, a file or a set of items according to your needs. For more information on the chmod command, see the man page with "man chmod".

author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

Calculate-a-Sha-X-footprint-Getting-started-Linux

Linux: how to calculate SHA-1, SHA-256 and SHA-512 fingerprints?

Mickaël Dorigny 0
Top 15 Essential Linux Commands for Network Administration and Troubleshooting

Top 15 Essential Linux Commands for Network Administration and Troubleshooting

Florian Burnel 0
Linux-Find-files-by-date-with-find

Linux: how can I use find to search for files by date?

Mickaël Dorigny 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.