Permissions
Each file and directory have a set of permissions associated with them. These permissions can be seen in the format of drwxrwxrwx. The first character is to specify if the resource is a directory, the next three characters are for the owner, the second three characters are for the group, and the third three characters are for others.
To see the permissions, owner and group of a file or directory run the ls -l
command.
$ ls -l
drwxr-xr-x 2 sysadmin users 4096 May 18 2022 Documents
drwxr-xr-x 2 sysadmin users 4096 May 20 2022 Downloads
drwxr-xr-x 2 sysadmin users 4096 May 20 2022 Pictures
-rw-r--r-- 1 sysadmin users 584 Mar 10 2022 README.md
-rw-r--r-- 1 sysadmin users 584 Mar 10 2022 script.sh
The permisssions are in the leftmost column.
To take Documents for example, it is a directory, where the owner (sysadmin)
has read, write and execute permissions (execute permissions on a directory
means you can cd into it). The users group has permission to read and
execute the directory (not allowed to write or delete it). Every other
user outside of that group has read and execute permissions. However, the
parent directory of Documents must allow the user to execute into it,
before allowing the user to read or execute into the Documents directory
Changing Permissions of a file
Changing the Owner & Group
To change the owner, use the chown (CHange OWNer) command.
$ chown <user>:<group> <file or directory>
Changing the Group
To change the group, use the chgrp (CHange GRouP) command.
$ chgrp <group> <file or directory>
Changing RWX Permissinos
To change permission modifiers of a file or directory, use the chmod (CHange MODifiers) command.
The first flag specifies the person(s) to change permissions for.
| Item | Description |
|---|---|
| u | File owner. |
| g | Group and extended ACL entries pertaining to the file's group. |
| o | All others. |
| a | User group and all others. The a flag has the same effect as specifying the ugo flags together. If none of these flags are specified the default is the a flag and the file creation mask (umask) is applied. |
The second flag specifies what to do with the third parameter
| Item | Description |
|---|---|
| - | Removes specified permissions. |
| + | Applies specified permissions. |
| = | Clears the selected permission field and sets it to the permission specified. If you do not specify a permission following =, the chmod command removes all permissions from the selected field. |
The third set of flags specifies the permission modifier to apply.
| Item | Description |
|---|---|
| r | Read permission. |
| w | Write permission. |
| x | Execute permission for files; search permission for directories. |
| X | Execute permission for files if the current (unmodified) mode bits have at least one of the user, group, or other execute bits set. The X flag is ignored if the File parameter is specified and none of the execute bits are set in the current mode bits. Search permission for directories. |
| s | Set-user-ID-on-execution permission if the u flag is specified or implied. Set-group-ID-on-execution permission if the g flag is specified or implied. |
| t | For directories, indicates that only file owners can link or unlink files in the specified directory. For files, sets the save-text attribute. |
For example, to change the permission of the file cat.png to allow
everyone in the group to read:
$ chmod g+r cat.png